Mededeling

Collapse
No announcement yet.

Hoe kan ik CiD infectie verwijderen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Hoe kan ik CiD infectie verwijderen

    Hallo

    Ook bij mij komen om de haverklap bij Internet Explorer schermen opduiken met advertentie waarin iest van CiD afkomstig lijkt te zijn.

    Ik heb RVACO, COMBO fix en Hijack This gedraait en nu lijken ze ogenschijnlijk er niet meer te zijn. Is dit dan voldoende of moet aan de hand van de logs (die heb ik uiteraard) nog een verder actie worden ondernomen?

    Dank

    Benwinie

    ---RVAXO.exe Updated: 2008-05-21---first run---
    Uninstallers:

    Files found:
    C:\WINDOWS\tasks\AC3407C6934BB19A.job
    C:\WINDOWS\wininit.ini

    Folders Found:

    Hosts-file was reset, If you use a custom hosts file please replace it...

    --------------RVAXO.exe last run---------------
    Not deleted items:

    --------------RVAXO.exe finished----------------


    365 --- E O F --- 2008-05-21 14:00:29
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:55:34, on 21-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cobian Backup 9\Cobian.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Cobian Backup 9\cbInterface.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\explorer.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail03.rivm.nl/ICSLogin/?"https://webmail03.rivm.nl/Mail/fcassee.nsf"
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar11.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar11.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Cobian Backup 9] "C:\Program Files\Cobian Backup 9\Cobian.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [Four sect] C:\DOCUME~1\Flemming\APPLIC~1\GREATT~1\move inside does.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail04.rivm.nl/iNotes6W.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204127256132
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://connect2.rivm.nl/net6helper.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - http://www.virtuocity.eu/download/v213/virtuocity.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://videoserver.brabant.nl/activex/AMC.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{65029354-C2BF-4EEA-A32E-61C515EA8393}: NameServer = 192.168.1.254
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: Direct User Switching Service (DUST-Main) - Way Beyond Computing Ltd - C:\Program Files\Way Beyond Computing\DUST\DUSTsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    --
    End of file - 12121 bytes
    Last edited by benwinie; 21-05-08, 20:50.

  • #2
    Probeer dit programma eens: LOP-uninstall.zip
    Voer bij “Uninstall verification“ de zevencijferige code in en klik “Uninstall“
    Klik bij “Legal notice” OK
    Sluit alle vensters en klik OK
    Wacht .......en klik bij “Uninstall complete for all users“ OK.

    Doe daarna dit:
    Download dit bestand: Deljob.exe (mirror)
    Dubbelklik Deljob.exe.
    Een logje(logit.txt) zal openen.
    Post de inhoud van logit.txt in je volgende bericht.

    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      OK instructies opgevolgd en dit zijn de logs (namen verwijdert of vervangen door ***)
      -

      -------------------------------------------------------
      No LOP job-files found
      --------------------------------------------------------
      Files in Windows Tasks folder

      MP Scheduled Scan.job
      User_Feed_Synchronization-{EC8B1DD2-D18A-4E86-9BDC-8BC7AC1AA338}.job
      --------------------------------------------------------
      Export App Data folders
      --------------------------------------------------------
      Het volume in station C heeft geen naam.
      Het volumenummer is 0C15-39F6

