Vraag & Antwoord

Beveiliging & privacy

trojans,sysdefender etc.

Anoniem
juisterr
48 antwoorden
  • steeds weer allerlei troep op min pc komt telekens weer terug. scan met AVG, Ad-aware gedaan. ook Combofix.

    Hier mijn log, wat betekenen de verwijzinegn bij 021?

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 00:58, on 2008-02-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\WINDOWS.2\system32\WgaTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS.2\explorer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\WINDOWS.2\system32\taskmgr.exe
    C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\beveiliging\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll (file missing)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service')
    O4 - Startup: kfn.exe
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: Users
    O4 - Startup: FreeMem.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O15 - Trusted Zone: www.euroface.nl
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab
    O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{24B934A3-E9DA-4B4F-8527-2898E7CDB456}: NameServer = 85.255.115.59,85.255.112.121
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F017ADC3-E4B8-431E-972E-40B28A4BC86A}: NameServer = 85.255.115.59,85.255.112.121
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.59 85.255.112.121
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll
    O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll
    O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll
    O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll
    O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll
    O21 - SSODL: zip - {fe8b6a42-c5fb-4510-9b91-2f0111c2d77c} - C:\WINDOWS.2\Installer\{fe8b6a42-c5fb-4510-9b91-2f0111c2d77c}\zip.dll
    O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll


    End of file - 9877 bytes
  • Opzich ziet't er niet zo verkeerd uit geloof ik.. tenminste.. ik heb erger gezien. de HPZipm12.exe zou je kunnen uitzetten in startup. evenals de jusched.exe.
    je zou ook eens kunnen kijken op: http://support.f-secure.com/enu/home/ols.shtml

    Ik ben zeer tevreden met deze scanner. Ik heb een soort van test pc zegmaar, waar ik regelmatig een hele berg troep binnen krijg. deze scanner heeft me nog nooit in de steek gelaten. in tegenstelling van alle geinstalleerde scanners die ik ooit heb gehad.
  • Je maakt een grapje eduard, ik zie zo al op het eerste gezicht een wareout infectie
  • Hallo,


    [i:a170e166af]Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
    (kopieer de tekst naar bijv. Word en print dit uit)[/i:a170e166af]

    Download
  • Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:25, on 2008-02-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\WINDOWS.2\system32\WgaTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS.2\system32\taskmgr.exe
    C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\beveiliging\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service')
    O4 - Startup: kfn.exe
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: Users
    O4 - Startup: FreeMem.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - Software - (no file)
    O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O15 - Trusted Zone: www.euroface.nl
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab
    O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll
    O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll
    O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll
    O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll
    O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll
    O21 - SSODL: zip - {fe8b6a42-c5fb-4510-9b91-2f0111c2d77c} - C:\WINDOWS.2\Installer\{fe8b6a42-c5fb-4510-9b91-2f0111c2d77c}\zip.dll
    O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll


    End of file - 9074 bytes

    Username "Henk Grim" - 2008-02-12 10:10:51 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.115.59 85.255.112.121" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{24B934A3-E9DA-4B4F-8527-2898E7CDB456}
    "nameserver"="85.255.115.59,85.255.112.121" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F017ADC3-E4B8-431E-972E-40B28A4BC86A}
    "nameserver"="85.255.115.59,85.255.112.121" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{24B934A3-E9DA-4B4F-8527-2898E7CDB456}
    "DhcpNameServer"="85.255.115.59,85.255.112.121" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B0F9A678-029D-4E27-9AC3-FD2A6A4AC106}
    "DhcpNameServer"="85.255.115.59,85.255.112.121" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F017ADC3-E4B8-431E-972E-40B28A4BC86A}
    "DhcpNameServer"="85.255.115.59,85.255.112.121" <Value cleared.

    De DNS-omzettingscache is leeggemaakt.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ….
    ….
    ~~~~~ Misc files.
    ….
    ~~~~~ Checking for older varients.
    ….

