Vraag & Antwoord

Beveiliging & privacy

rightonadz

25 antwoorden
  • Hallo allemaal er komt steed een scherm in beeld beginnend met rightonadz. Virusscan helpt niet. Hoe kom ik daar vanaf? bvd.Leen
  • zoek de naam van het programma en verwijder het! meestal te vinden bij software en anders onder program files in verkenner is gewoon adware
  • Dank voor je snelle reactie, was het maar zo makkelijk.er staat niets bij.
  • Download [url=http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe]Hijackthis-setup[/url] naar je [u:0451b768dd]Bureaublad[/u:0451b768dd]. Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren. Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen. Kies nu voor [b:0451b768dd]'Do a system scan and save a logfile'[/b:0451b768dd]. Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:0451b768dd]ctrl-A[/b:0451b768dd]), kopieer ([b:0451b768dd]ctrl C[/b:0451b768dd]) en plak deze tekst in je volgende bericht. Succes! 8) Pim
  • Ik hoop dat ik het goed gedaan heb: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:47, on 25-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webshots\webshots.scr C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NU.nl Nieuwslezer\nunwslzr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 7080 bytes
  • oja ik heb gzmrotate in opstart uitgeschakeld!!!!
  • Is prima gegaan hoor! :) Start Hijackthis, kies voor [i:754f5f9c46]'Do a system scan only'[/i:754f5f9c46] en vink onderstaande regels aan: [b:754f5f9c46] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) [/b:754f5f9c46] Sluit nu [u:754f5f9c46]alle[/u:754f5f9c46] openstaande vensters, behalve Hijackthis en klik op [b:754f5f9c46]Fix Checked[/b:754f5f9c46]. Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe]RVAXO.exe[/url] [list:754f5f9c46] Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken. Open nu de map [b:754f5f9c46]RVAXO[/b:754f5f9c46] op je bureaublad en dubbeklik [b:754f5f9c46]RVAXO.cmd[/b:754f5f9c46] Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [b:754f5f9c46]Mogelijk[/b:754f5f9c46] start er ook een uninstaller van een rogue scanner op, [b:754f5f9c46]sluit deze niet[/b:754f5f9c46] af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen. Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent: C:\[b:754f5f9c46]RVAXO-results.log[/b:754f5f9c46] Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:754f5f9c46]doe dit dan handmatig[/b:754f5f9c46]. Post de inhoud van de logfile in je volgende bericht. [/list:u:754f5f9c46] Post nu de log van RVAXO en een vers Hijackthis log in je volgende bericht. Pim :)
  • ----------------RVAXO.exe first run------------- ----------------RVAXO.exe first run------------- Files found: C:\WINDOWS\system32\rightonadz-uninst.exe C:\WINDOWS\system32\adssite-remove.exe Uninstallers Rogue scanners: Folders Found: Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: Folders Found: --------------RVAXO.exe finished----------------
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:58:02, on 25-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 6250 bytes
  • Download [b:73b6698e21][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url][/b:73b6698e21] naar je [b:73b6698e21]bureaublad[/b:73b6698e21] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:73b6698e21]download Combofix opnieuw[/b:73b6698e21]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:73b6698e21]combofix.exe[/u:73b6698e21] Kies voor "Continue" door [b:73b6698e21]1[/b:73b6698e21] te typen gevolgd door [b:73b6698e21]ENTER[/b:73b6698e21]. Tijdens het runnen van de fix, [b:73b6698e21]NIET[/b:73b6698e21] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:73b6698e21]combofix.txt[/b:73b6698e21] openen. [i:73b6698e21]Plaats in je volgende antwoord het logje van combofix tesamen met een vers Hijackthis log. [/i:73b6698e21] Succes! Pim
