Mededeling

Collapse
No announcement yet.

banneradsgalore

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • banneradsgalore

    Hallo ik heb sinds een paar dagen last van deze storende "inbreker".
    Onderstaand mijn logfile. Ik hoop dat iemand me kan helpen.

    Groetjes Ad
    ............................................

    Logfile of HijackThis v1.99.1
    Scan saved at 10:49:39, on 25-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\DAP\DAP.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Nuria\Nuria.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\MailWasher\MailWasher.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\My Completed Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: banneradsgalore browser optimizer - {7e8403a5-c77e-784d-d29e-c535f2bf61e6} - C:\WINDOWS\system32\{f0ca3055-b0d6-bd9b-6b42-ef7a9312e3fd}.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VisiURL] C:\Program Files\Visiscan\VisiURL.exe
    O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_08_silver_Filmpjes_nl_Edition\TrayServer.exe
    O4 - HKLM\..\Run: [{5003af4c-d270-1846-4d95-f6b23b9544bc}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{f0ca3055-b0d6-bd9b-6b42-ef7a9312e3fd}.dll" DllInit
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

    Comment


    • #3
      Hallo,

      Je gebruikt een oude versie van HijackThis. Best dat je eerst update naar de nieuwste versie: http://www.trendsecure.com/portal/en...HJTInstall.exe

      Sluit alle open vensters, zeker deze van je browser (internet explorer)
      Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

      O2 - BHO: banneradsgalore browser optimizer - {7e8403a5-c77e-784d-d29e-c535f2bf61e6} - C:\WINDOWS\system32\{f0ca3055-b0d6-bd9b-6b42-ef7a9312e3fd}.dll
      O4 - HKLM\..\Run: [{5003af4c-d270-1846-4d95-f6b23b9544bc}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{f0ca3055-b0d6-bd9b-6b42-ef7a9312e3fd}.dll" DllInit


      Klik daarna op "Fix checked" en sluit HijackThis af.

      Herstart de computer.

      Start HijackThis opnieuw, maak een nieuwe log en post deze.

      Comment


      • #4
        Hallo Smeenk,
        bedankt voor snelle reactie.
        Onderstaand de beide logjes.
        Groet, Ad

        ---RVAXO.exe Updated: 2008-05-21---first run---
        Uninstallers:

        Files found:
        C:\WINDOWS\System32\{f0ca3055-b0d6-bd9b-6b42-ef7a9312e3fd}.dll
        C:\WINDOWS\System32\{f0ca3055-b0d6-bd9b-6b42-ef7a9312e3fd}.dll-uninst.exe

        Folders Found:
        C:\Program Files\Adzgalore Games Collection

        Hosts-file was reset, If you use a custom hosts file please replace it...

        --------------RVAXO.exe last run---------------
        Not deleted items:

        --------------RVAXO.exe finished----------------

        ///////////////////////////////////////////////////////////////////

        ======C:\WINDOWS====
        ----a-w 0 2008-05-25 09:16:02 C:\WINDOWS\0.log
        ----a-w 403,794 2008-05-21 22:34:13 C:\WINDOWS\469.exe
        --s-a-w 2,048 2008-05-25 09:25:30 C:\WINDOWS\bootstat.dat
        ----a-w 944 2008-05-20 20:42:33 C:\WINDOWS\IE4 Error Log.txt
        ----a-w 51 2008-05-25 09:15:28 C:\WINDOWS\iTouch.ini
        ----a-w 116 2008-04-22 18:57:08 C:\WINDOWS\NeroDigital.ini
        ----a-w 279,214 2008-05-25 09:18:13 C:\WINDOWS\ntbtlog.txt
        ----a-w 32,604 2008-05-25 09:17:08 C:\WINDOWS\SchedLgU.Txt
        ----a-w 112,901 2008-05-24 11:10:33 C:\WINDOWS\setupapi.log
        ----a-w 267 2008-04-22 18:56:24 C:\WINDOWS\videodeLuxe.INI
        ----a-w 157 2008-05-25 09:25:56 C:\WINDOWS\wiadebug.log
        ----a-w 49 2008-05-25 09:25:57 C:\WINDOWS\wiaservc.log
        ----a-w 1,891,049 2008-05-25 09:17:08 C:\WINDOWS\WindowsUpdate.log
        ----a-w 113,443 2008-04-29 18:07:05 C:\WINDOWS\wmsetup.log

