Mededeling

Collapse
No announcement yet.

Veel rotzooi + geen taakbalk

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Veel rotzooi + geen taakbalk

    Op een laptop van de buren, zit (in elk geval zat) heel veel spyware en virussen.
    Nu heb ik met Spybot er al een aantal weten te verwijderen (ruime 200 problemen), maar het werkt nog niet helemaal goed.

    Als je opstart, had je eerst al een melding van dat de computer infected was en dat je antivirus moest downloaden. Deze was volgens mij nu de laatste keer weg. Wil je inloggen, dan gebeurt er een hele tijd niets en na ongeveer een kwartier a 20 minuten krijg je dan een blauw scherm te zien, met geluk kan je dan Windows Taakbeheer openen en zo via bestand - nieuwe taak enkele programma's starten.
    De taakbalk is nog steeds nergens te zien, systeemherstel kan ik helaas ook niet uitschakelen want krijg geen verkenner of configuratie scherm geopend.

    Gelijk na het opstarten van taakbeheer, heb ik al een aantal vreemde processen afgesloten.

    BraveSentry stond ook op de laptop, maar die is er hopelijk al af (weet het niet zeker). Verder zijn al een 100 redirected hosts door Spybot gevonden en opgelost (allemaal adressen van virusscanner bedrijven).

    Adaware heb ik ook geprobeerd te installeren, maar dat is tot op heden nog niet gelukt.

    Het internet zelf doet het nog wel, al krijg je internet explorer niet gestart (maar de programma's kunnen wel updaten, dus er is wel een internet verbinding actief).

    Na de laatste spybot scan, toen sinds het opnieuw opstarten, is de syteemdatum en tijd ook veranderd (naar 2006), alleen is nog niet gelukt om dit te herstellen (want heb geen klok/taakbalk/configuratiescherm).

    Veilige modus wil helemaal niet starten (komt niet verder dan een zwart scherm).

    Hierbij de lijst van de HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:51:05, on 11-4-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\drivers\spools.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O2 - BHO: (no name) - {a201888d-05ad-4019-af85-a7df73b56d47} - C:\WINDOWS\system32\rqRKDtSj.dll (file missing)
    O3 - Toolbar: pvnsmfor - {89175504-FC6D-43A2-BB07-E3247659C95A} - C:\WINDOWS\pvnsmfor.dll (file missing)
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKLM\..\RunOnce: [SpyHunter3 BatchedRemoval] C:\Program Files\Enigma Software Group\SpyHunter\br.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7549] command /c del "C:\Documents and Settings\L.Koningen\Application Data\ultra\ultra.inf"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC234] cmd /c del "C:\Documents and Settings\L.Koningen\Application Data\ultra\ultra.inf"
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3908] command /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9739] cmd /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7545] command /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3322] cmd /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA220] command /c del "C:\WINDOWS\system32\jkkJaxYO.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2529] cmd /c del "C:\WINDOWS\system32\jkkJaxYO.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7605] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6756] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2114] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1194] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4559] command /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1207] cmd /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7689] command /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7225] cmd /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7735] command /c del "C:\Documents and Settings\L.Koningen\Application Data\ultra\ultra.inf"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD859] cmd /c del "C:\Documents and Settings\L.Koningen\Application Data\ultra\ultra.inf"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB238] command /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3158] cmd /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5465] command /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7016] cmd /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3365] command /c del "C:\WINDOWS\system32\jkkJaxYO.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4468] cmd /c del "C:\WINDOWS\system32\jkkJaxYO.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4731] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6063] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4256] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1937] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6750] command /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8154] cmd /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2068] command /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD813] cmd /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
    O4 - HKLM\..\Policies\Explorer\Run: [Dc5h4Y1Kza] C:\Documents and Settings\All Users\Application Data\ehuvehqt\olkjmdsp.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User '?')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User 'Default user')
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138974549875
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
    O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
    O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
    O21 - SSODL: IaNzImnw - {205919F0-8AF3-B35A-DDEB-26E059C28FCA} - C:\WINDOWS\system32\rbe.dll
    O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll (file missing)
    O21 - SSODL: mpfanvqg - {D7CF407F-4893-4D78-8D51-CFDE70120749} - C:\WINDOWS\mpfanvqg.dll (file missing)
    O21 - SSODL: vbksrofa - {BA6FA5D3-0170-47FE-9542-D27D9FA2CAC2} - C:\WINDOWS\vbksrofa.dll (file missing)
    O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:\WINDOWS\system32\wm1dap.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\system32\wnslogan.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    O23 - Service: Office Source Engine oseanbmService (oseanbmservice) - Unknown owner - C:\WINDOWS\system32\dhcpd.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 13548 bytes

  • #2
    Print onderstaande instructies uit of sla ze op in een kladblokbestand omdat je in veilige modus moet werken en dan heb je geen beschikking over internet.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.

