Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hoe krijg ik die pop-ups weg?

juisterr
21 antwoorden
  • hallo,

    m'n computer heeft momenteel een beetje kuren: er komen steeds popups in beeld van onder andere winproantispyware en clean driver. Ook sluit m'n explorer om de haverklap geheel af.

    Ik heb al een nieuwe virusscanner gehaald (AVG) en hitmanpro en ad adware laten draaien. Deze vinden geen probleem.

    Ik zag op dit forum dat een logfile handig kan zijn, dus die staat hieronder. Zelf ben ik totaal compufoob, dus ik hoop dat iemand me stap voor stap van de problemen kan afhelpen?

    groeten Linda


    Logfile of HijackThis v1.99.1
    Scan saved at 16:04:12, on 22-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.1 .lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000005-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/68067e00213eeb4c463766ea5119f17b_35.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - Unknown owner - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)
  • Je hebt zo te zien twee virusscanners tegelijkertijd draaien (avg en mcafee). Dit werkt onnodig vertragend, en ze kunnen elkaar in de weg zitten. Ik zou een van beide verwijderen.
  • En deze entry verwijderen :


    Sluit alle vensters.Start HijackThis op en kies voor "do a system scan only", vink indien aanwezig alleen de volgende regel aan:

    O16 - DPF: {00000005-0000-0000-0000-100005000004} -http://code.trasferimento.biz/l/68067e00213eeb4c463766ea5119f17b_35.exe

    Klik op fix checked en sluit HijackThis.
  • ok, ik heb McAfee verwijderd, eveneals regel O16.
    Het probleem is er echter nog steeds.

    groeten Linda
  • Mijn opmerking over de dubbele antivirus was ook niet als oplossing voor dit probleem bedoeld. Wacht even het antwoord van een van onze specialisten af.
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:732643b1bc]
    R3 - Default URLSearchHook is missing
    O16 - DPF: {00000005-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/68067e00213eeb4c463766ea5119f17b_35.exe
    [/b:732643b1bc]
    Klik op 'Fix checked' om de items te verwijderen.


    Download [b:732643b1bc]Dr.Web CureIt[/b:732643b1bc] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    Dubbelklik [b:732643b1bc]drweb-cureit.exe[/b:732643b1bc] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:732643b1bc]Options[/b:732643b1bc] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:732643b1bc]groene pijl[/b:732643b1bc] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:732643b1bc]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:732643b1bc]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:732643b1bc]Move incurable[/b:732643b1bc] zoals je zal zien in volgende afbeelding:
    [img:732643b1bc]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:732643b1bc]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:732643b1bc]file[/b:732643b1bc] en kies [b:732643b1bc]save report list[/b:732643b1bc]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    [b:732643b1bc]Herstart[/b:732643b1bc] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

    Run HijackThis opnieuw en post een nieuwe log
  • Het resultaat:

    fccawvw.dll c:\windows\system32 Trojan.Virtumod Will be cured after reboot.
    jkkjg.dll c:\windows\system32 Trojan.Virtumod Will be cured after reboot.
    wsutygyl.dll c:\windows\system32 Trojan.Virtumod Will be cured after reboot.
    ErrorSafeScannerInstall_nl[1].exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UUF2F0Z6 Program.Winfixer Incurable.Moved.
    VBAOL11.CHM\html/olobjAddressEntries.htm C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modification of VBS.Petik
    VBAOL11.CHM C:\Program Files\Microsoft Office\OFFICE11\1043 Archive contains infected objects Moved.
    Dc100.wma C:\RECYCLER\S-1-5-21-933509818-1652624467-2859878532-1008 Trojan.Isbar.389 Deleted.
    A0073370.dll C:\System Volume Information\_restore{C58A4D17-03AA-4271-B93C-2EC0745D0B29}\RP618 Trojan.Virtumod Deleted.
    UERSM_0001_N56M1511NetInstaller.exe C:\WINDOWS\Downloaded Program Files Program.Winfixer Incurable.Moved.
    cbxuvuv.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    efcyvuv.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    fccawvw.dll C:\WINDOWS\system32 Trojan.Virtumod Will be cured after reboot.
    fccdaww.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    jkkjg.dll C:\WINDOWS\system32 Trojan.Virtumod Will be cured after reboot.
    qomllll.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    wsutygyl.dll C:\WINDOWS\system32 Trojan.Virtumod Will be cured after reboot.
    by Fry - alceu valenca 51.wma D:\RECYCLER\S-1-5-21-933509818-1652624467-2859878532-1008\Dd9 Trojan.Isbar.389 Deleted.


