Mededeling

Collapse
No announcement yet.

Trojan.vundo

Collapse
X
Collapse
  •  
  • Page of 2
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 template Volgende
  • #1

    Trojan.vundo

    Hallo,
    Heb een beestje binnen gehaald:
    Trojan.Vundo.eef
    Trojan.Vundo.DVS
    Trojan.vundo.EDO

    Heb al een log gemaakt met Hijackthis:

    Logfile of HijackThis v1.99.0
    Scan saved at 22:14:42, on 29/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Mouse Driver\KMWDSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    F:\Documenten Ronny\software\Hijackthis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {11241072-58BB-40CE-9171-0B2BDFB22E97} - C:\WINDOWS\system32\ddcdabx.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=www.google.be
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
    O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: Keyboard And Mouse Communication Service - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
    O23 - Service: BitDefender Desktop Update Service - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: BitDefender Virus Shield - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    Kunnen jullie helpen (domme vraag natuurlijk)

    Ronny
    Labels: Geen
    • Citaat
  • #2
    Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe
    Dubbelklik op KillAFile.exe om de tool te starten.
    In het keuzemenu kies je voor optie 1:
    1: Delete a file on reboot
    Wanneer deze melding verschijnt
    Code:
    Insert full path and filename to delete.
and then press enter:
    tik je dit in: C:\WINDOWS\system32\ddcdabx.dll
    Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
    Sta dit toe.
    Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {11241072-58BB-40CE-9171-0B2BDFB22E97} - C:\WINDOWS\system32\ddcdabx.dll
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download FixWareout van:
    http://swandog46.geekstogo.com/Fixwareout.exe (Mirror)

    Sla het op je bureaublad op en dubbelklik Fixwareout.exe. Klik eerst op Next en daarna op Install. Controleer daarna of Run fixit aangevinkt is en klik op Finish. Laat dan de fix zijn werk doen.
    Je zal gevraagd worden om de computer opnieuw op te starten, doe dat. Het kan zijn dat je computer langer doet over het opstarten dan gewoonlijk; dit is normaal.

    Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.

    Plaats, na het herstarten, de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt, post ook een nieuw HijackThis log.
    • Citaat

    Comment

    • #3
      Trojan.vundo

      Heb Killfile gedraaid en log gemaakt. HijackThis eveneens uitgevoerd. Kon alles selecteren behalve c:\windows\system32\ddcdabx.dll.
      Het programma FixWareout is niet meer beschikbaar op die site; Heb hem ergens anders gevonden via Google.

      KILLAFILE - logfile


      Running from: "C:\Documents and Settings\Eigenaar\Bureaublad"

      Delete on reboot: C:\WINDOWS\system32\ddcdabx.dll

      --- Rebooting the computer ---

      C:\WINDOWS\system32\ddcdabx.dll deleted


      Finished!

      Username "Eigenaar" - 30/03/2008 16:19:16 [Fixwareout edited 9/01/2007]

      ~~~~~ Prerun check

      De DNS-omzettingscache is leeggemaakt.


      System was rebooted successfully.

      ~~~~~ Postrun check
      ....
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1trap" Deleted
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "2trap" Deleted
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "wujsc" Value deleted
      HKCR\CLSID\{8F327126-2B55-457C-8BD2-F0A524C0CE69}\_h\4 Deleted.
      ....
      ~~~~~ Misc files.
      ....
      ~~~~~ Checking for older varients.
      ....


      C:\Program Files\Virus-Bursters < Found
      C:\Program Files\Perfect Codec < Found
      Additional tools are recommended.

      ~~~~~ Current runs (hklm hkcu "run" Keys Only)
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
      "nwiz"="nwiz.exe /install"
      "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
      "GhostStartTrayApp"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
      "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
      "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
      "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
      "Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
      "BDMCon"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe"
      "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
      "KMCONFIG"="C:\\Program Files\\Mouse Driver\\StartAutorun.exe KMConfig.exe"
      "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "Timezone"="\"C:\\Program Files\\Microsoft Time Zone\\TimeZone.exe\""
      ....
      Hosts file was reset, If you use a custom hosts file please replace it...
      ~~~~~ End report ~~~~~

      Logfile of HijackThis v1.99.0
      Scan saved at 16:24:53, on 30/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
      C:\Program Files\Mouse Driver\KMWDSrv.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\Program Files\Mouse Driver\StartAutorun.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Mouse Driver\KMConfig.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Mouse Driver\KMProcess.exe
      F:\Documenten Ronny\software\Hijackthis\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O14 - IERESET.INF: START_PAGE_URL=www.google.be
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
      O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
      O23 - Service: Keyboard And Mouse Communication Service - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
      O23 - Service: BitDefender Desktop Update Service - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
      O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: BitDefender Virus Shield - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
      O23 - Service: BitDefender Communicator - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


      Ronny
      • Citaat

      Comment

      • #4
        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Download Deckard's System Scanner naar je Bureaublad.
        • Sluit alle toepassingen en vensters.
        • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
        • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
        • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

        Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
        - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
        Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
        Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
        • Citaat

        Comment

        • #5
          KILLAFILE - logfile


          Running from: "C:\Documents and Settings\Eigenaar\Bureaublad"

          Delete on reboot: C:\WINDOWS\system32\ddcdabx.dll

          --- Rebooting the computer ---

          C:\WINDOWS\system32\ddcdabx.dll deleted


          Finished!

