Mededeling

Collapse
No announcement yet.

Last van spyware/popups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Last van spyware/popups

    Mijn moeder krijgt bij het internetten steeds spyware popups om antispyware programma's te installeren (onzin dus), geen idee waar het in zit, dus kunnen jullie even kijken alsjeblieft.....

    Hijackthis-log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:01:44, on 26-3-2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\wuauclt.exe
    H:\startup.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AntiSpywareConductor\bm.exe" dm=http://antispywareconductor.com ad=http://antispywareconductor.com sd=http://ykeeper.antispywareconductor.com
    O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiSpywareConductor\ptask.exe
    O4 - HKLM\..\Run: [BM73a163cb] Rundll32.exe "C:\WINDOWS\System32\twffyitf.dll",s
    O4 - HKLM\..\Run: [70925057] rundll32.exe "C:\WINDOWS\System32\xtsrvbht.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204467381326
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/4.8.0.0/spamblockerutility.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 4490 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.

    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

    Comment


    • #3
      RVAXO-log:

      ---RVAXO.exe Updated: 2008-03-26---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\ehhkj.bak2
      C:\Documents and Settings\Marjo\ResErrors.log
      C:\WINDOWS\pskt.ini

      Folders Found:
      C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Malwarebytes' Anti-Malware-log:

      Malwarebytes' Anti-Malware 1.09
      Database versie: 551

      Scan type: Volledige Scan (C:\|D:\|E:\|F:\|G:\|)
      Objecten gescand: 77682
      Verstreken tijd: 20 minute(s), 58 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 2
      Registersleutels geïnfecteerd: 29
      Registerwaarden geïnfecteerd: 1
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 2
      Bestanden geïnfecteerd: 50

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\jkhhe.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\xtsrvbht.dll (Trojan.Vundo) -> No action taken.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43b5ea92-4984-44e8-a6ea-629d097fcb82} (Trojan.Vundo) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{43b5ea92-4984-44e8-a6ea-629d097fcb82} (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> No action taken.
      HKEY_CLASSES_ROOT\spamblockerconfig.application (Adware.Hotbar) -> No action taken.
      HKEY_CLASSES_ROOT\spamblockerconfig.application.1 (Adware.Hotbar) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuardPro) -> No action taken.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkhhe.dll -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkhhe.dll -> No action taken.

      Mappen geïnfecteerd:
      C:\Documents and Settings\Marjo\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> No action taken.
      C:\Documents and Settings\Marjo\Local Settings\Temp\NI.UGA6P_0001_N120M1710 (Rogue.Multiple) -> No action taken.

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\bkhvfnuk.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\kunfvhkb.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\bwbhpsjv.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\vjsphbwb.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\cqxyakbu.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\ubkayxqc.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\fcypcabo.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\obacpycf.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\fgdxwpdn.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\ndpwxdgf.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\gisdqbko.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\okbqdsig.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\gluqxtky.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\yktxqulg.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\hjbqwugq.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\qguwqbjh.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\jkhhe.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\ehhkj.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\lsihljjx.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\xjjlhisl.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\nbteyjwe.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\ewjyetbn.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\rgxpaiiq.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\qiiapxgr.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\snhvdpyd.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\dypdvhns.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\srsefqdp.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\pdqfesrs.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\xtsrvbht.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\thbvrstx.ini (Trojan.Vundo) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0012986.sys (Rogue.PCSecureSystem) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013018.dll (Rogue.Multiple) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013023.exe (Rogue.PCSecureSystem) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013024.exe (Rogue.PCSecureSystem) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013025.exe (Rogue.PCSecureSystem) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013026.dll (Rogue.Multiple) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013027.dll (Rogue.Multiple) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013028.exe (Rogue.Multiple) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013029.exe (Rogue.PCSecureSystem) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP89\A0013030.exe (Rogue.PCSecureSystem) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP92\A0013323.exe (Rogue.PCSecureSystem) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP92\A0013324.dll (Rogue.Multiple) -> No action taken.
      C:\System Volume Information\_restore{B858E3BE-73E2-44AE-9CFC-8511B562C8E8}\RP92\A0013325.dll (Rogue.Multiple) -> No action taken.
      C:\Documents and Settings\Marjo\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico (Adware.Hotbar) -> No action taken.
      C:\Documents and Settings\Marjo\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> No action taken.
      C:\Documents and Settings\Marjo\Local Settings\Temp\NI.UGA6P_0001_N120M1710\settings.ini (Rogue.Multiple) -> No action taken.
      C:\Documents and Settings\Marjo\Local Settings\Temp\NI.UGA6P_0001_N120M1710\setup.exe (Rogue.Multiple) -> No action taken.
      C:\Documents and Settings\Marjo\Local Settings\Temp\NI.UGA6P_0001_N120M1710\setup.len (Rogue.Multiple) -> No action taken.
      C:\WINDOWS\system32\jkkhiif.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf (Adware.Hotbar) -> No action taken.