    Logfile of HijackThis v1.99.1
    Scan saved at 14:04:42, on 24-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\hijackthis\HijackThis.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\wsutygyl.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.1 .lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - Unknown owner - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)

    Wat kan ik doen om te voorkomen dat ik die Trojaanse paarden krijg?

    groeten Linda
  • Ik zie volgens mij geen firewall staan. Als dat klopt, kijk dan eens naar comodo of kerio.
  • Eerst maar eens die infectie helemaal weg.

    ga naar configuratiescherm >> software en verwijder daar indien aanwezig. [b:f1ebb043a5]istbar[/b:f1ebb043a5]


    verder

    Download [b:f1ebb043a5]Combofix[/b:f1ebb043a5] naar je Bureaublad.
    Dubbelklik [b:f1ebb043a5]Combofix.exe[/b:f1ebb043a5]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:f1ebb043a5]NIET[/b:f1ebb043a5] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:f1ebb043a5]combofix.txt[/b:f1ebb043a5] openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Als je helemaal schoon bent zal ik je wel wat tips geven.
  • Super bedankt voor alle hulp!!



    C:\WINDOWS\system32\upqrltgu.dll
    C:\WINDOWS\system32\gjkkj.bak1
    C:\WINDOWS\system32\gjkkj.bak2
    C:\WINDOWS\system32\gjkkj.ini
    C:\WINDOWS\system32\ugtlrqpu.ini
    C:\WINDOWS\system32\gjkkj.bak1
    C:\WINDOWS\system32\gjkkj.bak2
    C:\WINDOWS\system32\gjkkj.ini
    C:\WINDOWS\system32\jkkjg.dll
    C:\WINDOWS\system32\fccawvw.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))


    2007-05-26 11:42 50,745 –a—— C:\WINDOWS\system32
    nmsgwuh.dll
    2007-05-24 12:04 <DIR> d——– C:\Documents and Settings\Linda Heilmann\DoctorWeb
    2007-05-24 12:04 <DIR> d——– C:\DOCUME~1\LINDAH~1\DoctorWeb
    2007-05-21 00:47 <DIR> d——– C:\Program Files\Lavasoft
    2007-05-20 23:48 <DIR> d——– C:\hijackthis
    2007-05-20 23:30 <DIR> d——– C:\DOCUME~1\LINDAH~1\APPLIC~1\Uniblue
    2007-05-08 15:13 20,569 –a—— C:\WINDOWS\system32\pxc25pm.dll
    2007-05-08 15:13 <DIR> d——– C:\Program Files\Tracker Software
    2007-05-08 15:13 <DIR> d——– C:\Program Files\Mindjet
    2007-05-08 15:13 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mindjet


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-26 09:43:28 ——– d—–w C:\DOCUME~1\LINDAH~1\APPLIC~1\OpenOffice.org2
    2007-05-22 15:34:03 ——– d—–w C:\Program Files\McAfee.com
    2007-05-22 13:46:45 ——– d—–w C:\Program Files\Google
    2007-05-20 22:48:54 ——– d—–w C:\DOCUME~1\LINDAH~1\APPLIC~1\Lavasoft
    2007-05-20 22:46:57 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-05-14 15:04:21 54,464 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-14 15:04:21 367,286 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-11 14:08:05 ——– d—–w C:\Program Files\SpywareBlaster
    2007-05-11 14:08:03 ——– d—–w C:\Program Files\Hitman Pro
    2007-05-04 13:52:54 ——– d—–w C:\Program Files\spss
    2007-05-01 17:31:38 ——– d—–w C:\Program Files\RegCure
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32
    nmsgwuh.dll [2007-05-26 11:42]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-05-22 15:46]
    {AC41D38F-B56D-40AD-94E0-B493D130C959}=C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll [2006-12-14 00:23]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2004-10-30 01:50 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2004-10-30 01:50 C:\WINDOWS\system32
    vmctray.dll]
    "SoundMan"="SOUNDMAN.EXE" []
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
    "D-Link Air USB Utility"="C:\Program Files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 08:21]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 16:09]
    "MMReminderService"="C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [2006-12-14 00:16]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
    "InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 16:14]
    "IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-07-30 16:10]
    "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 17:20]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 15:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winsys32]
    C:\WINDOWS\system32\winsys32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winzoa32]
    winzoa32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070524-120400-254
    R3 - Default URLSearchHook is missing

    backup-20070522-161716-771
    O16 - DPF: {00000005-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/68067e00213eeb4c463766ea5119f17b_35.exe

    ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    backup-20070522-154941-299
    O23 - Service: WZCBDL Service (WZCBDLService) - Unknown owner - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)

    backup-20070522-154941-484
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)

    backup-20070522-154859-842
    O23 - Service: WZCBDL Service (WZCBDLService) - Unknown owner - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)

    backup-20070522-154859-207
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)

    backup-20070522-154814-755
    O23 - Service: WZCBDL Service (WZCBDLService) - Unknown owner - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)

    backup-20070522-154814-976
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)

    backup-20070522-154642-782
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.paradigit.nl

    backup-20070522-153957-324
    O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl

    backup-20070521-000331-430
    O15 - Trusted Zone: http://www.avrogezondheid.nl
    Contents of the 'Scheduled Tasks' folder
    2007-05-11 15:57:01 C:\WINDOWS\tasks\1-Click Maintenance.job
    2007-05-26 11:00:50 C:\WINDOWS\tasks\RegCure Program Check.job
    2007-03-15 22:36:23 C:\WINDOWS\tasks\RegCure.job
    2007-05-20 21:29:42 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    2007-05-20 21:29:40 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-26 13:00:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-26 13:02:15 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-05-26 13:02

    — E O F —


    ogfile of HijackThis v1.99.1
    Scan saved at 13:05:13, on 26-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32
    nmsgwuh.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.1 .lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winsys32 - C:\WINDOWS\system32\winsys32.dll (file missing)
    O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - Unknown owner - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)
  • Download [b:89fe167d3e]Combofix[/b:89fe167d3e]

    Extract Combofix & plaats het op je Bureaublad.

    Ga naar Start > Uitvoeren en kopiëer en plak :



    [b:89fe167d3e]" C:\Documents and Settings\Linda Heilmann\Bureaublad\ComboFix.exe" /v nnmsgwuh [/b:89fe167d3e]


    en klik op OK.

    Dit zal Combofix opnieuw starten.
    Laat de tool rustig zijn werk doen, en post het logje dat je krijgt in je volgende antwoord, samen met een vers HijackThis logje
  • Ik heb bovenstaande geprobeerd, maar krijg de mededeling dat windows het bestand niet kan vinden. ComboFix staat wel op m'n bureaublad, evenals een mapje genaamd ComboFix T en een pictogram van een venster met een geel radje erin met de naam start.

    Heb ik iets verkeerd gedaan?

    groeten Linda
  • Ok Linda, run de combofix zoals je de eerste keer gedaan hebt aub, en plaats het logje daarvan samen met een nieuw HJT logje.

    succes.
  • bij deze:

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))


    2007-05-26 13:02 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-05-26 11:42 50,745 –a—— C:\WINDOWS\system32
    nmsgwuh.dll
    2007-05-24 12:04 <DIR> d——– C:\Documents and Settings\LINDAH~1\DoctorWeb
    2007-05-24 12:04 <DIR> d——– C:\DOCUME~1\LINDAH~1\DoctorWeb
    2007-05-21 00:47 <DIR> d——– C:\Program Files\Lavasoft
    2007-05-20 23:48 <DIR> d——– C:\hijackthis
    2007-05-20 23:30 <DIR> d——– C:\DOCUME~1\LINDAH~1\APPLIC~1\Uniblue
    2007-05-08 15:13 20,569 –a—— C:\WINDOWS\system32\pxc25pm.dll
    2007-05-08 15:13 <DIR> d——– C:\Program Files\Tracker Software
    2007-05-08 15:13 <DIR> d——– C:\Program Files\Mindjet
    2007-05-08 15:13 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mindjet