      Map van C:\Documents and Settings\******\Application Data

      22-05-2008 17:47 <DIR> .
      22-05-2008 17:47 <DIR> ..
      10-12-2006 18:54 <DIR> ACOUST~1 Acoustica
      05-02-2008 21:37 <DIR> Adobe
      01-01-2006 14:56 <DIR> AdobeUM
      22-07-2007 09:33 <DIR> Ahead
      25-07-2007 22:18 <DIR> ALLCAP~1 ALLCapture
      07-05-2007 20:12 <DIR> APPLEC~1 Apple Computer
      08-03-2008 16:35 <DIR> AUSLOG~1 Auslogics
      18-07-2007 18:29 <DIR> Azureus
      13-05-2008 14:44 <DIR> Corel
      17-12-2004 20:04 <DIR> CYBERL~1 CyberLink
      20-08-2006 19:58 <DIR> DATALA~1 Datalayer
      18-05-2007 21:58 <DIR> DivX
      20-04-2008 16:02 <DIR> dvdcss
      01-12-2007 16:48 <DIR> EFSOFT~1 EFSoftware
      19-05-2008 18:54 <DIR> FDRLab
      29-03-2008 18:27 <DIR> GARMIN
      27-07-2007 10:19 <DIR> GETRIG~1 GetRightToGo
      18-11-2006 17:12 <DIR> Google
      19-12-2004 22:53 <DIR> Help
      14-03-2008 21:28 <DIR> ICACLI~1 ICAClient
      09-03-2008 20:30 <DIR> IDENTI~1 Identities
      17-05-2007 16:06 <DIR> INSTAL~1 InstallShield
      03-02-2008 18:45 <DIR> iolo
      27-12-2004 12:08 <DIR> JASCSO~1 Jasc Software Inc
      05-02-2005 18:13 <DIR> Lavasoft
      04-12-2007 22:52 <DIR> LEADER~1 Leadertech
      12-05-2008 17:25 <DIR> LimeWire
      15-02-2007 22:29 <DIR> LIT
      30-06-2007 13:16 <DIR> Logitech
      29-09-2006 19:27 <DIR> MACROM~1 Macromedia
      05-05-2007 21:33 <DIR> MEDIAP~1 Media Player Classic
      27-02-2008 17:25 <DIR> MICROS~1 Microsoft
      11-02-2007 13:50 <DIR> Mozilla
      19-12-2004 16:04 <DIR> MOZILL~1 Mozilla aaa
      15-05-2006 21:58 <DIR> MyFamily.com
      08-10-2006 21:45 <DIR> NCHSWI~1 NCH Swift Sound
      22-07-2007 09:34 <DIR> Nero
      02-05-2008 09:38 <DIR> NERODC~1 NeroDCTemplates
      15-03-2008 21:23 <DIR> Nokia
      08-03-2008 16:29 <DIR> NOKIAM~1 Nokia Multimedia Player
      03-05-2008 17:17 <DIR> Opera
      04-03-2008 21:42 <DIR> PCSUIT~1 PC Suite
      07-05-2008 19:43 <DIR> PCTOOL~1 PC Tools
      22-02-2007 22:28 <DIR> pdf995
      12-12-2005 20:17 <DIR> PINNAC~1 Pinnacle Systems
      29-03-2008 17:48 <DIR> Qualcomm
      17-12-2005 21:18 <DIR> Real
      20-08-2006 20:37 <DIR> RECORD~1 RecordPad
      21-06-2007 22:25 <DIR> SAM
      13-11-2005 21:28 <DIR> ScanSoft
      22-05-2008 17:43 <DIR> Skype
      06-05-2008 19:38 <DIR> SMARTP~1 Smart PC Solutions
      03-08-2007 15:34 <DIR> SmartFTP
      17-03-2007 12:35 <DIR> Sonic
      27-12-2007 19:10 <DIR> SPACEM~1 SpaceMonger
      11-12-2004 11:01 <DIR> Sun
      18-05-2008 11:04 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
      02-06-2005 18:32 <DIR> Symantec
      02-12-2006 20:32 <DIR> Systweak
      11-02-2007 13:51 <DIR> Talkback
      19-12-2004 23:00 <DIR> Template
      11-02-2007 13:48 <DIR> THUNDE~1 Thunderbird
      04-01-2008 18:15 <DIR> TUNEUP~1 TuneUp Software
      26-12-2007 14:38 <DIR> Uniblue
      06-02-2007 19:45 <DIR> vlc
      25-11-2006 17:32 <DIR> VOIPBU~1 VoipBuster
      02-11-2006 21:47 <DIR> Vso
      03-03-2007 14:38 <DIR> Webroot
      29-12-2007 16:05 <DIR> WinRAR
      29-12-2006 11:57 <DIR> WSINSP~1 wsInspector
      18-07-2007 18:29 <DIR> yoclient
      0 bestand(en) 0 bytes
      73 map(pen) 82.733.449.216 bytes beschikbaar
      Het volume in station C heeft geen naam.
      Het volumenummer is 0C15-39F6