          ---RVAXO.exe Updated: 2008-03-29---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\system32\pac.txt

          Folders Found:
          C:\Program Files\Virus-Bursters
          C:\Program Files\Perfect Codec

          Hosts-file was reset, If you use a custom hosts file please replace it...
          ---RVAXO.exe Updated: 2008-03-29---first run---
          Uninstallers:

          Files found:

          Folders Found:

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------

          Username "Eigenaar" - 30/03/2008 16:19:16 [Fixwareout edited 9/01/2007]

          ~~~~~ Prerun check

          De DNS-omzettingscache is leeggemaakt.


          System was rebooted successfully.

          ~~~~~ Postrun check
          ....
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1trap" Deleted
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "2trap" Deleted
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "wujsc" Value deleted
          HKCR\CLSID\{8F327126-2B55-457C-8BD2-F0A524C0CE69}\_h\4 Deleted.
          ....
          ~~~~~ Misc files.
          ....
          ~~~~~ Checking for older varients.
          ....


          C:\Program Files\Virus-Bursters < Found
          C:\Program Files\Perfect Codec < Found
          Additional tools are recommended.

          ~~~~~ Current runs (hklm hkcu "run" Keys Only)
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
          "nwiz"="nwiz.exe /install"
          "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
          "GhostStartTrayApp"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
          "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
          "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
          "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
          "Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
          "BDMCon"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe"
          "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
          "KMCONFIG"="C:\\Program Files\\Mouse Driver\\StartAutorun.exe KMConfig.exe"
          "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
          "Timezone"="\"C:\\Program Files\\Microsoft Time Zone\\TimeZone.exe\""
          ....
          Hosts file was reset, If you use a custom hosts file please replace it...
          ~~~~~ End report ~~~~~


          Logfile of HijackThis v1.99.0
          Scan saved at 21:49:41, on 30/03/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
          C:\Program Files\Mouse Driver\KMWDSrv.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
          C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
          C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
          C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
          C:\Program Files\Softwin\BitDefender10\bdagent.exe
          C:\Program Files\Mouse Driver\StartAutorun.exe
          C:\Program Files\Mouse Driver\KMConfig.exe
          C:\WINDOWS\Mixer.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Mouse Driver\KMProcess.exe
          C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          C:\Program Files\Softwin\BitDefender10\vsserv.exe
          C:\Program Files\Softwin\BitDefender10\bdmcon.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          F:\Documenten Ronny\software\Hijackthis\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
          O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
          O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
          O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
          O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O11 - Options group: [INTERNATIONAL] International*
          O14 - IERESET.INF: START_PAGE_URL=www.google.be
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
          O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
          O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
          O23 - Service: Keyboard And Mouse Communication Service - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
          O23 - Service: BitDefender Desktop Update Service - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
          O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: BitDefender Virus Shield - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
          O23 - Service: BitDefender Communicator - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


          Ronny
          • Citaat

          Comment

          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Je Java software is verouderd.
            Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
            Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
            • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post als laatste nog een nieuw logje van Hijackthis ter controle
            • Citaat

            Comment

            • #7
              Heb alles nogeens uitgevoerd. Kreeg bij de laatste taak van ATF wel een melding terug van besmetting bij een van de kids met trojan.vundo. Is dit nog zo?

              Logfile of HijackThis v1.99.0
              Scan saved at 0:17:59, on 31/03/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16608)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
              C:\Program Files\Mouse Driver\KMWDSrv.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\system32\nvsvc32.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
              C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
              C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
              C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
              C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
              C:\Program Files\Softwin\BitDefender10\bdagent.exe
              C:\Program Files\Mouse Driver\StartAutorun.exe
              C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
              C:\Program Files\Mouse Driver\KMConfig.exe
              C:\WINDOWS\Mixer.exe
              C:\Program Files\Mouse Driver\KMProcess.exe
              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Softwin\BitDefender10\vsserv.exe
              C:\WINDOWS\system32\wuauclt.exe
              F:\Documenten Ronny\software\Hijackthis\hijackthis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
              O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
              O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
              O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
              O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
              O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
              O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O11 - Options group: [INTERNATIONAL] International*
              O14 - IERESET.INF: START_PAGE_URL=www.google.be
              O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
              O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
              O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
              O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
              O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
              O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
              O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
              O23 - Service: Keyboard And Mouse Communication Service - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
              O23 - Service: BitDefender Desktop Update Service - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
              O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
              O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: BitDefender Virus Shield - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
              O23 - Service: BitDefender Communicator - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