  • ComboFix 07-11-19.3 - Windows 2007-11-25 22:11:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.209 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Windows\Application Data\inst.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))) . 2007-11-25 17:54 <DIR> d-------- C:\RVAXO 2007-11-25 17:47 467,087 --a------ C:\WINDOWS\system32\RVAXO.bat 2007-11-25 17:47 69,632 --a------ C:\WINDOWS\system32\remove.exe 2007-11-25 14:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-11-25 14:47 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\SUPERAntiSpyware.com 2007-11-25 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-25 14:22 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-25 14:05 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-25 01:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Comodo 2007-11-25 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-25 01:08 <DIR> d-------- C:\Program Files\Comodo 2007-11-23 18:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight 2007-11-22 20:20 <DIR> d-------- C:\Program Files\SurfRight 2007-11-22 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-11-22 19:48 <DIR> d-------- C:\Program Files\Wondershare 2007-11-20 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-18 20:05 <DIR> d-------- C:\Program Files\TKexeKalender 2007-11-18 20:05 299,008 --a------ C:\WINDOWS\Uninstall_tkexe.exe 2007-11-16 21:16 <DIR> d-------- C:\Program Files\Pointstone 2007-11-15 21:02 <DIR> d-------- C:\Program Files\Hyves Kwekker 2007-11-14 23:52 <DIR> d-------- C:\Program Files\Photomatix 2007-11-14 20:19 <DIR> d-------- C:\Program Files\QRPhotoDVDSlideshow 2007-11-14 20:19 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Vso 2007-11-14 20:19 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-14 20:19 47,360 --a------ C:\Documents and Settings\Windows\Application Data\pcouffin.sys 2007-11-10 19:44 <DIR> d-------- C:\Program Files\Zards software 2007-11-03 12:10 <DIR> d-------- C:\WINDOWS\Solar System - Earth 3D 2007-11-03 12:10 16,542,720 --a------ C:\WINDOWS\Solar System - Earth 3D Screensaver.exe 2007-11-03 12:10 294,912 --a------ C:\WINDOWS\Solar System - Earth 3D Screensaver.scr 2007-10-31 20:40 <DIR> d-------- C:\WINDOWS\MetaCreations 2007-10-31 20:39 <DIR> d-------- C:\Program Files\SuperGOO 2007-10-31 20:39 302,592 --a------ C:\WINDOWS\unin0407.exe 2007-10-29 16:36 <DIR> d-------- C:\Program Files\Common Files\Ankiro 2007-10-29 16:35 <DIR> d-------- C:\Program Files\SPAMfighter 2007-10-29 16:35 <DIR> d-------- C:\Program Files\Common Files\Application 2007-10-27 09:04 <DIR> d-------- C:\Program Files\MOJOSOFT 2007-10-27 09:04 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\mojosoft 2007-10-26 09:44 <DIR> d-------- C:\Program Files\Give Away Of The Day 2007-10-26 09:44 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-26 09:44 84,736 --a------ C:\WINDOWS\system32\drivers\StarPortLite.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 20:00 --------- d-----w C:\Documents and Settings\Windows\Application Data\Skype 2007-11-25 19:12 --------- d-----w C:\Documents and Settings\Windows\Application Data\AVG7 2007-11-25 16:57 --------- d-----w C:\Program Files\Hitman Pro 2007-11-25 13:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-22 22:45 --------- d-----w C:\Program Files\Spyware Doctor 2007-11-22 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-22 19:31 --------- d-----w C:\Program Files\SpywareBlaster 2007-11-19 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-10-29 22:54 --------- d-----w C:\Program Files\IrfanView 2007-10-24 18:40 --------- d-----w C:\Program Files\FeedReader30 2007-10-21 18:05 --------- d-----w C:\Documents and Settings\Windows\Application Data\Uniblue 2007-10-21 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-21 16:11 --------- d-----w C:\Program Files\Reallusion 2007-10-21 16:11 --------- d-----w C:\Documents and Settings\Windows\Application Data\InstallShield 2007-10-18 19:23 --------- d-----w C:\Program Files\2nd Speech Center 2007-10-15 18:46 27,648 ----a-w C:\WINDOWS\instearth.exe 2007-10-07 18:12 --------- d-----w C:\Program Files\Astro Gemini Software 2007-10-03 18:48 --------- d-----w C:\Documents and Settings\Windows\Application Data\Feedreader 2007-09-29 18:29 --------- d-----w C:\Documents and Settings\Windows\Application Data\Eltima Software 2007-09-29 18:28 --------- d-----w C:\Program Files\Advanced Registry Doctor 2007-09-29 18:26 --------- d-----w C:\Program Files\Skype Recorder 2007-09-29 18:23 --------- d-----w C:\Program Files\Kiyut 2007-09-29 17:52 --------- d-----w C:\Documents and Settings\Windows\Application Data\.citra 2007-09-26 11:06 --------- d-----w C:\Program Files\ASTRA32 2007-09-20 12:43 253,952 ----a-w C:\WINDOWS\system32\Photomatix25Lib2.dll 2007-09-17 15:02 266,240 ----a-w C:\WINDOWS\system32\Photomatix25Lib.dll 2007-09-06 04:35 95,525 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:25] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2004-12-26 12:10] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NU.nl Nieuwslezer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NU.nl Nieuwslezer.lnk backup=C:\WINDOWS\pss\NU.nl Nieuwslezer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Windows^Menu Start^Programma's^Opstarten^Webshots.lnk] path=C:\Documents and Settings\Windows\Menu Start\Programma's\Opstarten\Webshots.lnk backup=C:\WINDOWS\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 01:03 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start] C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2001-12-12 01:40 196608 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series] 2006-07-13 06:21 57344 --a------ C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\WINDOWS\system32\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 20:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder] C:\Program Files\Skype Recorder\Skype Recorder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe update delay 60 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-16 20:30 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys S2 ZLZXPWMN;ZLZXPWMN;\??\C:\WINDOWS\system32\zlzxpwmn.jbv S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac35b5e-92ea-11dc-a59f-000c763b201f}] \Shell\AutoRun\command - F:\setupSNK.exe *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2007-11-25 20:26:00 C:\WINDOWS\Tasks\dfrg.job" - C:\WINDOWS\system32\dfrg.msc "2007-11-20 18:55:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-21 17:55:44 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 22:13:53 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-11-25 22:14:58 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:19:01, on 25-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 6217 bytes
  • Ga naar de website van jotti: http://virusscan.jotti.org/ In het venster 'File to upload & scan' kopieer je het volgende: [b:5d518897fe]C:\WINDOWS\system32\zlzxpwmn.jbv [/b:5d518897fe] Klik vervolgens op Submit en plaats de uitslag in je volgende post. Herhaal dit voor: [b:5d518897fe] C:\WINDOWS\system32\drivers\ctredrv.sys [/b:5d518897fe] Pim :)
  • The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file Beste Pim ik heb alles uitgeschakeld staan en nog vind hij het niet en komt met bovenstaande regel. Ik heb ook zelf gegeken maar kan het ook niet vinden in systeem 32 ( Je bent er maar druk mee ) Gr.Leen.