        Entries: 14 (13)
        Directories: 0 Files: 14
        Bytes: 2,836,637 Blocks: 5,547
        ======C:\WINDOWS\system32=====
        ----a-w 6,300 2008-05-23 16:29:25 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
        ----a-w 50,239 2008-05-25 09:15:29 C:\WINDOWS\System32\nvapps.xml
        ----a-w 826,539 2008-05-21 10:16:14 C:\WINDOWS\System32\RVAXO.bat
        ----a-w 2,206 2008-05-11 11:26:58 C:\WINDOWS\System32\wpa.dbl

        Entries: 4 (4)
        Directories: 0 Files: 4
        Bytes: 885,284 Blocks: 1,732
        ======C:\WINDOWS\system32\drivers=====
        Entries: 0 (0)
        Directories: 0 Files: 0
        Bytes: 0 Blocks: 0
        =======C:\Program Files=====
        Entries: 0 (0)
        Directories: 0 Files: 0
        Bytes: 0 Blocks: 0
        =======C:=====
        ----a-w 398 2008-05-25 09:21:15 C:\firstrun6.log
        --sha-w 536,399,872 2008-05-25 09:25:26 C:\hiberfil.sys
        --sha-w 805,306,368 2008-05-25 09:25:25 C:\pagefile.sys
        ----a-w 755 2008-05-22 14:59:14 C:\pcbadres.log
        ----a-w 533 2008-05-25 09:25:55 C:\RVAXO-results.log
        ----a-w 2,016 2008-05-25 09:25:58 C:\RVAXO-Vfind.log

        Entries: 6 (4)
        Directories: 0 Files: 6
        Bytes: 1,341,709,942 Blocks: 2,620,529
        ======C:\Documents and Settings\Ad\Application Data======
        Entries: 0 (0)
        Directories: 0 Files: 0
        Bytes: 0 Blocks: 0
        ======C:\Documents and Settings\Ad======
        ----a-w 82 2008-04-22 18:57:08 C:\Documents and Settings\Ad\default.pls
        ----a-w 3,263 2008-05-25 09:07:39 C:\Documents and Settings\Ad\intlname.ols
        ----a-w 7,864,320 2008-05-25 09:24:45 C:\Documents and Settings\Ad\NTUSER.DAT
        ---ha-w 102,400 2008-05-25 09:25:56 C:\Documents and Settings\Ad\ntuser.dat.LOG
        --sh--w 288 2008-05-25 09:17:07 C:\Documents and Settings\Ad\ntuser.ini

        Entries: 5 (3)
        Directories: 0 Files: 5
        Bytes: 7,970,353 Blocks: 15,569
        ======C:\WINDOWS\Downloaded Program Files====
        Entries: 0 (0)
        Directories: 0 Files: 0
        Bytes: 0 Blocks: 0
        =============

        Comment


        • #5
          Oorspronkelijk geplaatst door Marckie Bekijk Berichten
          Hallo,

          Je gebruikt een oude versie van HijackThis. Best dat je eerst update naar de nieuwste versie: http://www.trendsecure.com/portal/en...HJTInstall.exe

          Sluit alle open vensters, zeker deze van je browser (internet explorer)
          Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

          O2 - BHO: banneradsgalore browser optimizer - {7e8403a5-c77e-784d-d29e-c535f2bf61e6} - C:\WINDOWS\system32\{f0ca3055-b0d6-bd9b-6b42-ef7a9312e3fd}.dll
          O4 - HKLM\..\Run: [{5003af4c-d270-1846-4d95-f6b23b9544bc}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{f0ca3055-b0d6-bd9b-6b42-ef7a9312e3fd}.dll" DllInit


          Klik daarna op "Fix checked" en sluit HijackThis af.

          Herstart de computer.

          Start HijackThis opnieuw, maak een nieuwe log en post deze.
          Doe dat ook maar even

          Comment

          Sorry, you are not authorized to view this page
          Working...
          X