    • Start Hijackthis en vink alleen de volgende regel aan:
      R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - Default URLSearchHook is missing
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
      O2 - BHO: (no name) - {a201888d-05ad-4019-af85-a7df73b56d47} - C:\WINDOWS\system32\rqRKDtSj.dll (file missing)
      O3 - Toolbar: pvnsmfor - {89175504-FC6D-43A2-BB07-E3247659C95A} - C:\WINDOWS\pvnsmfor.dll (file missing)
      O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
      O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
      O4 - HKLM\..\Policies\Explorer\Run: [Dc5h4Y1Kza] C:\Documents and Settings\All Users\Application Data\ehuvehqt\olkjmdsp.exe
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
      O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...erstart_nl.cab
      O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
      O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
      O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
      O21 - SSODL: IaNzImnw - {205919F0-8AF3-B35A-DDEB-26E059C28FCA} - C:\WINDOWS\system32\rbe.dll
      O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll (file missing)
      O21 - SSODL: mpfanvqg - {D7CF407F-4893-4D78-8D51-CFDE70120749} - C:\WINDOWS\mpfanvqg.dll (file missing)
      O21 - SSODL: vbksrofa - {BA6FA5D3-0170-47FE-9542-D27D9FA2CAC2} - C:\WINDOWS\vbksrofa.dll (file missing)
      O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:\WINDOWS\system32\wm1dap.dll

      Sluit alle openstaande vensters(behalve HijackThis) en klik op de knop "Fix checked".

    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis
    Last edited by smeenk; 21-05-08, 12:11.

    Comment


    • #3
      Bij het opstarten kwam de volgende melding in gewone modus:

      Norton Protection: OPGELET!

      Initialisatiefout logboekbestand, staion D:

      Verder heb ik nog steeds geen bureaublad en taakbalk/startmenu zichtbaar, het was dus even zoeken waar ik die logfile kon vinden (maar gelukt, via nieuwe taak maken, naar een memory sticky weten te kopieren, want gewoon internet (internet explorer) valt nog niet te openen)

      De Logfile:

      ---RVAXO.exe Updated: 2008-05-20---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\BM236a2adc.xml
      C:\WINDOWS\BM236a2adc.txt
      C:\WINDOWS\system32\vedxg3am1et3.exe
      C:\WINDOWS\Temp\21.tmp.exe
      C:\WINDOWS\system32\dllgh8jkd1q2.exe
      C:\WINDOWS\system32\jStDKRqr.ini2
      C:\WINDOWS\fvowketqmvg.dll
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\oadkxrts.exe
      C:\WINDOWS\wininit.ini
      C:\WINDOWS\promogif3.gif
      C:\WINDOWS\promogif1.gif
      C:\WINDOWS\promogif2.gif
      C:\WINDOWS\homepage.html
      C:\WINDOWS\promo6.html
      C:\WINDOWS\promo4.html
      C:\WINDOWS\promo5.html
      C:\WINDOWS\promo3.html
      C:\WINDOWS\promo2.html
      C:\WINDOWS\promo1.html
      C:\WINDOWS\index.html
      C:\WINDOWS\system32\wind32.exe
      C:\WINDOWS\system32\maxpaynowti1.exe
      C:\WINDOWS\system32\maxpaynow1.exe
      C:\WINDOWS\system32\msdefender.exe
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\ctfmona.exe
      C:\WINDOWS\system32\pharma.txt
      C:\WINDOWS\system32\other.txt
      C:\WINDOWS\system32\finance.txt
      C:\WINDOWS\system32\adult.txt
      C:\WINDOWS\system32\sft.res
      C:\WINDOWS\system32\sockins32.dll
      C:\WINDOWS\system32\blackster.scr
      C:\WINDOWS\system32\lsprst7.tgz
      C:\WINDOWS\system32\mssrv32.exe
      C:\WINDOWS\system32\drivers\spools.exe
      C:\WINDOWS\system32\lsprst7.dll
      C:\WINDOWS\SYSTEM32\SSPRS.DLL
      C:\Documents and Settings\Administrator\cftmon.exe
      C:\d.exe

      Folders Found:
      C:\WINDOWS\System32\158117
      C:\WINDOWS\system32\wsnpoem
      C:\Program Files\Helper

      Hosts-file was reset, If you use a custom hosts file please replace it...