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "Spamihilator"="\"C:\\Program Files\\Spamihilator\\spamihilator.exe\""
    "CS Engineering Desktop Gateway (HDN)"="C:\\Program Files\\CS Engineering\\Dtgw\\dtgw.exe"
    "McAfee Managed Services Tray"="\"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myagttry.exe\""
    "MVS Splash"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\Splash.exe"
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\AutorunsDisabled]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "Spamihilator"="\"C:\\Program Files\\Spamihilator\\spamihilator.exe\""
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    "RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
    ….
    Hosts file was reset, If you use a custom hosts file please replace it…
    ~~~~~ End report ~~~~~
  • en nog even bij vermelden.
    hij zegt ook steeds naar opstarten computer als alles geladen is , dat hij een bestand niet kan vinden, iets met s3.cookingluck.com
  • Dat ziet er al beter uit, zit u toevallig op een bedrijfs netwerk ?
  • nee, kunnen trouwens de vermeldingen in hijachthislog onder 021 geen kwaad.
  • Kwaad is een groot woord.


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:2f99f3caea]
    O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll
    O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll
    O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll
    O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll
    O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll
    O21 - SSODL: zip - {fe8b6a42-c5fb-4510-9b91-2f0111c2d77c} - C:\WINDOWS.2\Installer\{fe8b6a42-c5fb-4510-9b91-2f0111c2d77c}\zip.dll
    O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll

    [/b:2f99f3caea]
    Klik op 'Fix checked' om de items te verwijderen.

    vertel even hoe het nu gaat aub.
  • kan die bestanden niet fixen en kreeg ook een rare melding.
    heb ik een nieuwe hijach gedownload en bij deze de log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:48, on 2008-02-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS.2\system32\WgaTray.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\WINDOWS.2\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service')
    O4 - Startup: kfn.exe
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: Users
    O4 - Startup: FreeMem.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - Software - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O15 - Trusted Zone: www.euroface.nl
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab
    O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll
    O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll
    O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll
    O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll
    O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll
    O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll
    O21 - SSODL: zip - {15f9f5ea-b65e-4665-b918-52e45a44d55f} - C:\WINDOWS.2\Installer\{15f9f5ea-b65e-4665-b918-52e45a44d55f}\zip.dll
    O21 - SSODL: SysRom - {4c0ccfbf-5ebc-4ec6-890c-383eacf43e45} - C:\WINDOWS.2\Installer\{4c0ccfbf-5ebc-4ec6-890c-383eacf43e45}\SysRom.dll
    O21 - SSODL: DriveKernel - {bf1d6ad9-0a6d-498a-a033-9e83a190f4f3} - C:\WINDOWS.2\Installer\{bf1d6ad9-0a6d-498a-a033-9e83a190f4f3}\DriveKernel.dll
    O21 - SSODL: UnknownSys - {46fff31d-d617-46a0-be50-69d2c63154f3} - C:\WINDOWS.2\Installer\{46fff31d-d617-46a0-be50-69d2c63154f3}\UnknownSys.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Beveiligingsservice tegen virussen en spyware (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: Universele Plug en Play-apparaathost upnphostlanmanserver (upnphostlanmanserver) - Unknown owner - C:\WINDOWS.2\system32\vgan.exe


    End of file - 11331 bytes
  • 1) Open een kladblokbestand.
    2) Kopieer onderstaande code in dit kladblokbestand.
    3) Ga naar Bestand - Opslaan als.
    -Bij "Opslaan in" kies je: Bureaublad
    -Bij "Bestandsnaam" zet je: fix.reg
    -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    -Klik op de knop Opslaan.