      HijackThis-log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:03:17, on 26-3-2008
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\KPN\bin\sprtsvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\KPN\bin\sprtcmd.exe
      C:\WINDOWS\System32\Rundll32.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpn.com/Prive/internet/internet-bellen/service-support--/welkom.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [70925057] rundll32.exe "C:\WINDOWS\System32\xtsrvbht.dll",b
      O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
      O4 - HKLM\..\Run: [BM73a163cb] Rundll32.exe "C:\WINDOWS\System32\twffyitf.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
      O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204467381326
      O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/4.8.0.0/spamblockerutility.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

      --
      End of file - 4301 bytes

      Comment


      • #4
        Oorspronkelijk geplaatst door BobBrand1983 Bekijk Berichten
        No action taken.
        Het is wel de bedoeling dat je MalwareBytes' de gevonden infecties laat verwijderen.

        Post daarna een nieuw logje van Hijackthis

        Comment


        • #5
          Haha vermoedde al zoiets, zal straks even langswippen en een blogje maken!

          Comment


          • #6
            Alle acties uitgevoerd, waarna ik een logje heb gemaakt:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 20:38:32, on 27-3-2008
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
            C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            C:\Program Files\KPN\bin\sprtsvc.exe
            C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
            C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
            C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
            C:\Program Files\KPN\bin\sprtcmd.exe
            C:\WINDOWS\System32\Rundll32.exe
            C:\WINDOWS\System32\ctfmon.exe
            C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            C:\WINDOWS\system32\sistray.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpn.com/Prive/internet/internet-bellen/service-support--/welkom.htm
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: {caaf5385-fa7a-9be8-b694-09a9310f38f7} - {7f83f013-9a90-496b-8eb9-a7af5835faac} - C:\WINDOWS\System32\ivjgywyu.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
            O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
            O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
            O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [70925057] rundll32.exe "C:\WINDOWS\System32\xtsrvbht.dll",b
            O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
            O4 - HKLM\..\Run: [BM73a163cb] Rundll32.exe "C:\WINDOWS\System32\twffyitf.dll",s
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
            O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
            O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204467381326
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
            O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

            --
            End of file - 4226 bytes

            Comment


            • #7
              Open een kladblokbestand.
              Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

              @ECHO OFF
              ren C:\WINDOWS\System32\xtsrvbht.dll xtsrvbht.bak
              ren C:\WINDOWS\System32\twffyitf.dll twffyitf.bak
              ren C:\WINDOWS\System32\ivjgywyu.dll ivjgywyu.bak
              IF EXIST log.txt DEL log.txt
              ECHO Deleting files>>log.txt
              FOR %%g in (
              C:\WINDOWS\BM73a163cb.xml
              C:\WINDOWS\BM73a163cb.txt
              C:\WINDOWS\System32\xtsrvbht.bak
              C:\WINDOWS\System32\twffyitf.bak
              C:\WINDOWS\System32\ivjgywyu.bak
              C:\WINDOWS\System32\xtsrvbht.dll
              C:\WINDOWS\System32\twffyitf.dll
              C:\WINDOWS\System32\ivjgywyu.dll
              C:\WINDOWS\pskt.ini) DO (
              IF EXIST %%g (
              ATTRIB -r -s -h %%g
              DEL %%g
              IF EXIST %%g (
              ECHO %%g not deleted>>log.txt
              ) ELSE (
              ECHO %%g deleted>>log.txt)
              ) ELSE (
              ECHO %%g not found>>log.txt))
              START NOTEPAD.EXE log.txt

              Ga naar Bestand - Opslaan als.
              Bij "Opslaan in" kies je: Bureaublad
              Bij "Bestandsnaam" zet je: del.bat
              Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
              Klik op de knop Opslaan.

              Dubbelklik op del.bat en post de inhoud van de logfile die opent.

              Herstart je computer.

              Dubbelkliknogmaals op del.bat en post opnieuw het logje.