      Comment


      • #4
        Oorspronkelijk geplaatst door smeenk Bekijk Berichten
        Post ook een nieuw logje van Hijackthis

        Comment


        • #5
          Dat had ik niet zien staan (later toegevoegd of zo?)

          Maar hierbij de log:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 13:46:10, on 11-4-2006
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Acer\eManager\anbmServ.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
          C:\WINDOWS\system32\wnslogan.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\wdfmgr.exe
          C:\Program Files\Canon\CAL\CALMAIN.exe
          C:\WINDOWS\system32\taskmgr.exe
          C:\Program Files\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
          O4 - HKLM\..\RunOnce: [SpyHunter3 BatchedRemoval] C:\Program Files\Enigma Software Group\SpyHunter\br.exe
          O4 - HKLM\..\RunOnce: [SpybotDeletingA7549] command /c del "C:\Documents and Settings\L.Koningen\Application Data\ultra\ultra.inf"
          O4 - HKLM\..\RunOnce: [SpybotDeletingC234] cmd /c del "C:\Documents and Settings\L.Koningen\Application Data\ultra\ultra.inf"
          O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
          O4 - HKLM\..\RunOnce: [SpybotDeletingA3908] command /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingC9739] cmd /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingA7545] command /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingC3322] cmd /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingA220] command /c del "C:\WINDOWS\system32\jkkJaxYO.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingC2529] cmd /c del "C:\WINDOWS\system32\jkkJaxYO.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingA7605] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
          O4 - HKLM\..\RunOnce: [SpybotDeletingC6756] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
          O4 - HKLM\..\RunOnce: [SpybotDeletingA2114] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
          O4 - HKLM\..\RunOnce: [SpybotDeletingC1194] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
          O4 - HKLM\..\RunOnce: [SpybotDeletingA4559] command /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingC1207] cmd /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingA7689] command /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotDeletingC7225] cmd /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
          O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
          O4 - HKLM\..\RunOnce: [RVAXO] RVAXO.bat
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKCU\..\RunOnce: [SpybotDeletingB7735] command /c del "C:\Documents and Settings\L.Koningen\Application Data\ultra\ultra.inf"
          O4 - HKCU\..\RunOnce: [SpybotDeletingD859] cmd /c del "C:\Documents and Settings\L.Koningen\Application Data\ultra\ultra.inf"
          O4 - HKCU\..\RunOnce: [SpybotDeletingB238] command /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingD3158] cmd /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingB5465] command /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingD7016] cmd /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingB3365] command /c del "C:\WINDOWS\system32\jkkJaxYO.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingD4468] cmd /c del "C:\WINDOWS\system32\jkkJaxYO.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingB4731] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
          O4 - HKCU\..\RunOnce: [SpybotDeletingD6063] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
          O4 - HKCU\..\RunOnce: [SpybotDeletingB4256] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
          O4 - HKCU\..\RunOnce: [SpybotDeletingD1937] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
          O4 - HKCU\..\RunOnce: [SpybotDeletingB6750] command /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingD8154] cmd /c del "C:\WINDOWS\system32\rqRKDtSj.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingB2068] command /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
          O4 - HKCU\..\RunOnce: [SpybotDeletingD813] cmd /c del "C:\WINDOWS\system32\tgjjuptw.dll_old"
          O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User '?')
          O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User 'Default user')
          O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
          O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
          O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
          O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
          O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138974549875
          O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
          O21 - SSODL: IaNzImnw - {205919F0-8AF3-B35A-DDEB-26E059C28FCA} - C:\WINDOWS\system32\rbe.dll
          O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
          O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\system32\wnslogan.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
          O23 - Service: Office Source Engine oseanbmService (oseanbmservice) - Unknown owner - C:\WINDOWS\system32\dhcpd.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