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-27 10:19:11 ——– d—–w C:\DOCUME~1\LINDAH~1\APPLIC~1\OpenOffice.org2
    2007-05-22 15:34:03 ——– d—–w C:\Program Files\McAfee.com
    2007-05-22 13:46:45 ——– d—–w C:\Program Files\Google
    2007-05-20 22:48:54 ——– d—–w C:\DOCUME~1\LINDAH~1\APPLIC~1\Lavasoft
    2007-05-20 22:46:57 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-05-14 15:04:21 54,464 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-14 15:04:21 367,286 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-11 14:08:05 ——– d—–w C:\Program Files\SpywareBlaster
    2007-05-11 14:08:03 ——– d—–w C:\Program Files\Hitman Pro
    2007-05-04 13:52:54 ——– d—–w C:\Program Files\spss
    2007-05-01 17:31:38 ——– d—–w C:\Program Files\RegCure
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32
    nmsgwuh.dll [2007-05-26 11:42]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-05-22 15:46]
    {AC41D38F-B56D-40AD-94E0-B493D130C959}=C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll [2006-12-14 00:23]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2004-10-30 01:50 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2004-10-30 01:50 C:\WINDOWS\system32
    vmctray.dll]
    "SoundMan"="SOUNDMAN.EXE" []
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
    "D-Link Air USB Utility"="C:\Program Files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 08:21]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 16:09]
    "MMReminderService"="C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [2006-12-14 00:16]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 01:50]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
    "InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 16:14]
    "IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-07-30 16:10]
    "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 17:20]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 15:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winsys32]
    C:\WINDOWS\system32\winsys32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winzoa32]
    winzoa32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    Contents of the 'Scheduled Tasks' folder
    2007-05-11 15:57:01 C:\WINDOWS\tasks\1-Click Maintenance.job
    2007-05-27 10:18:31 C:\WINDOWS\tasks\RegCure Program Check.job
    2007-03-15 22:36:23 C:\WINDOWS\tasks\RegCure.job
    2007-05-20 21:29:42 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    2007-05-20 21:29:40 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-27 13:07:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-27 13:08:08
    C:\ComboFix-quarantined-files.txt … 2007-05-27 13:08
    C:\ComboFix2.txt … 2007-05-26 13:02

    — E O F —

    gfile of HijackThis v1.99.1
    Scan saved at 13:10:29, on 27-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32
    nmsgwuh.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.1 .lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winsys32 - C:\WINDOWS\system32\winsys32.dll (file missing)
    O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - Unknown owner - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)

    groeten Linda
  • Hallo,
    Een verzoek, wil je aub dit onderstaande bestand even plaatsen op onderstaand forum, het is niet nodig om je te registreren.

    Dit bestand
    C:\WINDOWS\system32\[b:fb55fdd8db]nnmsgwuh.dll[/b:fb55fdd8db]

    Dit forum
    http://www.thespykiller.co.uk/index.php?board=1.0

    Start gewoon een [b:fb55fdd8db]nieuw topic[/b:fb55fdd8db] en noem het “[b:fb55fdd8db] "File for TonyKlein".[/b:fb55fdd8db]

    In het topic even de link plaatsen naar dit topic
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1207205#1207205
    en gebruik de [b:fb55fdd8db]“Attachment box to upload the file.[/b:fb55fdd8db]

    Het is niet nodig om je file helemaal te uploaden gewoon het volle pad plaatsen, in dit geval dus.
    [b:fb55fdd8db]C:\WINDOWS\system32
    nmsgwuh.dll[/b:fb55fdd8db]

    Ik weet niet of hij deze ook wil hebben dus vermeld het even aub.
    {4B646AFB-9341-4330-8FD1-C32485AEE619}=

    Plak het in the attachment box, en druk op de “post “ knop. Het bestand zal gevonden worden en geupload.


    (NOTE: You will not see the files that have been uploaded (including the ones you upload yourself) as they only show to the authorised users who can download them)


    Groeten
    J
  • Bedankt voor het uploaden,
    http://www.thespykiller.co.uk/index.php?topic=4260.0

    Voer onderstaande even uit aub.

    Download [b:3ffdf9edd2]Combofix[/b:3ffdf9edd2]

    Extract Combofix & plaats het op je Bureaublad.

    Ga naar Start > Uitvoeren en kopiëer en plak :



    [b:3ffdf9edd2]"C:\Documents and Settings\ All Users\Bureaublad\ComboFix.exe" /v nnmsgwuh [/b:3ffdf9edd2]


    en klik op OK.

