Vraag & Antwoord

Beveiliging & privacy

SecCenter\scprot4.exe virus! Hijackthis log

7 antwoorden
  • Hallo, Ik hoop dat jullie mij kunnen helpen. Elke keer als ik mijn computer opstart krijg ik van symantec antivirus programma het volgende: Threatfound: Downloader.MisleadApp Filename: C:\Program Files\SecCenter\scprot4.exe Action taken: Deleted Hierbij mijn Hijackscan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:54:19, on 16-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\nvsvc32.exe F:\PROGRA~1\MICROS~1\rapimgr.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [fkbupuvm] rundll32.exe "C:\Program Files\fkbupuvm\jarudwxy.dll",Init O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9029 bytes Alvast bedankt, Kuyichi
  • Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe][color=blue:a6a473f26b][b:a6a473f26b]RVAXO.exe[/b:a6a473f26b][/color:a6a473f26b][/url][list:a6a473f26b][*:a6a473f26b]Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken. [*:a6a473f26b]Open nu de map [b:a6a473f26b]RVAXO[/b:a6a473f26b] op je bureaublad en dubbeklik [b:a6a473f26b]RVAXO[/b:a6a473f26b].cmd Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [*:a6a473f26b][b:a6a473f26b]Mogelijk[/b:a6a473f26b] start er ook een uninstaller van een rogue scanner op, [b:a6a473f26b]sluit deze niet af[/b:a6a473f26b] maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen. [*:a6a473f26b]Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent: C:\[b:a6a473f26b]RVAXO-results.log[/b:a6a473f26b] [*:a6a473f26b]Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:a6a473f26b]doe dit dan handmatig[/b:a6a473f26b]. [*:a6a473f26b]Post de inhoud van de logfile in je volgende bericht.[/list:u:a6a473f26b] Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:a6a473f26b]Combofix[/b:a6a473f26b][/url] ([url=http://www.forospyware.com/sUBs/ComboFix.exe]mirror[/url]) naar je Bureaublad. Dubbelklik op [b:a6a473f26b]Combofix.exe[/b:a6a473f26b] Kies voor "Continue" door [b:a6a473f26b]1[/b:a6a473f26b] te typen gevolgd door [b:a6a473f26b]ENTER[/b:a6a473f26b]. Tijdens het runnen van de fix, [b:a6a473f26b]NIET[/b:a6a473f26b] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:a6a473f26b]combofix.txt[/b:a6a473f26b] openen. [i:a6a473f26b]Plaats deze log in je volgende post.[/i:a6a473f26b] NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • ---RVAXO.exe Updated: [color=red:50a694acc4]2008-01-16[/color:50a694acc4]---first run--- Files found: C:\WINDOWS\system32\ndaTqsVqrX.dll Uninstallers Rogue scanners: Folders Found: C:\Program Files\SecCenter C:\WINDOWS\ppqvmpqr Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: Folders Found: --------------RVAXO.exe finished---------------- ComboFix 08-01-17.5 - Maicoosje 2008-01-17 11:12:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.571 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Maicoosje\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red:50a694acc4][b:50a694acc4]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:50a694acc4][/color:50a694acc4] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\wfozypov.dll C:\Program Files\fkbupuvm C:\Program Files\fkbupuvm\jarudwxy.dll C:\Program Files\Hqzjzivu C:\Program Files\Hqzjzivu\gqowqvld.dll C:\Program Files\SecCenter C:\WINDOWS\system32\drvjun.dll C:\WINDOWS\system32\drvjunr.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))) . 2008-01-17 11:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-16 20:00 . 2008-01-16 20:00 <DIR> d-------- C:\RVAXO 2008-01-16 19:59 . 2008-01-16 09:28 608,867 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-01-16 19:59 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe 2008-01-16 18:51 . 2008-01-16 18:51 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-16 18:22 . 2008-01-16 18:22 <DIR> d-------- C:\Documents and Settings\Maicoosje\Application Data\TrojanHunter 2008-01-16 18:08 . 2008-01-16 18:38 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2008-01-16 14:40 . 2008-01-16 16:29 <DIR> d-------- C:\Program Files\XoftSpySE 2008-01-15 13:53 . 2008-01-15 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-05 00:55 . 2008-01-05 00:55 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-01-04 02:11 . 2008-01-04 22:39 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-04 00:45 . 2008-01-04 00:45 <DIR> d-------- C:\Documents and Settings\Maicoosje\Application Data\Nero 2008-01-04 00:38 . 2008-01-04 00:38 <DIR> d-------- C:\Program Files\Nero 2008-01-04 00:38 . 2008-01-04 00:41 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-01-04 00:38 . 2008-01-04 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-01-03 13:47 . 2008-01-03 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2007-12-26 22:28 . 