          --
          End of file - 11031 bytes

          Comment


          • #6
            Zou je de map RVAXO op je bureaublad(of waar je hem ook neergezet hebt) willen openen en het volgende bestand willen dubbelklikken: Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Download de tool daarna opnieuw en voer deze nogmaals in veilige modus uit.
            Zoek na de herstart de volgende 2 logjes op en post deze: C:\RVAXO-results.log en C:\RVAXO-Vfind.log

            Comment


            • #7
              RVAXO-results.log:

              ---RVAXO.exe Updated: 2008-05-20---first run---
              Uninstallers:

              Files found:
              C:\WINDOWS\BM236a2adc.txt

              Folders Found:

              Hosts-file was reset, If you use a custom hosts file please replace it...

              Die andere kan ik niet vinden op de C schijf, maar heb nog wel een RVAXO.reg op C staan. Deze zou ik ook kunnen posten, als nodig is.

              Comment


              • #8
                Deïnstalleer RVAXO opnieuw via Uninstall.cmd

                Download nu dit programma: RemoveVideoActiveXObject.exe
                Post na afloop: C:\RVAXO-results.log en C:\RVAXO-Vfind.log

                Je moet na herstart RemoveVideoActiveXObject.exe nog een keer dubbelklikken, dan zal C:\RVAXO-Vfind.log pas aangemaakt worden

                Comment


                • #9
                  De computer al een stuk sneller met afsluiten en opstarten, alleen de taakbalk is nog steeds niet terug.

                  ---RVAXO.exe Updated: 2008-05-21---first run---
                  Uninstallers:

                  Files found:
                  C:\WINDOWS\system32\icf.exe
                  C:\WINDOWS\system32\wm1dap.dll
                  C:\WINDOWS\system32\crypts.dll
                  C:\WINDOWS\system32\wnslogan.exe
                  C:\WINDOWS\system32\WinNt32.dll

                  Folders Found:

                  Hosts-file was reset, If you use a custom hosts file please replace it...

                  --------------RVAXO.exe last run---------------
                  Not deleted items:

                  --------------RVAXO.exe finished----------------


                  En de ander:

                  ======C:\WINDOWS====
                  ----a-w 259 2008-05-14 13:15:58 C:\WINDOWS\system.ini
                  ----a-w 1,932 2008-05-20 13:57:48 C:\WINDOWS\IE4 Error Log.txt
                  ----a-w 136,420 2008-05-14 13:19:50 C:\WINDOWS\wmsetup.log
                  ----a-w 2,731 2008-05-14 13:19:46 C:\WINDOWS\OEWABLog.txt
                  ----a-w 32,630 2008-05-14 06:10:42 C:\WINDOWS\SchedLgU.Txt
                  ----a-w 96 2008-05-20 14:41:58 C:\WINDOWS\ComponentList.xml
                  ----a-w 52,224 2008-05-20 13:46:00 C:\WINDOWS\taskmon.exe
                  ----a-w 64,307 2008-05-20 13:43:42 C:\WINDOWS\setupact.log
                  ----a-w 217,088 2008-05-14 13:18:10 C:\WINDOWS\totacon.exe
                  ---ha-w 54,156 2008-05-20 14:42:48 C:\WINDOWS\QTFont.qfn
                  ----a-w 10,240 2008-05-20 13:56:04 C:\WINDOWS\win32ole.dll
                  ----a-w 146,432 2008-05-21 04:01:18 C:\WINDOWS\herjek.exe
                  ----a-w 49,007 2008-05-14 12:14:22 C:\WINDOWS\totacon.config
                  ----a-w 16,358 2008-05-21 04:07:12 C:\WINDOWS\herjek.config