              Doe nu ook het volgende:
              Download dit bestand: zoek.exe
              Dubbelklik het, na een tijdje opent er een logje.
              Post de inhoud van dit logje in je volgende bericht

              Comment


              • #8
                Log voor reboot:

                Deleting files
                C:\WINDOWS\BM73a163cb.xml deleted
                C:\WINDOWS\BM73a163cb.txt deleted
                C:\WINDOWS\System32\xtsrvbht.bak deleted
                C:\WINDOWS\System32\twffyitf.bak not deleted
                C:\WINDOWS\System32\ivjgywyu.bak not deleted
                C:\WINDOWS\System32\xtsrvbht.dll not found
                C:\WINDOWS\System32\twffyitf.dll not found
                C:\WINDOWS\System32\ivjgywyu.dll not found
                C:\WINDOWS\pskt.ini deleted

                Log na reboot:

                Deleting files
                C:\WINDOWS\BM73a163cb.xml not found
                C:\WINDOWS\BM73a163cb.txt not found
                C:\WINDOWS\System32\xtsrvbht.bak not found
                C:\WINDOWS\System32\twffyitf.bak not found
                C:\WINDOWS\System32\ivjgywyu.bak not found
                C:\WINDOWS\System32\xtsrvbht.dll not found
                C:\WINDOWS\System32\twffyitf.dll not found
                C:\WINDOWS\System32\ivjgywyu.dll not found
                C:\WINDOWS\pskt.ini not found

                Zoek.exe-log:

                ======C:\WINDOWS====
                ----a-w 0 2008-03-30 18:59:28 C:\WINDOWS\0.log
                --s-a-w 2,048 2008-03-30 18:59:22 C:\WINDOWS\bootstat.dat
                ----a-w 85,982 2008-03-26 18:36:07 C:\WINDOWS\ntbtlog.txt
                ----a-w 32,470 2008-03-26 18:33:28 C:\WINDOWS\SchedLgU.Txt
                ----a-w 1,290,655 2008-03-30 18:59:26 C:\WINDOWS\WindowsUpdate.log
                ----a-w 261 2008-03-26 18:09:22 C:\WINDOWS\{B0CDD92B-588D-475B-A77C-DD674ED537D8}_WiseFW.ini

                Entries: 6 (5)
                Directories: 0 Files: 6
                Bytes: 1,411,416 Blocks: 2,758
                ======C:\WINDOWS\system32=====
                --sh--w 1,318,403 2008-03-10 16:32:36 C:\WINDOWS\System32\ahlgykri.ini
                ----a-w 93,248 2008-03-11 13:50:48 C:\WINDOWS\System32\bitqwioi.dll
                ----a-w 93,760 2008-03-13 11:20:10 C:\WINDOWS\System32\bqmehjkj.dll
                ----a-w 98,368 2008-03-15 20:56:14 C:\WINDOWS\System32\ddiyfgiu.dll
                ----a-w 93,248 2008-03-22 15:53:36 C:\WINDOWS\System32\dnfqemib.dll
                --sh--w 136,808 2008-03-26 19:22:18 C:\WINDOWS\System32\ehhkj.ini
                ----a-w 93,248 2008-03-22 11:36:53 C:\WINDOWS\System32\ftlhyoxs.dll
                ----a-w 91,200 2008-03-24 11:32:09 C:\WINDOWS\System32\gexrufhd.dll
                --sh--w 714 2008-03-26 17:53:39 C:\WINDOWS\System32\gucrtvdq.ini
                ----a-w 98,368 2008-03-14 13:47:20 C:\WINDOWS\System32\ibdiwrjb.dll
                ----a-w 90,176 2008-03-13 11:17:55 C:\WINDOWS\System32\idvjqcky.dll
                ----a-w 99,392 2008-03-17 13:11:12 C:\WINDOWS\System32\ilhkutoh.dll
                ------w 320,608 2008-03-26 19:21:26 C:\WINDOWS\System32\jkhhe.dll
                ----a-w 93,248 2008-03-12 08:20:13 C:\WINDOWS\System32\kekcussn.dll
                ----a-w 90,176 2008-03-21 12:23:01 C:\WINDOWS\System32\nlhuwusw.dll
                ----a-w 93,760 2008-03-17 13:08:51 C:\WINDOWS\System32\nqyjigkw.dll
                ----a-w 39,992 2008-03-30 18:55:27 C:\WINDOWS\System32\perfc009.dat
                ----a-w 53,418 2008-03-30 18:55:27 C:\WINDOWS\System32\perfc013.dat
                ----a-w 311,604 2008-03-30 18:55:27 C:\WINDOWS\System32\perfh009.dat
                ----a-w 364,330 2008-03-30 18:55:27 C:\WINDOWS\System32\perfh013.dat
                ----a-w 776,622 2008-03-30 18:55:27 C:\WINDOWS\System32\PerfStringBackup.INI
                ----a-w 92,224 2008-03-22 13:39:00 C:\WINDOWS\System32\porhjycn.dll
                ----a-w 93,248 2008-03-24 11:34:30 C:\WINDOWS\System32\qpoxsksn.dll
                --sh--w 1,359,681 2008-03-14 13:44:43 C:\WINDOWS\System32\qtilafnq.ini
                ----a-w 91,712 2008-03-20 09:18:00 C:\WINDOWS\System32\rsmyqimg.dll
                ----a-w 759,339 2008-03-26 08:59:12 C:\WINDOWS\System32\RVAXO.bat
                ----a-w 91,200 2008-03-18 14:18:28 C:\WINDOWS\System32\sibclplu.dll
                ----a-w 99,904 2008-03-16 14:34:17 C:\WINDOWS\System32\thpicmfh.dll
                ----a-w 89,152 2008-03-10 16:32:45 C:\WINDOWS\System32\tkkuncxs.dll
                ----a-w 90,688 2008-03-11 16:53:14 C:\WINDOWS\System32\vcirctng.dll
                ----a-w 90,688 2008-03-19 15:26:13 C:\WINDOWS\System32\vkivmcvt.dll
                ----a-w 2,184 2008-03-21 12:22:05 C:\WINDOWS\System32\wpa.dbl
                ----a-w 90,688 2008-03-14 13:44:59 C:\WINDOWS\System32\yanxwcij.dll
                --sh--w 1,366,983 2008-03-16 13:33:48 C:\WINDOWS\System32\yqlrgigm.ini