    Dit zal Combofix opnieuw starten.
    Laat de tool rustig zijn werk doen, en post het logje dat je krijgt in je volgende antwoord, samen met een vers HijackThis logje



    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:3ffdf9edd2]
    O20 - Winlogon Notify: winsys32 - C:\WINDOWS\system32\winsys32.dll (file missing)
    O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)
    [/b:3ffdf9edd2]
    Klik op 'Fix checked' om de items te verwijderen.


    succes
  • Ik heb geprobeerd ComboFix via Start–> Uitvoeren op te starten, maar krijg dan de mededeling dat dit verwijst naar een locatie die niet toegankelijk is. Opslaan van Combofix op het bureaublad van All users werkte ook niet (m'n computer is ingedeeld in twee hoofdgebruikers plus een gastgebruiker).
    Onderstaande is het resultaat van het opstarten van ComboFix rechtstreeks vanaf het bureaublad:

    ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Linda Heilmann\Bureaublad\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32
    nmsgwuh.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))


    2007-05-26 13:02 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-05-24 12:04 <DIR> d——– C:\Documents and Settings\LINDAH~1\DoctorWeb
    2007-05-24 12:04 <DIR> d——– C:\DOCUME~1\LINDAH~1\DoctorWeb
    2007-05-21 00:47 <DIR> d——– C:\Program Files\Lavasoft
    2007-05-20 23:48 <DIR> d——– C:\hijackthis
    2007-05-20 23:30 <DIR> d——– C:\DOCUME~1\LINDAH~1\APPLIC~1\Uniblue
    2007-05-08 15:13 20,569 –a—— C:\WINDOWS\system32\pxc25pm.dll
    2007-05-08 15:13 <DIR> d——– C:\Program Files\Tracker Software
    2007-05-08 15:13 <DIR> d——– C:\Program Files\Mindjet
    2007-05-08 15:13 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mindjet


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-27 10:19:11 ——– d—–w C:\DOCUME~1\LINDAH~1\APPLIC~1\OpenOffice.org2
    2007-05-22 15:34:03 ——– d—–w C:\Program Files\McAfee.com
    2007-05-22 13:46:45 ——– d—–w C:\Program Files\Google
    2007-05-20 22:48:54 ——– d—–w C:\DOCUME~1\LINDAH~1\APPLIC~1\Lavasoft
    2007-05-20 22:46:57 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-05-14 15:04:21 54,464 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-14 15:04:21 367,286 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-11 14:08:05 ——– d—–w C:\Program Files\SpywareBlaster
    2007-05-11 14:08:03 ——– d—–w C:\Program Files\Hitman Pro
    2007-05-04 13:52:54 ——– d—–w C:\Program Files\spss
    2007-05-01 17:31:38 ——– d—–w C:\Program Files\RegCure
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32
    nmsgwuh.dll []
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-05-22 15:46]
    {AC41D38F-B56D-40AD-94E0-B493D130C959}=C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll [2006-12-14 00:23]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2004-10-30 01:50 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2004-10-30 01:50 C:\WINDOWS\system32
    vmctray.dll]
    "SoundMan"="SOUNDMAN.EXE" []
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
    "D-Link Air USB Utility"="C:\Program Files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 08:21]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 16:09]
    "MMReminderService"="C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [2006-12-14 00:16]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 01:50]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
    "InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 16:14]
    "IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-07-30 16:10]
    "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 17:20]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 15:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winsys32]
    C:\WINDOWS\system32\winsys32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winzoa32]
    winzoa32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    Contents of the 'Scheduled Tasks' folder
    2007-05-11 15:57:01 C:\WINDOWS\tasks\1-Click Maintenance.job
    2007-05-27 10:18:31 C:\WINDOWS\tasks\RegCure Program Check.job
    2007-03-15 22:36:23 C:\WINDOWS\tasks\RegCure.job
    2007-05-20 21:29:42 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    2007-05-20 21:29:40 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-27 16:41:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-27 16:42:05
    C:\ComboFix-quarantined-files.txt … 2007-05-27 16:41
    C:\ComboFix2.txt … 2007-05-27 13:08
    C:\ComboFix3.txt … 2007-05-26 13:02

    — E O F —

    ogfile of HijackThis v1.99.1
    Scan saved at 16:45:28, on 27-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32
    nmsgwuh.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.1 .lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - Unknown owner - C:\Program Files\WZCBDL Service\WZCBDLS.exe (file missing)

    groeten Linda
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:1186f353c1]
    O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32
    nmsgwuh.dll (file missing)
    [/b:1186f353c1]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.
  • ok, heb ik gedaan

    groet Linda
  • Ok dan zou het nu goed moeten zijn, heb je nog problemen??

    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. tips

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.