                  Entries: 14 (13)
                  Directories: 0 Files: 14
                  Bytes: 783,880 Blocks: 1,535
                  ======C:\WINDOWS\system32=====
                  ----a-w 11,776 2008-05-14 13:11:32 C:\WINDOWS\System32\smsk563.exe
                  ----a-w 233,984 2008-05-14 13:11:50 C:\WINDOWS\System32\smsk617.exe
                  ----a-w 143,360 2008-05-14 13:12:24 C:\WINDOWS\System32\smsk469.exe
                  ----a-w 9,728 2008-05-21 03:59:48 C:\WINDOWS\System32\smsk640.exe
                  ----a-w 9,216 2008-05-14 13:15:48 C:\WINDOWS\System32\smsk615.exe
                  ----a-w 110,592 2008-05-14 11:10:44 C:\WINDOWS\System32\sxmhgrgj.exe
                  ------w 0 2008-05-20 14:42:22 C:\WINDOWS\System32\eRLog.ini
                  ----a-w 826,539 2008-05-21 10:16:14 C:\WINDOWS\System32\RVAXO.bat
                  ----a-w 80 2008-05-21 03:59:56 C:\WINDOWS\System32\svchost.t__
                  ----a-w 65,024 2008-05-21 03:59:56 C:\WINDOWS\System32\smsk641.exe
                  ----a-w 7,168 2008-05-14 13:15:58 C:\WINDOWS\System32\smsk472.exe
                  --sh--r 37,888 2008-05-21 03:59:58 C:\WINDOWS\System32\dhcpd.exe
                  ----a-w 360,448 2008-05-15 18:07:28 C:\WINDOWS\System32\smsk626.exe
                  ----a-w 24,576 2008-05-14 12:27:46 C:\WINDOWS\System32\userinit.exe
                  ----a-w 29,136 2008-05-14 13:16:04 C:\WINDOWS\System32\smsk618.exe
                  ----a-w 7,168 2008-05-14 13:16:08 C:\WINDOWS\System32\2ef77.exe
                  ----a-w 0 2008-05-14 14:27:50 C:\WINDOWS\System32\WinData.cab
                  ----a-w 31,744 2008-05-14 13:18:40 C:\WINDOWS\System32\gwin32.dll
                  ----a-w 29 2008-05-14 11:13:44 C:\WINDOWS\System32\fdaoiuqe.tmp
                  ----a-w 9,728 2008-05-20 13:45:04 C:\WINDOWS\System32\smsk635.exe
                  ----a-w 1 2008-05-14 13:18:40 C:\WINDOWS\System32\ds.dat
                  ----a-w 31,744 2008-05-14 13:16:58 C:\WINDOWS\System32\swin32.dll
                  ----a-w 11,776 2008-05-14 13:16:58 C:\WINDOWS\System32\smsk534.exe
                  --sha-w 648,382 2008-05-20 15:14:16 C:\WINDOWS\System32\jStDKRqr.ini
                  ----a-w 18,432 2008-05-14 13:16:12 C:\WINDOWS\System32\2f747.exe
                  ----a-w 228,669 2008-05-14 13:16:18 C:\WINDOWS\System32\smsk550.exe
                  ----a-w 1,506 2008-05-14 13:16:18 C:\WINDOWS\System32\30698.exe
                  ----a-w 600,576 2008-05-14 13:19:30 C:\WINDOWS\System32\qtplugin.exe
                  ----a-w 39,936 2008-05-20 13:45:10 C:\WINDOWS\System32\smsk602.exe
                  ----a-w 13,312 2008-05-20 13:45:18 C:\WINDOWS\System32\smsk623.exe
                  ----a-w 23,200 2008-05-14 11:29:10 C:\WINDOWS\System32\11273948741.dll
                  ----a-w 10,000 2008-05-14 13:16:56 C:\WINDOWS\System32\djki397g.dll
                  ----a-w 1,506 2008-05-14 13:16:22 C:\WINDOWS\System32\31a5f.exe
                  ----a-w 29,136 2008-05-20 13:45:36 C:\WINDOWS\System32\smsk632.exe
                  ----a-w 102,400 2008-05-20 14:42:04 C:\WINDOWS\System32\helcxmnu.exe
                  --sh--w 294 2008-05-20 15:04:46 C:\WINDOWS\System32\ivyyelyl.ini
                  ----a-w 32,768 2008-05-14 13:17:38 C:\WINDOWS\System32\sockots64.dll
                  ----a-w 2,624 2008-05-20 14:44:50 C:\WINDOWS\System32\iomqesvt.exe
                  ----a-w 10,000 2008-05-14 13:16:52 C:\WINDOWS\System32\hdxjd4g.dll
                  ----a-w 23,200 2008-05-20 14:44:38 C:\WINDOWS\System32\14443690341.dll