                Entries: 34 (29)
                Directories: 0 Files: 34
                Bytes: 8,768,382 Blocks: 17,152
                =======C:\Program Files=====
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                =======C:=====
                ----a-w 385 2008-03-26 18:36:30 C:\firstrun5.log
                --sha-w 352,321,536 2008-03-30 18:59:21 C:\pagefile.sys
                ----a-w 520 2008-03-26 18:37:43 C:\RVAXO-results.log
                ----a-w 11,415 2008-03-26 18:38:40 C:\RVAXO-Vfind.log

                Entries: 4 (3)
                Directories: 0 Files: 4
                Bytes: 352,333,856 Blocks: 688,154
                ======C:\Documents and Settings\Marjo\Application Data======
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                ======C:\Temp======
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                ======C:\Documents and Settings\Marjo======
                ---ha-w 2,883,584 2008-03-30 18:58:38 C:\Documents and Settings\Marjo\NTUSER.DAT
                ---ha-w 24,576 2008-03-30 19:07:37 C:\Documents and Settings\Marjo\ntuser.dat.LOG
                --sh--w 190 2008-03-30 18:58:38 C:\Documents and Settings\Marjo\ntuser.ini

                Entries: 3 (0)
                Directories: 0 Files: 3
                Bytes: 2,908,350 Blocks: 5,681
                =============
                Last edited by BobBrand1983; 30-03-08, 21:08.

                Comment


                • #9
                  Open een kladblokbestand.
                  Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                  @ECHO OFF
                  IF EXIST log.txt DEL log.txt
                  ECHO Deleting files>>log.txt
                  FOR %%g in (
                  C:\WINDOWS\System32\ahlgykri.ini
                  C:\WINDOWS\System32\bitqwioi.dll
                  C:\WINDOWS\System32\bqmehjkj.dll
                  C:\WINDOWS\System32\ddiyfgiu.dll
                  C:\WINDOWS\System32\dnfqemib.dll
                  C:\WINDOWS\System32\ehhkj.ini
                  C:\WINDOWS\System32\ftlhyoxs.dll
                  C:\WINDOWS\System32\gexrufhd.dll
                  C:\WINDOWS\System32\gucrtvdq.ini
                  C:\WINDOWS\System32\ibdiwrjb.dll
                  C:\WINDOWS\System32\idvjqcky.dll
                  C:\WINDOWS\System32\ilhkutoh.dll
                  C:\WINDOWS\System32\jkhhe.dll
                  C:\WINDOWS\System32\kekcussn.dll
                  C:\WINDOWS\System32\nlhuwusw.dll
                  C:\WINDOWS\System32\nqyjigkw.dll
                  C:\WINDOWS\System32\porhjycn.dll
                  C:\WINDOWS\System32\qpoxsksn.dll
                  C:\WINDOWS\System32\qtilafnq.ini
                  C:\WINDOWS\System32\rsmyqimg.dll
                  C:\WINDOWS\System32\sibclplu.dll
                  C:\WINDOWS\System32\thpicmfh.dll
                  C:\WINDOWS\System32\tkkuncxs.dll
                  C:\WINDOWS\System32\vcirctng.dll
                  C:\WINDOWS\System32\vkivmcvt.dll
                  C:\WINDOWS\System32\yanxwcij.dll
                  C:\WINDOWS\System32\yqlrgigm.ini) DO (
                  IF EXIST %%g (
                  ATTRIB -r -s -h %%g
                  DEL %%g
                  IF EXIST %%g (
                  ECHO %%g not deleted>>log.txt
                  ) ELSE (
                  ECHO %%g deleted>>log.txt)
                  ) ELSE (
                  ECHO %%g not found>>log.txt))
                  START NOTEPAD.EXE log.txt