              Ronny
              • Citaat

              Comment

              • #8
                Download dit bestand: zoek.exe
                Dubbelklik het, na een tijdje opent er een logje.
                Post de inhoud van dit logje in je volgende bericht
                • Citaat

                Comment

                • #9
                  ======C:\WINDOWS====
                  ----a-w 0 2008-03-30 22:15:18 C:\WINDOWS\0.log
                  --s-a-w 2,048 2008-03-30 22:14:26 C:\WINDOWS\bootstat.dat
                  ----a-w 116 2008-03-21 15:16:56 C:\WINDOWS\NeroDigital.ini
                  ----a-w 32,558 2008-03-30 15:12:29 C:\WINDOWS\SchedLgU.Txt
                  ----a-w 305,538 2008-03-30 15:27:13 C:\WINDOWS\setupact.log
                  ----a-w 754,533 2008-03-30 15:27:45 C:\WINDOWS\setupapi.log
                  ----a-w 227 2008-03-30 15:47:23 C:\WINDOWS\system.ini
                  --sha-w 7,680 2008-03-10 10:26:08 C:\WINDOWS\Thumbs.db
                  ----a-w 159 2008-03-30 22:14:41 C:\WINDOWS\wiadebug.log
                  ----a-w 50 2008-03-30 22:14:40 C:\WINDOWS\wiaservc.log
                  ----a-w 1,006 2008-03-30 22:29:52 C:\WINDOWS\win.ini
                  ----a-w 1,241,314 2008-03-30 22:15:50 C:\WINDOWS\WindowsUpdate.log
                  ----a-w 171,938 2008-03-20 21:14:21 C:\WINDOWS\wmsetup.log
                  ----a-w 4,276 2008-03-16 22:44:32 C:\WINDOWS\wmsetup10.log

                  Entries: 14 (12)
                  Directories: 0 Files: 14
                  Bytes: 2,521,443 Blocks: 4,930
                  ======C:\WINDOWS\system32=====
                  ----a-w 81,984 2008-03-30 22:30:17 C:\WINDOWS\System32\bdod.bin
                  ----a-w 0 2008-03-30 22:14:44 C:\WINDOWS\System32\bdss.log
                  ----a-w 6,300 2008-03-30 22:03:45 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
                  ----a-w 41,237 2008-03-30 22:14:59 C:\WINDOWS\System32\nvapps.xml
                  ----a-w 352,410 2008-03-21 18:09:12 C:\WINDOWS\System32\ope45.exe
                  ----a-w 0 2008-03-21 18:09:12 C:\WINDOWS\System32\ope45.tmp
                  ----a-w 0 2008-03-21 18:09:15 C:\WINDOWS\System32\ope4A.tmp
                  ----a-w 352,410 2008-03-21 18:10:12 C:\WINDOWS\System32\ope4F.exe
                  ----a-w 0 2008-03-21 18:10:12 C:\WINDOWS\System32\ope4F.tmp
                  ----a-w 0 2008-03-21 18:10:13 C:\WINDOWS\System32\ope54.tmp
                  ----a-w 63,188 2008-03-30 13:42:59 C:\WINDOWS\System32\perfc009.dat
                  ----a-w 82,192 2008-03-30 13:42:59 C:\WINDOWS\System32\perfc013.dat
                  ----a-w 403,968 2008-03-30 13:42:59 C:\WINDOWS\System32\perfh009.dat
                  ----a-w 468,568 2008-03-30 13:42:59 C:\WINDOWS\System32\perfh013.dat
                  ----a-w 1,030,504 2008-03-30 13:42:59 C:\WINDOWS\System32\PerfStringBackup.INI
                  ----a-w 53,248 2008-03-30 13:53:29 C:\WINDOWS\System32\process.exe
                  ----a-w 4,096 2008-03-30 13:53:29 C:\WINDOWS\System32\reboot.exe
                  ----a-w 90,112 2008-03-30 13:53:29 C:\WINDOWS\System32\regdacl.exe
                  ----a-w 13,646 2008-03-30 22:15:41 C:\WINDOWS\System32\wpa.dbl

                  Entries: 19 (19)
                  Directories: 0 Files: 19
                  Bytes: 3,043,863 Blocks: 5,951
                  =======C:\Program Files=====
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =======C:=====
                  --sh--w 211 2008-03-30 15:47:23 C:\boot.ini
                  ----a-w 237 2008-03-30 13:59:28 C:\kaflog.txt
                  --sha-w 805,306,368 2008-03-30 22:14:14 C:\pagefile.sys