                  Entries: 40 (37)
                  Directories: 0 Files: 40
                  Bytes: 3,747,646 Blocks: 7,328
                  ======C:\WINDOWS\system32\drivers=====
                  ----a-w 27,008 2008-05-14 11:12:30 C:\WINDOWS\System32\drivers\Hpv30.sys
                  ----a-w 125,440 2008-05-21 04:00:26 C:\WINDOWS\System32\drivers\qandr.sys
                  ----a-w 27,008 2008-05-14 13:18:16 C:\WINDOWS\System32\drivers\Tbi31.sys

                  Entries: 3 (3)
                  Directories: 0 Files: 3
                  Bytes: 179,456 Blocks: 351
                  =======C:\Program Files=====
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =======C:=====
                  ----a-w 369,450 2008-05-14 11:03:06 C:\logfile
                  ----a-w 72,192 2008-05-14 13:16:34 C:\ydrvr.exe
                  ----a-w 444,416 2008-05-14 13:11:52 C:\autoex.dll
                  ----a-w 80,384 2008-05-14 13:16:58 C:\difkghmd.exe
                  ----a-w 72,192 2008-05-14 13:16:54 C:\pmpelnn.exe
                  ----a-w 2 2008-05-20 13:46:32 C:\542710255
                  ----a-w 69,120 2008-05-20 13:45:58 C:\lldjq.exe
                  ----a-w 80,384 2008-05-14 13:17:14 C:\pfpss.exe
                  ----a-w 80,384 2008-05-20 13:46:10 C:\ynvx.exe

                  Entries: 9 (9)
                  Directories: 0 Files: 9
                  Bytes: 1,268,524 Blocks: 2,479
                  ======C:\Documents and Settings\Administrator\Application Data======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\Documents and Settings\Administrator======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\WINDOWS\Downloaded Program Files====
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =============

                  Comment


                  • #10
                    Ik heb helaas geen tijd meer om naar de logjes te kijken vanavond.

                    Draai daarom het volgende programma maar, die zal er vast nog een hele boel uithalen:

                    Download Malwarebytes' Anti-Malware via hier of hier.

                    Dubbelklik mbam-setup.exe om het programma te installeren.
                    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
                    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
                    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
                    • Het scannen kan een tijdje duren, dus wees geduldig.
                    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
                    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
                    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
                    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
                    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw logje van Hijackthis.

                    Extra opmerking:
                    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
                    Last edited by smeenk; 22-05-08, 00:24.

                    Comment


                    • #11
                      Hij is een ruime 2 uur aan het scannen geweest (met de QuickScan) en heeft alles wat hij gevonden had, in 1x kunnen verwijderen.

                      Hierbij de log:
                      Malwarebytes' Anti-Malware 1.12
                      Database versie: 775

                      Scan type: Snelle Scan
                      Objecten gescand: 311501
                      Verstreken tijd: 2 hour(s), 7 minute(s), 57 second(s)

                      Geheugenprocessen geïnfecteerd: 0
                      Geheugenmodulen geïnfecteerd: 0
                      Registersleutels geïnfecteerd: 22
                      Registerwaarden geïnfecteerd: 3
                      Registerdata bestanden geïnfecteerd: 0
                      Mappen geïnfecteerd: 1
                      Bestanden geïnfecteerd: 113

                      Geheugenprocessen geïnfecteerd:
                      (Geen kwaadaardige items gevonden)

                      Geheugenmodulen geïnfecteerd:
                      (Geen kwaadaardige items gevonden)

                      Registersleutels geïnfecteerd:
                      HKEY_CLASSES_ROOT\mscmp1.bhoapp (Trojan.Agent) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\mscmp1.bhoapp.1 (Trojan.Agent) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\CLSID\{ffffffff-85a3-452b-b7a8-759ad9b42162} (Spyware.Banker) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\CLSID\{f2f2a4cb-daad-4d0c-bdfc-e945647202c2} (Trojan.BHO) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\iebho.myiebho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\iebho.myiebho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mscompare (Trojan.BHO) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\pvnsmfor.besx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                      HKEY_CLASSES_ROOT\HKEY_CLASSES_ROOT\AppID\iebho.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.

                      Registerwaarden geïnfecteerd:
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.

                      Registerdata bestanden geïnfecteerd:
                      (Geen kwaadaardige items gevonden)

                      Mappen geïnfecteerd:
                      C:\Program Files\syscmd (Trojan.BHO) -> Quarantined and deleted successfully.