      Map van C:\Documents and Settings\All Users\Application Data

      22-05-2008 17:48 <DIR> .
      22-05-2008 17:48 <DIR> ..
      04-12-2007 22:44 <DIR> Adobe
      16-08-2006 20:50 <DIR> Ahead
      07-05-2007 20:12 <DIR> APPLEC~1 Apple Computer
      05-12-2007 20:20 <DIR> BLUETO~1 Bluetooth
      04-03-2007 18:05 <DIR> CA
      28-04-2007 20:37 <DIR> Corel
      11-12-2004 11:02 <DIR> CYBERL~1 CyberLink
      03-05-2008 16:17 <DIR> DVDSHR~1 DVD Shrink
      25-05-2006 14:18 <DIR> element5
      22-07-2007 18:17 <DIR> ESPION~1 espionServerData
      28-10-2006 15:17 <DIR> Google
      21-05-2008 17:15 <DIR> GOOGLE~1 Google Updater
      26-04-2006 19:54 <DIR> GRAPHP~1 GraphPad Software
      12-04-2008 12:59 <DIR> INSTAL~2 Installations
      27-12-2004 12:09 <DIR> INSTAL~1 InstallShield
      03-02-2008 18:45 <DIR> iolo
      19-05-2008 21:55 <DIR> Lavasoft
      16-03-2008 12:02 <DIR> LogiShrd
      16-03-2008 12:00 <DIR> Logitech
      29-09-2006 19:26 <DIR> MACROM~1 Macromedia
      22-09-2007 19:25 <DIR> MAILFR~1 MailFrontier
      30-12-2007 16:57 <DIR> MICROS~1 Microsoft
      20-08-2006 20:37 <DIR> NCHSWI~1 NCH Swift Sound
      02-03-2008 18:09 <DIR> Nero
      27-02-2008 12:31 <DIR> Nokia
      30-12-2007 16:55 <DIR> PCSUIT~1 PC Suite
      09-05-2008 14:16 <DIR> pdf995
      01-02-2007 20:21 <DIR> Pinnacle
      01-02-2007 20:22 <DIR> PINNAC~1 Pinnacle Studio
      07-05-2007 20:12 <DIR> QUICKT~1 QuickTime
      22-07-2007 19:59 <DIR> Raxco
      30-01-2006 20:36 <DIR> ScanSoft
      20-06-2007 20:39 <DIR> Skype
      21-08-2006 21:26 <DIR> SMARTS~1 SmartSound Software Inc
      30-01-2006 20:36 <DIR> SSSCAN~1 SSScanAppDataDir
      30-01-2006 20:37 <DIR> SSSCAN~2 SSScanWizard
      18-05-2008 10:17 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
      05-01-2006 18:52 <DIR> Support.com
      25-02-2007 18:41 <DIR> Symantec
      21-05-2008 18:20 <DIR> TEMP
      17-05-2007 19:18 <DIR> TUNEUP~1 TuneUp Software
      17-12-2005 21:43 <DIR> WINDOW~1 Windows Genuine Advantage
      22-12-2005 12:46 <DIR> Yahoo!
      0 bestand(en) 0 bytes
      45 map(pen) 82.733.449.216 bytes beschikbaar
      --------------------------------------------------------

      --------------------------------------------------------


      en




      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:51:46, on 22-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
      C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
      C:\WINDOWS\system32\PSIService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\UPHClean\uphclean.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\SPYWAREfighter\spfprc.exe
      C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\vsnpstd.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
      C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
      C:\WINDOWS\system32\taskswitch.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\SPYWAREfighter\spftray.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Cobian Backup 9\Cobian.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\MagicDisc\MagicDisc.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
      C:\Program Files\Cobian Backup 9\cbInterface.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\Outlook Express\MSIMN.EXE
      C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\qoeapp.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Flemming\Bureaublad\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail03.rivm.nl/ICSLogin/?"https://webmail03.rivm.nl/Mail/fcassee.nsf"
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar11.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar11.dll
      O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
      O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
      O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
      O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Cobian Backup 9] "C:\Program Files\Cobian Backup 9\Cobian.exe"
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
      O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O9 - Extra button: (no name) - AutorunsDisabled - (no file)
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
      O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
      O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
      O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail04.rivm.nl/iNotes6W.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204127256132
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://connect2.rivm.nl/net6helper.cab
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - http://www.virtuocity.eu/download/v213/virtuocity.cab
      O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://videoserver.brabant.nl/activex/AMC.cab
      O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{65029354-C2BF-4EEA-A32E-61C515EA8393}: NameServer = 192.168.1.254
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
      O23 - Service: Direct User Switching Service (DUST-Main) - Way Beyond Computing Ltd - C:\Program Files\Way Beyond Computing\DUST\DUSTsvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
      O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
      O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
      O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
      O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

      --
      End of file - 12107 bytes

      Comment


      • #4
        Graag gedaan hoor

        Doe dit nog:

        Je Java software is verouderd.
        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
        • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
        • Herhaal dit tot alle oudere versies verdwenen zijn.
        • Na het verwijderen van alle oudere versies, herstart je pc.
        • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Dan denk ik dat alles weer OK is.

        Groeten smeenk

        Comment


        • #5
          Nou dit is allemaal vlot gegaan. Ik krijg nu geen ongewenste schermen meer. Dank je wel voor je moeite. Waarom kunnen de standaard adaware/spysweepers dit niet aan?

          Dank

          Benwinie

          Comment


          • #6
            Graag gedaan hoor

            Volgens mij wijzigt deze infectie heel vaak waardoor scanners hem moeilijk detecteren.

            Comment


            • #7
              Overigens kan ik niets aanvinken aan Java om te verwijderen via Configuratie/Software. Er staat J2SE Runtime environment 5.0 update 6 (en alle 4 de vorige updates). Ik heb via het Java Control Panel een update uitgevoerd. Niet duidelijk of dat tot zelfde gewenste effect leidt. We zien wel.

              Groeten

              Benwinie

              Comment


              • #8
                Als de nieuwste java er maar op staat

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X