                  Entries: 3 (1)
                  Directories: 0 Files: 3
                  Bytes: 805,306,816 Blocks: 1,572,866
                  ======C:\Documents and Settings\Eigenaar\Application Data======
                  ----a-w 87,608 2008-03-21 18:18:31 C:\Documents and Settings\Eigenaar\Application Data\inst.exe
                  ----a-w 7,887 2008-03-21 18:18:31 C:\Documents and Settings\Eigenaar\Application Data\pcouffin.cat
                  ----a-w 1,144 2008-03-21 18:18:31 C:\Documents and Settings\Eigenaar\Application Data\pcouffin.inf
                  ----a-w 34 2008-03-21 18:18:43 C:\Documents and Settings\Eigenaar\Application Data\pcouffin.log
                  ----a-w 47,360 2008-03-21 18:18:31 C:\Documents and Settings\Eigenaar\Application Data\pcouffin.sys
                  ----a-w 668 2008-03-23 18:52:20 C:\Documents and Settings\Eigenaar\Application Data\vso_ts_preview.xml

                  Entries: 6 (6)
                  Directories: 0 Files: 6
                  Bytes: 144,701 Blocks: 287
                  ======C:\Temp======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\Documents and Settings\Eigenaar======
                  ----a-w 7,340,032 2008-03-30 22:13:45 C:\Documents and Settings\Eigenaar\ntuser.dat
                  ---ha-w 36,864 2008-03-30 22:30:21 C:\Documents and Settings\Eigenaar\ntuser.dat.LOG
                  --sh--w 288 2008-03-30 22:13:08 C:\Documents and Settings\Eigenaar\ntuser.ini

                  Entries: 3 (1)
                  Directories: 0 Files: 3
                  Bytes: 7,377,184 Blocks: 14,409
                  =============
                  • Citaat

                  Comment

                  • #10
                    Open een kladblokbestand.
                    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                    @ECHO OFF
                    IF EXIST log.txt DEL log.txt
                    ECHO Deleting files>>log.txt
                    FOR %%g in (
                    C:\WINDOWS\System32\ope45.exe
                    C:\WINDOWS\System32\ope45.tmp
                    C:\WINDOWS\System32\ope4A.tmp
                    C:\WINDOWS\System32\ope4F.exe
                    C:\WINDOWS\System32\ope4F.tmp
                    C:\WINDOWS\System32\ope54.tmp) DO (
                    IF EXIST %%g (
                    ATTRIB -r -s -h %%g
                    DEL %%g
                    IF EXIST %%g (
                    ECHO %%g not deleted>>log.txt
                    ) ELSE (
                    ECHO %%g deleted>>log.txt)
                    ) ELSE (
                    ECHO %%g not found>>log.txt))
                    START NOTEPAD.EXE log.txt

                    Ga naar Bestand - Opslaan als.
                    Bij "Opslaan in" kies je: Bureaublad
                    Bij "Bestandsnaam" zet je: del.bat
                    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                    Klik op de knop Opslaan.

                    Dubbelklik op del.bat en post de inhoud van de logfile die opent.
                    • Citaat

                    Comment

                    • #11
                      Deleting files
                      C:\WINDOWS\System32\ope45.exe deleted
                      C:\WINDOWS\System32\ope45.tmp deleted
                      C:\WINDOWS\System32\ope4A.tmp deleted
                      C:\WINDOWS\System32\ope4F.exe deleted
                      C:\WINDOWS\System32\ope4F.tmp deleted
                      C:\WINDOWS\System32\ope54.tmp deleted
                      • Citaat

                      Comment

                      • #12
                        Verder zie ik geen gekke dingen, dus zal het nu wel OK zijn
                        Zo niet, dan meldt je je hier maar weer
                        • Citaat

                        Comment

                        • #13
                          Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                          Verder zie ik geen gekke dingen, dus zal het nu wel OK zijn
                          Zo niet, dan meldt je je hier maar weer
                          Oke,
                          Bedankt voor al de moeite, had voorop gesteld dat het tegen het einde van de week zou opgelost zijn maar je lijkt OVERTOOM wel.
                          Bedankt voor de snelle service en doe zo verder.

                          Ronny

                          • Citaat

                          Comment

                          • #14
                            Graag gedaan hoor
                            • Citaat

                            Comment

                            • #15
                              Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                              Graag gedaan hoor
                              Misschien nog een klein vraagje: het een of ander programma heeft een
                              Thumbs.db vestandje achter gelaten op het bureaublad. Bij eigenschappen de plaats op het bureaublad en datum 23/07/06 gemaakt, gewijzigd 15/07/07.

                              Wat er mee doen ?

                              Ronny
                              • Citaat

                              Comment

                              Vorige 1 2 template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X