  • Last file scanned at least one scanner reported something about: USD_1.34.8_BlackManos_Pack_13.42.rar (MD5: 7d993ca8745b943b56854171aa9a65ec, size: 7778096 bytes), detected by: Scanner Malware name A-Squared X AntiVir X ArcaVir X Avast X AVG Antivirus Dropper.Delf.OU BitDefender X ClamAV X CPsecure X Dr.Web Trojan.MulDrop.9120 F-Prot Antivirus X F-Secure Anti-Virus X Fortinet X Ikarus X Kaspersky Anti-Virus X NOD32 X Norman Virus Control X Panda Antivirus X Rising Antivirus X Sophos Antivirus X VirusBuster X VBA32 Trojan.MulDrop.9120
  • ComboFix 07-11-19.4 - Windows 2007-11-26 14:26:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.215 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))) . 2007-11-25 17:54 <DIR> d-------- C:\RVAXO 2007-11-25 17:47 467,087 --a------ C:\WINDOWS\system32\RVAXO.bat 2007-11-25 17:47 69,632 --a------ C:\WINDOWS\system32\remove.exe 2007-11-25 14:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-11-25 14:47 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\SUPERAntiSpyware.com 2007-11-25 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-25 14:22 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-25 14:05 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-25 01:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Comodo 2007-11-25 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-25 01:08 <DIR> d-------- C:\Program Files\Comodo 2007-11-23 18:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight 2007-11-22 20:20 <DIR> d-------- C:\Program Files\SurfRight 2007-11-22 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-11-22 19:48 <DIR> d-------- C:\Program Files\Wondershare 2007-11-20 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-18 20:05 <DIR> d-------- C:\Program Files\TKexeKalender 2007-11-18 20:05 299,008 --a------ C:\WINDOWS\Uninstall_tkexe.exe 2007-11-16 21:16 <DIR> d-------- C:\Program Files\Pointstone 2007-11-15 21:02 <DIR> d-------- C:\Program Files\Hyves Kwekker 2007-11-14 23:52 <DIR> d-------- C:\Program Files\Photomatix 2007-11-14 20:19 <DIR> d-------- C:\Program Files\QRPhotoDVDSlideshow 2007-11-14 20:19 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Vso 2007-11-14 20:19 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-14 20:19 47,360 --a------ C:\Documents and Settings\Windows\Application Data\pcouffin.sys 2007-11-10 19:44 <DIR> d-------- C:\Program Files\Zards software 2007-11-03 12:10 <DIR> d-------- C:\WINDOWS\Solar System - Earth 3D 2007-11-03 12:10 16,542,720 --a------ C:\WINDOWS\Solar System - Earth 3D Screensaver.exe 2007-11-03 12:10 294,912 --a------ C:\WINDOWS\Solar System - Earth 3D Screensaver.scr 2007-10-31 20:40 <DIR> d-------- C:\WINDOWS\MetaCreations 2007-10-31 20:39 <DIR> d-------- C:\Program Files\SuperGOO 2007-10-31 20:39 302,592 --a------ C:\WINDOWS\unin0407.exe 2007-10-29 16:36 <DIR> d-------- C:\Program Files\Common Files\Ankiro 2007-10-29 16:35 <DIR> d-------- C:\Program Files\SPAMfighter 2007-10-29 16:35 <DIR> d-------- C:\Program Files\Common Files\Application 2007-10-27 09:04 <DIR> d-------- C:\Program Files\MOJOSOFT 2007-10-27 09:04 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\mojosoft 2007-10-26 09:44 <DIR> d-------- C:\Program Files\Give Away Of The Day 2007-10-26 09:44 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-26 09:44 84,736 --a------ C:\WINDOWS\system32\drivers\StarPortLite.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-26 11:20 --------- d-----w C:\Documents and Settings\Windows\Application Data\AVG7 2007-11-25 22:52 --------- d-----w C:\Documents and Settings\Windows\Application Data\Skype 2007-11-25 16:57 --------- d-----w C:\Program Files\Hitman Pro 2007-11-25 13:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-22 22:45 --------- d-----w C:\Program Files\Spyware Doctor 2007-11-22 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-22 19:31 --------- d-----w C:\Program Files\SpywareBlaster 2007-11-19 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-10-29 22:54 --------- d-----w C:\Program Files\IrfanView 2007-10-24 18:40 --------- d-----w C:\Program Files\FeedReader30 2007-10-21 18:05 --------- d-----w C:\Documents and Settings\Windows\Application Data\Uniblue 2007-10-21 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-21 16:11 --------- d-----w C:\Program Files\Reallusion 2007-10-21 16:11 --------- d-----w C:\Documents and Settings\Windows\Application Data\InstallShield 2007-10-18 19:23 --------- d-----w C:\Program Files\2nd Speech Center 2007-10-15 18:46 27,648 ----a-w C:\WINDOWS\instearth.exe 2007-10-07 18:12 --------- d-----w C:\Program Files\Astro Gemini Software 2007-10-03 18:48 --------- d-----w C:\Documents and Settings\Windows\Application Data\Feedreader 2007-09-29 18:29 --------- d-----w C:\Documents and Settings\Windows\Application Data\Eltima Software 2007-09-29 18:28 --------- d-----w C:\Program Files\Advanced Registry Doctor 2007-09-29 18:26 --------- d-----w C:\Program Files\Skype Recorder 2007-09-29 18:23 --------- d-----w C:\Program Files\Kiyut 2007-09-29 17:52 --------- d-----w C:\Documents and Settings\Windows\Application Data\.citra 2007-09-26 11:06 --------- d-----w C:\Program Files\ASTRA32 2007-09-20 12:43 253,952 ----a-w C:\WINDOWS\system32\Photomatix25Lib2.dll 2007-09-17 15:02 266,240 ----a-w C:\WINDOWS\system32\Photomatix25Lib.dll 2007-09-06 04:35 95,525 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:25] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2004-12-26 12:10] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NU.nl Nieuwslezer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NU.nl Nieuwslezer.lnk backup=C:\WINDOWS\pss\NU.nl Nieuwslezer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Windows^Menu Start^Programma's^Opstarten^Webshots.lnk] path=C:\Documents and Settings\Windows\Menu Start\Programma's\Opstarten\Webshots.lnk backup=C:\WINDOWS\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 01:03 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start] C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2001-12-12 01:40 196608 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series] 2006-07-13 06:21 57344 --a------ C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\WINDOWS\system32\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 20:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder] C:\Program Files\Skype Recorder\Skype Recorder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe update delay 60 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-16 20:30 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys S2 ZLZXPWMN;ZLZXPWMN;\??\C:\WINDOWS\system32\zlzxpwmn.jbv S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac35b5e-92ea-11dc-a59f-000c763b201f}] \Shell\AutoRun\command - F:\setupSNK.exe . Inhoud van de 'Gedeelde Taken' map "2007-11-25 20:26:00 C:\WINDOWS\Tasks\dfrg.job" - C:\WINDOWS\system32\dfrg.msc "2007-11-20 18:55:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-21 17:55:44 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-26 14:29:22 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-11-26 14:30:41 C:\ComboFix2.txt ... 2007-11-25 22:15 . --- E O F ---
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:52, on 26-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 6201 bytes
  • Ik heb maar vast een systeemscan gemaakt ik hoop dat je er verder mee kan? Groeten Leen.
  • Weet je zeker dat je de goede file hebt geupload 8) USD_1.34.8_BlackManos_Pack_13.42.rar Hoe is het inmiddels met je problemen? Pim
  • [ Hoe is het inmiddels met je problemen? Pim[/quote Het vervelende scherm komt niet meer in beeld de computer is nog wat traag en soms opent hij niet helemaal een site en geeft dan aan dat ik het afsluiten moet. Ben net klaar met superantispyware draaien er zaten 19 adware files in en die heb ik verweiderd waaronder 4 belangrijke de rest was cookies: Adware.AdRotator/RightOnz C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP1\A0000017.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000309.EXE Unclassified.Unknown Origin C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000291.DLL Adware.AdRotator/AdsSite C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000310.EXE
  • Die files zitten in je systeemherstel, daar doen we later wel wat aan :) Doe het volgende nog even: Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner[/url] (by Atribune) Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19]. Klik op de knop [b:7925a57c19]Empty Selected[/b:7925a57c19]. Het volgende doen als je ook [u:7925a57c19]FireFox[/u:7925a57c19] als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:7925a57c19]Empty Selected.[/b:7925a57c19] Het volgende doen als je ook [u:7925a57c19]Opera[/u:7925a57c19] als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:7925a57c19]Empty Selected[/b:7925a57c19]. Ga naar het tabblad "Main" en klik op de knop [b:7925a57c19]Exit[/b:7925a57c19] om het programma af te sluiten. Heeft het geholpen? Pim

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.