                      Bestanden geïnfecteerd:
                      C:\WINDOWS\system32\gwin32.dll (Spyware.Banker) -> Quarantined and deleted successfully.
                      c:\autoex.dll (Trojan.BHO) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk617.exe (Trojan.BHO) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk469.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk615.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\sxmhgrgj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk472.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk618.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\swin32.dll (Spyware.Banker) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk534.exe (Worm.Zhelatin) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\2f747.exe (BackDoor.Bech) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk550.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\qtplugin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\djki397g.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk632.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\helcxmnu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\sockots64.dll (Trojan.BHO) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\hdxjd4g.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\WINDOWS\taskmon.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
                      C:\WINDOWS\win32ole.dll (Trojan.Spabot) -> Quarantined and deleted successfully.
                      C:\ydrvr.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
                      C:\pmpelnn.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
                      C:\lldjq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\istat.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\ykfihxko.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\oxo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\rsyncini.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\noop.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\gold.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\5.dllb (Trojan.DownLoader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\655.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\1.dllb (Trojan.DownLoader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\6.dllb (Trojan.DownLoader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\7.dllb (Trojan.DownLoader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\vx1dt3.game (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\maxpaynowti.game (Dialer) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\v6xdt4.game (Trojan.Spambot) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\1F.tmp (Worm.Socks) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\cbOCR.dll (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\16DF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\1624448123.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\1159216823.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\csrssc.exe (Trojan.FakeALert) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\359484913.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\1686960045.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\1645479533.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\.tt18.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\maxpaynow.game (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\10.tmp (Worm.Socks) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\winlagon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\I.Koningen\Local Settings\Temp\csrssc.exe (Trojan.FakeALert) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\I.Koningen\Local Settings\Temp\.ttF.tmp (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\I.Koningen\Local Settings\Temp\maxpaynow.game (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\I.Koningen\Local Settings\Temp\879782045.exe (Trojan.FakeALert) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\I.Koningen\Local Settings\Temp\174797382.exe (Trojan.FakeALert) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1UZT3W83\inst250[1].exe (Trojan.Pakes) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1UZT3W83\winhg[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1UZT3W83\tuhvzqdrv[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WTUFO1IJ\pinch2[1].exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHYZOLU3\bho[1].exe (Trojan.BHO) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHYZOLU3\winglv[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHYZOLU3\windad[1].exe (Worm.Socks) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHYZOLU3\ml126[2].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHYZOLU3\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8D63GD27\ddos1[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8QADRCAE\notepad[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8QADRCAE\notepad[2].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8QADRCAE\notepad[3].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8QADRCAE\notepad[4].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8QADRCAE\notepad[5].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8QADRCAE\notepad[6].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8QADRCAE\notepad[7].exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Program Files\syscmd\mscmp32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
                      C:\Program Files\syscmd\mscmp.inf (Trojan.BHO) -> Quarantined and deleted successfully.
                      C:\Program Files\syscmd\uninstall.bat (Trojan.BHO) -> Quarantined and deleted successfully.
                      C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\WINDOWS\totacon.config (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\herjek.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\drivers\qandr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\totacon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\difkghmd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\winlogans.tmp (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk563.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk640.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk641.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk626.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk635.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk602.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\smsk623.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\gsbgqpwwfw.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\I.Koningen\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\Administrator\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\M.Koningen\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\I.Koningen\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\L.Koningen\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\C. Koningen\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\LocalService\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\2.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\WINDOWS\Temp\vx3dt2.game (Heuristics.Malware) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\I.Koningen\Bureaublad\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
                      C:\Documents and Settings\L.Koningen\Bureaublad\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
                      C:\WINDOWS\system32\svchost.t__ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

                      Comment


                      • #12
                        Inderdaad veel verwijderd

                        Draai RVAXO nog een keer en post na afloop het nieuwe RVAXO-Vfind.log Let op: niet RVAXO-results.log

                        Comment


                        • #13
                          Welke moet ik daar voor draaien? De gewone RVAXO of de removeVideo...?

                          Comment


                          • #14
                            Maakt niet uit, uninstallen hoeft ook niet, er wordt als het goed is een nieuwe RVAXO-Vfind.log aangemaakt.