                  Ga naar Bestand - Opslaan als.
                  Bij "Opslaan in" kies je: Bureaublad
                  Bij "Bestandsnaam" zet je: del.bat
                  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                  Klik op de knop Opslaan.

                  Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                  Comment


                  • #10
                    Deleting files
                    C:\WINDOWS\System32\ahlgykri.ini deleted
                    C:\WINDOWS\System32\bitqwioi.dll deleted
                    C:\WINDOWS\System32\bqmehjkj.dll deleted
                    C:\WINDOWS\System32\ddiyfgiu.dll deleted
                    C:\WINDOWS\System32\dnfqemib.dll deleted
                    C:\WINDOWS\System32\ehhkj.ini deleted
                    C:\WINDOWS\System32\ftlhyoxs.dll deleted
                    C:\WINDOWS\System32\gexrufhd.dll deleted
                    C:\WINDOWS\System32\gucrtvdq.ini deleted
                    C:\WINDOWS\System32\ibdiwrjb.dll deleted
                    C:\WINDOWS\System32\idvjqcky.dll deleted
                    C:\WINDOWS\System32\ilhkutoh.dll deleted
                    C:\WINDOWS\System32\jkhhe.dll deleted
                    C:\WINDOWS\System32\kekcussn.dll deleted
                    C:\WINDOWS\System32\nlhuwusw.dll deleted
                    C:\WINDOWS\System32\nqyjigkw.dll deleted
                    C:\WINDOWS\System32\porhjycn.dll deleted
                    C:\WINDOWS\System32\qpoxsksn.dll deleted
                    C:\WINDOWS\System32\qtilafnq.ini deleted
                    C:\WINDOWS\System32\rsmyqimg.dll deleted
                    C:\WINDOWS\System32\sibclplu.dll deleted
                    C:\WINDOWS\System32\thpicmfh.dll deleted
                    C:\WINDOWS\System32\tkkuncxs.dll deleted
                    C:\WINDOWS\System32\vcirctng.dll deleted
                    C:\WINDOWS\System32\vkivmcvt.dll deleted
                    C:\WINDOWS\System32\yanxwcij.dll deleted
                    C:\WINDOWS\System32\yqlrgigm.ini deleted

                    Comment


                    • #11
                      Post even een nieuw logje van Hijackthis en vertel of er nog problemen zijn

                      Comment


                      • #12
                        HijackThis-logje:

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 19:21:31, on 3-4-2008
                        Platform: Windows XP (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 (6.00.2600.0000)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
                        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                        C:\Program Files\KPN\bin\sprtsvc.exe
                        C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                        C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
                        C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
                        C:\Program Files\KPN\bin\sprtcmd.exe
                        C:\WINDOWS\System32\ctfmon.exe
                        C:\WINDOWS\system32\sistray.exe
                        C:\Program Files\Internet Explorer\IEXPLORE.EXE
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpn.com/Prive/internet/internet-bellen/service-support--/welkom.htm
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                        O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
                        O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                        O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                        O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                        O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                        O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
                        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                        O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
                        O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204467381326
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
                        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                        O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

                        --
                        End of file - 3846 bytes

                        Geen problemen meer opgemerkt.....

                        Comment


                        • #13
                          Logje is schoon hoor

                          Download ATF cleaner (mirror)(gemaakt door Atribune)

                          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                          Dubbelklik op ATF cleaner om het programma te starten.
                          Op het tabblad "Main", plaats je een vinkje bij Select All.
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook FireFox als browser hebt:
                          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook Opera als browser hebt:
                          Klik op tabblad "Opera", plaats een vinkje bij Select All.
                          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          Klik op de knop Empty Selected.
                          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                          Kijk hier hoe je je systeemherstel moet uitschakelen.
                          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                          Groeten smeenk

                          Comment


                          • #14
                            Oké dan toppie!
                            Zal deze stap van de week nog even uitvoeren, als ik langsga.
                            Alvast bedankt weer voor de superhulp

                            Comment


                            • #15
                              Graag gedaan hoor

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X