2008-01-16 14:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-22 14:57 . 2008-01-16 18:37 <DIR> d-------- C:\Program Files\Hkvqumtf . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-17 10:11 --------- d-----w C:\Documents and Settings\Maicoosje\Application Data\uTorrent 2008-01-17 09:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-17 09:29 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-01-15 23:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-15 23:14 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-01-15 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-22 13:14 --------- d-----w C:\Documents and Settings\Maicoosje\Application Data\dvdcss 2007-12-16 11:31 --------- d-----w C:\Program Files\DivX 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-10 12:52 66,872 ----a-w C:\WINDOWS\system32\pnkbstra.exe 2007-12-10 12:18 22,328 ----a-w C:\Documents and Settings\Maicoosje\Application Data\PnkBstrK.sys 2007-12-10 12:07 --------- d-----w C:\Program Files\DAEMON Tools 2007-12-10 12:04 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-11-21 16:31 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-11-21 16:31 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-11-20 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-11-17 10:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-17 10:19 --------- d--h--r C:\Documents and Settings\Maicoosje\Application Data\SecuROM 2007-11-17 10:18 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2007-11-07 09:51 732,160 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-02 23:39 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-10-29 22:41 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 11:24 68856] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:34 1289000] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 16:01 68096 C:\WINDOWS\SOUNDMAN.EXE] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44 66680] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18 124128] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-17 11:24:38] R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 19:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c37bb5-1c4c-11dc-8475-00138f5e73a8}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 11:14:01 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-17 11:14:22 ComboFix-quarantined-files.txt 2008-01-17 10:14:14 . 2008-01-16 19:08:31 --- E O F ---
  • Open de map RVAXO op je bureaublad en dubbelklik [b:930d585258]Uninstall[/b:930d585258].cmd Dit zal alles van RVAXO doen verwijderen. Verwijder de volgende mappen: C:\[b:930d585258]Qoobox[/b:930d585258] C:\Program Files\[b:930d585258]Hkvqumtf[/b:930d585258] Maak dan je prullenbak leeg. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] ([url=http://www.majorgeeks.com/ATF_Cleaner_d4949.html]mirror[/url])(gemaakt door Atribune) [b:930d585258]Belangrijk:[/b:930d585258] Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken. Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:930d585258]Select All[/b:930d585258]. Klik op de knop [b:930d585258]Empty Selected[/b:930d585258]. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:930d585258]Select All[/b:930d585258]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:930d585258]Empty Selected[/b:930d585258]. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:930d585258]Select All[/b:930d585258]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:930d585258]Empty Selected[/b:930d585258]. Ga naar het tabblad "Main" en klik op de knop [b:930d585258]Exit[/b:930d585258] om het programma af te sluiten. Ga naar Start - Uitvoeren en geef hier het volgende in: [b:930d585258]Combofix /U[/b:930d585258] Druk daarna op OK. [b:930d585258][color=red:930d585258]Let op:[/color:930d585258][/b:930d585258] Er moet een spatie tussen [b:930d585258]Combofix[/b:930d585258] en [b:930d585258]/U[/b:930d585258] zitten. Dit zal Combofix deïnstalleren. Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Kijk hier hoe je je systeemherstel moet uitschakelen[/url]. Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel. Post als laatste nog een nieuw logje van Hijackthis ter controle ;)
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:29, on 17-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe F:\PROGRA~1\MICROS~1\rapimgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8888 bytes Is hij weer schoon?
  • Deze regel mag je nog verwijderen met Hijackthis: [b:efdaafdfbe]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)[/b:efdaafdfbe] Voor de rest ziet het er weer goed uit :)
  • Bedankt Smeenk! :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.