    [code:1:f8d51e710b]
    REGEDIT4


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PrxCheck"=-
    "AlrtRunOnce"=-
    "ChkVolume"=-
    "ChkBoot"=-
    "MonKbd"=-
    "zip"=-
    "CheckAvp"=-
    [/code:1:f8d51e710b]
    4)

    Sla dit op als [b:f8d51e710b]fix.reg[/b:f8d51e710b] kies voor opslaan als *alle bestanden en plaats het op je bureaublad.
    Zo moet die regfix er nadien uitzien: [img:f8d51e710b]http://users.telenet.be/bluepatchy/miekiemoes/images
    eg.gif[/img:f8d51e710b]
    Dubbelklik erop.
    Bij de vraag of je het wilt toevoegen aan het register, klik je op ja/ok.

    plaats even een nieuw HJT logje aub
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:39, on 2008-02-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS.2\system32\WgaTray.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\WINDOWS.2\explorer.exe
    C:\Program Files\Efdece\NWP\Client
    wp.exe
    C:\PROGRA~1\Efdece\NWP\Server\EFDECE~1.EXE
    C:\WINDOWS.2\system32\taskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqDIREC.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\GUI.exe
    C:\WINDOWS.2\system32\mstsc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service')
    O4 - Startup: kfn.exe
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: Users
    O4 - Startup: FreeMem.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - Software - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O15 - Trusted Zone: www.euroface.nl
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab
    O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O21 - SSODL: SysRom - {4c0ccfbf-5ebc-4ec6-890c-383eacf43e45} - C:\WINDOWS.2\Installer\{4c0ccfbf-5ebc-4ec6-890c-383eacf43e45}\SysRom.dll
    O21 - SSODL: DriveKernel - {bf1d6ad9-0a6d-498a-a033-9e83a190f4f3} - C:\WINDOWS.2\Installer\{bf1d6ad9-0a6d-498a-a033-9e83a190f4f3}\DriveKernel.dll
    O21 - SSODL: UnknownSys - {46fff31d-d617-46a0-be50-69d2c63154f3} - C:\WINDOWS.2\Installer\{46fff31d-d617-46a0-be50-69d2c63154f3}\UnknownSys.dll
    O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll
    O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll
    O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll
    O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll
    O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll
    O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll
    O21 - SSODL: zip - {15f9f5ea-b65e-4665-b918-52e45a44d55f} - C:\WINDOWS.2\Installer\{15f9f5ea-b65e-4665-b918-52e45a44d55f}\zip.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Beveiligingsservice tegen virussen en spyware (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: Universele Plug en Play-apparaathost upnphostlanmanserver (upnphostlanmanserver) - Unknown owner - C:\WINDOWS.2\system32\vgan.exe


    End of file - 11914 bytes
  • Ok anders.


    Download [b:b6f1bc465c]Combofix[/b:b6f1bc465c] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:b6f1bc465c]download Combofix opnieuw[/b:b6f1bc465c]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:b6f1bc465c]
    Dubbelklik op [b:b6f1bc465c]Combofix.exe[/b:b6f1bc465c]
    Volg de instructies, aanvaard de disclaimer door [b:b6f1bc465c]1[/b:b6f1bc465c] (continue) te typen, gevolgd door [b:b6f1bc465c]ENTER[/b:b6f1bc465c].
    Tijdens het runnen van de fix, [b:b6f1bc465c]NIET[/b:b6f1bc465c] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:b6f1bc465c]
    Wanneer de fix voltooid is en na herstart, zal de log [b:b6f1bc465c]combofix.txt[/b:b6f1bc465c] openen.
    [i:b6f1bc465c]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:b6f1bc465c]
  • ComboFix 08-02-13.1 - Henk Grim 2008-02-12 22:10:57.18 -
  • Verwijder ComboFix via [b:859c910f22]Start[/b:859c910f22] > [b:859c910f22]Uitvoeren[/b:859c910f22], kopiëer en plak [b:859c910f22]Combofix /U[/b:859c910f22] klik op OK of toets Enter.
    Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

    [img:859c910f22]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:859c910f22]


    Wil je dan eerst dit tooltje laten runnen aub.
    Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik [b:859c910f22]RVAXO.cmd[/b:859c910f22]
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [b:859c910f22]Mogelijk[/b:859c910f22] start er ook een uninstaller van een rogue scanner op, [b:859c910f22]sluit deze niet af[/b:859c910f22] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\[b:859c910f22]RVAXO-results.log[/b:859c910f22]
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstart je PC niet?