                            Comment


                            • #15
                              ======C:\WINDOWS====
                              ----a-w 259 2008-05-14 13:15:58 C:\WINDOWS\system.ini
                              ----a-w 1,932 2008-05-20 13:57:48 C:\WINDOWS\IE4 Error Log.txt
                              ----a-w 136,420 2008-05-14 13:19:50 C:\WINDOWS\wmsetup.log
                              ----a-w 2,731 2008-05-14 13:19:46 C:\WINDOWS\OEWABLog.txt
                              ----a-w 32,630 2008-05-14 06:10:42 C:\WINDOWS\SchedLgU.Txt
                              ----a-w 96 2008-05-20 14:41:58 C:\WINDOWS\ComponentList.xml
                              ----a-w 64,307 2008-05-20 13:43:42 C:\WINDOWS\setupact.log
                              ---ha-w 54,156 2008-05-20 14:42:48 C:\WINDOWS\QTFont.qfn

                              Entries: 8 (7)
                              Directories: 0 Files: 8
                              Bytes: 292,531 Blocks: 575
                              ======C:\WINDOWS\system32=====
                              ----a-w 826,240 2008-05-20 20:35:22 C:\WINDOWS\System32\RVAXO.bat
                              ------w 0 2008-05-20 14:42:22 C:\WINDOWS\System32\eRLog.ini
                              --sh--r 37,888 2008-05-21 03:59:58 C:\WINDOWS\System32\dhcpd.exe
                              ----a-w 24,576 2008-05-14 12:27:46 C:\WINDOWS\System32\userinit.exe
                              ----a-w 7,168 2008-05-14 13:16:08 C:\WINDOWS\System32\2ef77.exe
                              ----a-w 0 2008-05-14 14:27:50 C:\WINDOWS\System32\WinData.cab
                              ----a-w 29 2008-05-14 11:13:44 C:\WINDOWS\System32\fdaoiuqe.tmp
                              ----a-w 1 2008-05-14 13:18:40 C:\WINDOWS\System32\ds.dat
                              --sha-w 648,382 2008-05-20 15:14:16 C:\WINDOWS\System32\jStDKRqr.ini
                              ----a-w 1,506 2008-05-14 13:16:18 C:\WINDOWS\System32\30698.exe
                              ----a-w 23,200 2008-05-14 11:29:10 C:\WINDOWS\System32\11273948741.dll
                              ----a-w 1,506 2008-05-14 13:16:22 C:\WINDOWS\System32\31a5f.exe
                              --sh--w 294 2008-05-20 15:04:46 C:\WINDOWS\System32\ivyyelyl.ini
                              ----a-w 2,624 2008-05-20 14:44:50 C:\WINDOWS\System32\iomqesvt.exe
                              ----a-w 23,200 2008-05-20 14:44:38 C:\WINDOWS\System32\14443690341.dll

                              Entries: 15 (12)
                              Directories: 0 Files: 15
                              Bytes: 1,596,614 Blocks: 3,124
                              ======C:\WINDOWS\system32\drivers=====
                              ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
                              ----a-w 27,008 2008-05-14 11:12:30 C:\WINDOWS\System32\drivers\Hpv30.sys
                              ----a-w 27,008 2008-05-14 13:18:16 C:\WINDOWS\System32\drivers\Tbi31.sys
                              ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys

                              Entries: 4 (4)
                              Directories: 0 Files: 4
                              Bytes: 96,928 Blocks: 190
                              =======C:\Program Files=====
                              Entries: 0 (0)
                              Directories: 0 Files: 0
                              Bytes: 0 Blocks: 0
                              =======C:=====
                              ----a-w 369,450 2008-05-14 11:03:06 C:\logfile
                              ----a-w 2 2008-05-20 13:46:32 C:\542710255
                              ----a-w 80,384 2008-05-14 13:17:14 C:\pfpss.exe
                              ----a-w 80,384 2008-05-20 13:46:10 C:\ynvx.exe

                              Entries: 4 (4)
                              Directories: 0 Files: 4
                              Bytes: 530,220 Blocks: 1,037
                              ======C:\Documents and Settings\Administrator\Application Data======
                              Entries: 0 (0)
                              Directories: 0 Files: 0
                              Bytes: 0 Blocks: 0
                              ======C:\Documents and Settings\Administrator======
                              Entries: 0 (0)
                              Directories: 0 Files: 0
                              Bytes: 0 Blocks: 0
                              ======C:\WINDOWS\Downloaded Program Files====
                              Entries: 0 (0)
                              Directories: 0 Files: 0
                              Bytes: 0 Blocks: 0
                              =============

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X