    Laat [b:859c910f22]RVAXO[/b:859c910f22] nog een keer lopen en post dan het nieuwe logje: [b:859c910f22]C:\rvaxo-results.log [/b:859c910f22]
  • Topicstarter heeft RVAXO al gebruikt, verwijder daarom eerst de oude versie van RVAXO.
    Open daarvoor de map RVAXO op je bureaublad en dubbelklik [b:438fec62f4]Uninstall[/b:438fec62f4].cmd

    Download RVAXO dan opnieuw:
  • eerst even een samenvatting wat hij deed vanmorgen bij opnieuw opstarten . en eigenlijk steeds doet. Ik krijg met namelijk eerst een melding dat hij zoekt naar iets van s3.cookingluck.com. Als ik AVG draai dan kom ik het trojan.Qhost virus tegen , hij kan dit niet verwijderen. Google neemt volgens mij andere pagina's aan dus.Ook meldingen van systemdefender, syscleaner en windows security center.

    In de volgende post de logjes.
  • RVAXO kan ik wel downloaden maar niet openen!
  • U had hem toch wel eerst helemaal verwijderd toch.

    Het heeft echt geen zin om met andere scanners dan die ik aanbied te scannen want die krijgen het toch niet weg.

    Open de map RVAXO op je bureaublad en dubbelklik [b:600748626f]Uninstall.cmd[/b:600748626f]
    Dit zal alles van RVAXO doen verwijderen.

    Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik [b:600748626f]RVAXO.cmd[/b:600748626f]
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [b:600748626f]Mogelijk[/b:600748626f] start er ook een uninstaller van een rogue scanner op, [b:600748626f]sluit deze niet af[/b:600748626f] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\[b:600748626f]RVAXO-results.log[/b:600748626f]
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstart je PC niet?

    Laat [b:600748626f]RVAXO[/b:600748626f] nog een keer lopen en post dan het nieuwe logje: [b:600748626f]C:\rvaxo-results.log [/b:600748626f]
  • —RVAXO.exe Updated: [b:cd4fb4d04b]2008-02-13[/b:cd4fb4d04b]—first run—
    [b:cd4fb4d04b]Files found:[/b:cd4fb4d04b]
    C:\WINDOWS.2\system32\spoolvs.exe
    C:\WINDOWS.2\system32\xlibgfl254.dll
    C:\Program Files\udefender_setup.exe
    C:\Program Files\ucleaner_setup.exe
    C:\Program Files\tmp359187.exe
    C:\Program Files\tmp359171.exe
    C:\Program Files\tmp359312.exe
    C:\Program Files\tmp152671.exe
    C:\Program Files\tmp156921.exe
    C:\Program Files\tmp359515.exe
    C:\Program Files\tmp52029890.exe
    C:\Program Files\tmp52030234.exe
    C:\Program Files\tmp359546.exe
    C:\Program Files\tmp2670953.exe
    C:\Program Files\tmp359375.exe
    C:\Program Files\tmp339968.exe
    C:\Program Files\tmp359703.exe
    C:\Program Files\tmp360703.exe
    C:\Program Files\tmp52031359.exe
    C:\Program Files\tmp52030984.exe
    C:\Program Files\tmp4982093.exe
    C:\Program Files\tmp4982062.exe
    C:\Program Files\tmp160515.exe
    C:\Program Files\tmp52031375.exe
    C:\Program Files\tmp52031562.exe
    C:\Program Files\tmp340906.exe
    C:\Program Files\tmp9751953.exe
    C:\Program Files\tmp52031468.exe
    C:\Program Files\tmp9757562.exe
    C:\Program Files\tmp340937.exe
    C:\Program Files\tmp163296.exe
    C:\Program Files\tmp52031703.exe
    C:\Program Files\tmp52032906.exe
    C:\Program Files\tmp12038546.exe
    C:\Program Files\tmp12038687.exe
    C:\Program Files\tmp341703.exe
    C:\Program Files\tmp808421.exe
    C:\Program Files\tmp353109.exe
    C:\Program Files\tmp12040187.exe
    C:\Program Files\tmp12040625.exe
    C:\Program Files\tmp380000.exe
    C:\Program Files\tmp380625.exe
    C:\Program Files\tmp12041281.exe
    C:\Program Files\tmp12039968.exe
    C:\Program Files\tmp381312.exe
    C:\Program Files\tmp821734.exe
    C:\Program Files\tmp902296.exe
    C:\Program Files\tmp402000.exe
    C:\Program Files\tmp2687046.exe
    C:\Program Files\tmp2695265.exe
    C:\Program Files\tmp2701562.exe
    C:\Program Files\tmp2708578.exe
    C:\Program Files\tmp2715625.exe
    C:\Program Files\tmp402796.exe
    C:\Program Files\tmp2724218.exe
    C:\Program Files\tmp2730593.exe
    C:\Program Files\tmp2738828.exe
    C:\Program Files\tmp2748218.exe
    C:\Program Files\tmp2756328.exe
    C:\Program Files\tmp2763000.exe
    C:\Program Files\tmp107750.exe
    C:\Program Files\tmp2770187.exe
    C:\Program Files\tmp107343.exe
    C:\Program Files\tmp1080578.exe
    C:\Program Files\tmp1089125.exe
    C:\Program Files\tmp1090953.exe
    C:\Program Files\tmp1090937.exe
    C:\Program Files\tmp1098453.exe
    C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\printer.exe
    C:\WINDOWS.2\shell.exe
    C:\WINDOWS.2\system32\printer.exe
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\PROGRA~1\Opstarten\findfast.exe
    C:\Documents And Settings\All Users.WINDOWS.2\Menu Start\PROGRA~1\Opstarten\autorun.exe
    C:\??.tmp

    [b:cd4fb4d04b]Uninstallers:[/b:cd4fb4d04b]


    [b:cd4fb4d04b]Folders Found:[/b:cd4fb4d04b]

    C:\Program Files\AntiVirusPro
    C:\Program Files\SystemDefender
    C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\ultra

    Hosts-file was reset, If you use a custom hosts file please replace it…

    ————–RVAXO.exe last run—————

    [b:cd4fb4d04b]Files found:[/b:cd4fb4d04b]

    [b:cd4fb4d04b]Folders Found:[/b:cd4fb4d04b]

    ————–RVAXO.exe finished—————-

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:43, on 2008-02-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\WINDOWS.2\Explorer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    C:\WINDOWS.2\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS.2\system32\HPZipm12.exe
    C:\WINDOWS.2\System32\snmp.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\system32\mqsvc.exe
    C:\WINDOWS.2\system32\mqtgsvc.exe
    C:\WINDOWS.2\system32\wuauclt.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS.2\system32\BluetoothAuthorizationAgent.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O2 - BHO: (no name) - {F8133731-A74D-4D0E-85C3-6B585E563EC3} - C:\WINDOWS.2\system32\STKIT43.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS.2\system32\BluetoothAuthorizationAgent.exe
    O4 - HKLM\..\Run: [AntiVirusPro] C:\Program Files\AntiVirusPro\AntiVirusPro.exe
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service')
    O4 - Startup: kfn.exe
    O4 - Startup: Dynomic ASP Dienst.url
    O4 - Startup: Users
    O4 - Startup: FreeMem.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - Software - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O15 - Trusted Zone: www.euroface.nl
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab
    O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab
    O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Beveiligingsservice tegen virussen en spyware (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: Universele Plug en Play-apparaathost upnphostlanmanserver (upnphostlanmanserver) - Unknown owner - C:\WINDOWS.2\system32\vgan.exe


    End of file - 10429 bytes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord