Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Is deze PC besmet met een Spambot Trojan?

smeenk
18 antwoorden
  • Hallo,

    Ik heb hier een PC staan die een hele ernstige besmetting heeft.
    De ADSL aansluiting van de eigenaar is afgesloten vanwege een Trojan op deze PC. (vermoedelijk een spambot :( )

    Het vervelende is dat er meerdere (5) gebruikers zijn op deze PC. Moeten deze allemaal appart bekeken worden of volstaat het inloggen als administrator middels de veilige modus?

    Hier is het logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:51:16, on 6-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\TrojanHunter 4.6\THGuard.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Documents and Settings\Bente\Application Data\U3\0000184519602EC1\LaunchPad.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\Program Files\CCleaner\ccleaner.exe
    F:\totalcmd\TOTALCMD.EXE
    c:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/
    unonce.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\iifdcby.dll
    O2 - BHO: (no name) - {27F13264-56CC-4851-93CD-7F55828A5D34} - C:\WINDOWS\system32\mljji.dll (file missing)
    O2 - BHO: (no name) - {33A06963-4937-4C7A-99EF-60DFE1072B0f} - C:\WINDOWS\system32\ltmiqamt.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34E52~2\Bar888.dll
    O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\krgpxeqd.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34E52~2\Bar888.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [swcpshell] C:\Windows\System32\csharpshell.exe
    O4 - HKLM\..\Run: Need for Speed Carbon
    O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [lies name fast ace] C:\Documents and Settings\All Users\Application Data\option trans lies name\MeetSixth.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [j4241838] rundll32 C:\WINDOWS\system32\j4241838.dll sook
    O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\uonhdmwq.dll",realset
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [csharpshell] C:\Windows\System32\csharpshell.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/680c575f61e35a0c21d88084ee83f28c_35.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: pushow28.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: iifdcby - C:\WINDOWS\SYSTEM32\iifdcby.dll
    O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing)
    O20 - Winlogon Notify: pmnmmkj - C:\WINDOWS\SYSTEM32\pmnmmkj.dll
    O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
    O20 - Winlogon Notify: vtursro - C:\WINDOWS\SYSTEM32\vtursro.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
    O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
    O20 - Winlogon Notify: yayvsqq - C:\WINDOWS\SYSTEM32\yayvsqq.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0002239 (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

    Ik zal nu eerst een full scan doen met Ad-aware vanuit de veilige modus (Administrator)
  • Download [b:bc8dcd1c9f]Combofix[/b:bc8dcd1c9f] naar je bureaublad.
    Dubbelklik [b:bc8dcd1c9f]combofix.exe[/b:bc8dcd1c9f]
    Volg de instructies.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    Groeten smeenk ;)
  • Combofix kwam met de melding dat er een rootkit was aangetroffen waarna de PC opnieuw werd opgestart.

    Hier de log van Combofix:
    "user" - 2007-06-07 9:39:19 Service Pack 2 NTFS
    ComboFix 07-06-3B - Running from: "C:\temp\"

    [b:22cccfeaec] Rootkit driver xpdt is present. … attempting disinfection [/b:22cccfeaec][/color:22cccfeaec]
    xpdt …… driver unloaded successfully.[/color:22cccfeaec]
    [i:22cccfeaec] ADS removed - system32: deleted 78580 bytes in 1 streams. [/i:22cccfeaec]

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\mljiihi.dll
    C:\WINDOWS\system32\pmnmmkj.dll
    C:\WINDOWS\system32\vtursro.dll
    C:\WINDOWS\system32\yayvsqq.dll
    C:\WINDOWS\system32\ijjlm.bak1
    C:\WINDOWS\system32\ijjlm.bak2
    C:\WINDOWS\system32\ijjlm.ini
    C:\WINDOWS\system32\ijjlm.ini2
    C:\WINDOWS\system32\ijjlm.tmp
    C:\WINDOWS\system32\ijjlm.bak1
    C:\WINDOWS\system32\ijjlm.bak2
    C:\WINDOWS\system32\ijjlm.ini
    C:\WINDOWS\system32\ijjlm.ini2
    C:\WINDOWS\system32\ijjlm.tmp
    C:\WINDOWS\system32\iifdcby.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\{34E52~1
    C:\Program Files\Common Files\{34E52~1\Bar888.dll
    C:\Program Files\Common Files\{34E52~1\UnInstall.exe
    C:\Program Files\Common Files\{34E52~2
    C:\Program Files\Common Files\{34E52~2\Bar888.dll
    C:\Program Files\Common Files\{34E52~2\UnInstall.exe
    C:\Program Files\Common Files\{C4E52~1
    C:\Program Files\Common Files\{C4E52~1\Update.exe~
    C:\Program Files\Common Files\{C4E52~2
    C:\Program Files\Common Files\{C4E52~2\Update.exe
    C:\Program Files\inetget2
    C:\WINDOWS\system32\unsvchosts.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_CLIENT_IP-IPX
    ——-\Client IP-IPX


    ((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))


    2007-06-07 08:35 1,127,814 –a—— C:\temp\combofix.exe
    2007-06-06 21:36 245,760 –a—— C:\Program Files\Uninstall Ask Toolbar.dll
    2007-06-06 20:58 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-06-06 20:57 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
    2007-06-06 20:43 <DIR> d——– C:\Program Files\Lavasoft
    2007-06-06 20:43 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-06 19:49 1,308,216 –a—— C:\Program Files\HiJackThis_v2.exe
    2007-06-06 19:26 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-06-05 19:11 786,432 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-06-05 19:11 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-06-05 18:53 <DIR> d——– C:\Program Files\TrojanHunter 4.6
    2007-06-02 17:33 2,580 –a—— C:\WINDOWS\system32\rcwxwbgm.exe
    2007-06-02 17:29 2,580 –a—— C:\WINDOWS\system32
    dmgyuxg.exe
    2007-06-02 17:02 2,580 –a—— C:\WINDOWS\system32\dfjimgui.exe
    2007-06-02 10:39 2,580 –a—— C:\WINDOWS\system32\vwntvynn.exe
    2007-06-02 08:28 2,580 –a—— C:\WINDOWS\system32\onwqcfxj.exe
    2007-06-02 07:30 131,124 –a—— C:\WINDOWS\system32\uonhdmwq.dll
    2007-06-02 07:29 2,580 –a—— C:\WINDOWS\system32\jxsmnoic.exe
    2007-06-02 06:23 2,580 –a—— C:\WINDOWS\system32\troeiqll.exe
    2007-06-01 17:05 14,868 –a—— C:\WINDOWS\system32\ftpuhtqs.exe
    2007-06-01 17:05 10,752 –a—— C:\WINDOWS\system32\j4241838.dll
    2007-06-01 17:03 14,868 –a—— C:\WINDOWS\system32\qpocvlgw.exe
    2007-06-01 17:03 10,752 –a—— C:\WINDOWS\system32\j1211137.dll
    2007-05-31 16:27 <DIR> d——– C:\Program Files\Counter-Strike Source
    2007-05-31 07:35 26,171 –a—— C:\WINDOWS\system32\tuvvtqp.dll
    2007-05-27 08:44 <DIR> d——– C:\Program Files\NeverwinterNights
    2007-05-26 08:00 <DIR> d——– C:\Program Files\UT2004
    2007-05-25 16:19 <DIR> d——– C:\Program Files\OpenArena
    2007-05-19 17:54 <DIR> d——– C:\divx
    2007-05-19 17:07 <DIR> d——– C:\Program Files\VideoLAN
    2007-05-17 14:31 196,608 –a—— C:\WINDOWS\system32\ssleay32.dll
    2007-05-17 14:31 1,040,384 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-05-17 14:23 35 –a—— C:\readme.bat
    2007-05-17 13:45 49,204 –a—— C:\WINDOWS\system32\mtdgoiwv.dll
    2007-05-16 16:05 3,082 –a—— C:\WINDOWS\system32\affv208325p1now.sys
    2007-05-16 08:16 <DIR> d——– C:\Program Files\WinAVIVideoConverter
    2007-05-16 07:03 <DIR> d——– C:\Program Files\Subdownloader
    2007-05-15 17:35 <DIR> d——– C:\Program Files\directx
    2007-05-15 10:04 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-05-15 07:25 729,088 –a—— C:\WINDOWS\iun6002.exe
    2007-05-11 21:06 <DIR> d——– C:\Program Files\GoldEsel
    2007-05-11 21:06 <DIR> d——– C:\Program Files\Ahead
    2007-05-11 16:51 <DIR> d——– C:\Program Files\Nero
    2007-05-11 16:51 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-05-11 16:46 <DIR> d——– C:\Program Files\AskTBar
    2007-05-11 15:47 49,204 –a—— C:\WINDOWS\system32\qfofdcoy.dll
    2007-05-11 07:26 <DIR> d——– C:\temp
    2007-05-10 19:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name
    2007-05-10 18:59 <DIR> d——– C:\Program Files\Stop Draw Dart
    2007-05-10 18:58 <DIR> d——– C:\Program Files\WinZix
    2007-05-07 15:12 <DIR> d——– C:\Program Files\Dell
    2007-05-07 15:12 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-06 19:35:56 ——– d—–w C:\Program Files\Zylom Games
    2007-06-05 18:25:14 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-06-05 18:22:44 ——– d—–w C:\Program Files\Microsoft Games
    2007-06-03 07:25:01 ——– d—–w C:\Program Files\Valve
    2007-06-02 15:07:53 ——– d—–w C:\Program Files\Google
    2007-05-29 14:07:26 356 —-a-w C:\systeam.dll
    2007-05-23 13:23:14 ——– d—–w C:\Program Files\Call of Duty
    2007-05-19 15:39:48 ——– d—–w C:\Program Files\DivX
    2007-05-16 14:12:03 ——– d—–w C:\Program Files\WinAVI VideoConverter
    2007-05-15 05:15:18 1,339 —-a-w C:\WINDOWS\eReg.dat
    2007-05-14 04:55:49 ——– d—–w C:\Program Files\Movie Maker
    2007-05-14 04:55:44 ——– d—–w C:\Program Files\Messenger
    2007-05-12 20:49:03 ——– d—–w C:\Program Files\GameSpy Arcade
    2007-05-11 16:53:59 ——– d—–w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
    2007-05-08 05:35:55 ——– d—–w C:\Program Files\TrackMania Nations ESWC
    2007-05-07 17:05:49 ——– d—–w C:\Program Files\BitLord
    2007-05-02 18:04:23 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-02 18:04:19 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-05-02 18:04:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-05-02 18:04:05 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-05-02 18:02:06 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-05-02 18:02:06 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-05-02 18:02:04 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-05-02 18:02:02 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-05-02 18:02:02 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-05-02 18:02:02 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-02 18:01:56 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-02 18:01:56 740,442 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-05-02 02:33:57 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-05-02 02:33:56 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-27 04:21:38 49,204 —-a-w C:\WINDOWS\system32\allwylnj.dll
    2007-04-26 05:44:31 43,520 —-a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-04-25 15:10:15 ——– d—–w C:\Program Files\Empire Interactive
    2007-04-24 05:57:58 ——– d—–w C:\Program Files\PowerISO
    2007-04-23 18:33:09 ——– d—–w C:\Program Files\Bethesda Softworks
    2007-04-19 04:47:44 49,204 —-a-w C:\WINDOWS\system32
    ysknkbe.dll
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 15:48:09 ——– d—–w C:\Program Files\EA GAMES
    2007-04-18 15:47:24 ——– d—–w C:\Program Files\StealthBot
    2007-04-18 15:46:32 ——– d—–w C:\Program Files\Maplom
    2007-04-17 09:57:29 123,972 —-a-w C:\WINDOWS\system32\hiymclvn.dll
    2007-04-17 05:46:06 69,380 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-04-17 05:46:06 442,004 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-04-17 05:29:38 ——– d—–w C:\Program Files\Tremulous
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-11 16:16:01 123,972 —-a-w C:\WINDOWS\system32\kjsjftvd.dll
    2007-04-11 11:47:13 123,972 —-a-w C:\WINDOWS\system32\lpetekse.dll
    2007-04-09 12:27:07 31,548 —-a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2007-03-21 16:41:15 90,112 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-14 17:19:56 95,864 —-a-w C:\WINDOWS\system32\NeroCo.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2004-08-03 23:03:30 1,347,584 –sh–r C:\WINDOWS\system32\soundvol32.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 03:17]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2006-03-31 20:45]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 20:34]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [2006-09-29 20:42]
    "csharpshell"="C:\Windows\System32\csharpshell.exe" [2006-11-09 17:42]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    @=C:\WINDOWS\scvhost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\mljji]
    C:\WINDOWS\system32\mljji.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\PRISMAPI.DLL]
    PRISMAPI.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winbjv32]
    winbjv32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winkve32]
    winkve32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=pushow28.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Usnsvc usnsvc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    Contents of the 'Scheduled Tasks' folder
    2007-06-07 07:00:00 C:\WINDOWS\tasks\AAF7E417914C60CF.job
    2007-04-21 08:00:00 C:\WINDOWS\tasks\At1.job
    2007-04-21 12:00:00 C:\WINDOWS\tasks\At2.job
    2007-05-21 18:00:00 C:\WINDOWS\tasks\At3.job
    2007-05-22 12:00:00 C:\WINDOWS\tasks\At4.job
    2007-05-22 08:00:00 C:\WINDOWS\tasks\At5.job
    2007-05-22 18:00:00 C:\WINDOWS\tasks\At6.job
    2007-06-03 23:53:01 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-07 09:47:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-07 9:48:59 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-07 09:48

    — E O F —

    —————

    Moet ik die [b:22cccfeaec]ComboFix-quarantined-files.txt[/b:22cccfeaec] ook posten?
  • Download: [b:743f67e6cc]RemoveVideoActiveXObject.exe[/b:743f67e6cc][/color:743f67e6cc]
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.

    Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
    [b:743f67e6cc]Mogelijk[/b:743f67e6cc] start er ook een uninstaller van een rogue scanner op, [b:743f67e6cc]sluit deze niet af[/b:743f67e6cc] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna de [b:743f67e6cc]PC herstarten[/b:743f67e6cc] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Zoek daarna even het volgende bestand op C:\[b:743f67e6cc]RVAXO-results.log[/b:743f67e6cc]
    Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.
  • —————-RemoveVideoActiveXObject.exe first run————-

    Files found:

    C:\WINDOWS\tasks\AAF7E417914C60CF.job
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\system32\j1211137.dll
    C:\WINDOWS\system32\j4241838.dll
    C:\WINDOWS\system32\vbzip11.dll
    C:\WINDOWS\d3dx.dat

    Uninstallers Rogue scanners:


    Folders Found:


    ——————-


    Logfile of HijackThis v1.99.1
    Scan saved at 12:12:37, on 7-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\System32\csharpshell.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {27F13264-56CC-4851-93CD-7F55828A5D34} - (no file)
    O2 - BHO: (no name) - {33A06963-4937-4C7A-99EF-60DFE1072B0f} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [csharpshell] C:\Windows\System32\csharpshell.exe
    O4 - HKCU\..\Run: [Proc skip] C:\DOCUME~1\Wout\APPLIC~1\STOPDR~1\Warn cool.exe
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Registration Myst V
    O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/680c575f61e35a0c21d88084ee83f28c_35.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: pushow28.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing)
    O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
    O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

    ————————–

    Bijzonderheden:

    De firewall is uitgeschakeld en als je hem wil aanzetten dan moet de er een service worden gestart omdat die niet actief is.

    Verder komt er bij het opstarten (alle gebruikers) dat csharpshell.exe niet kan worden gestart omdat js3250.dll niet kan worden gevonden. Google levert hier niets bruikbaars op.
  • Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    [b:715b1fb9e1]R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: (no name) - {27F13264-56CC-4851-93CD-7F55828A5D34} - (no file)
    O2 - BHO: (no name) - {33A06963-4937-4C7A-99EF-60DFE1072B0f} - (no file)
    O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
    O4 - HKCU\..\Run: [csharpshell] C:\Windows\System32\csharpshell.exe
    O4 - HKCU\..\Run: [Proc skip] C:\DOCUME~1\Wout\APPLIC~1\STOPDR~1\Warn cool.exe
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
    O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/680c575f61e35a0c21d88084ee83f28c_35.exe
    O20 - AppInit_DLLs: pushow28.dll
    O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing)
    O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
    O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing) [/b:715b1fb9e1]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Doe daarna de volgende stappen:

    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:715b1fb9e1]Select All[/b:715b1fb9e1].
    Klik op de knop [b:715b1fb9e1]Empty Selected[/b:715b1fb9e1].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:715b1fb9e1]Select All[/b:715b1fb9e1].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:715b1fb9e1]Empty Selected[/b:715b1fb9e1].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:715b1fb9e1]Select All[/b:715b1fb9e1].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:715b1fb9e1]Empty Selected[/b:715b1fb9e1].
    Ga naar het tabblad "Main" en klik op de knop [b:715b1fb9e1]Exit[/b:715b1fb9e1] om het programma af te sluiten.

    2. Download [b:715b1fb9e1]Dr.Web CureIt[/b:715b1fb9e1] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:715b1fb9e1]drweb-cureit.exe[/b:715b1fb9e1] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:715b1fb9e1]Options[/b:715b1fb9e1] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:715b1fb9e1]groene pijl[/b:715b1fb9e1] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:715b1fb9e1]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:715b1fb9e1]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:715b1fb9e1]Move incurable[/b:715b1fb9e1] zoals je zal zien in volgende afbeelding:
    [img:715b1fb9e1]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:715b1fb9e1]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:715b1fb9e1]file[/b:715b1fb9e1] en kies [b:715b1fb9e1]save report list[/b:715b1fb9e1]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:715b1fb9e1]Herstart[/b:715b1fb9e1] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis ;)
  • Dr. WebCure-it:

    (full) dat is mijn wens walt disney 11.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
    (live) dat is mijn wens walt disney 07.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
    (uncensored) dat is mijn wens walt disney 45.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
    01 Track 1.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
    03 Track 3.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
    04 Track 4.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
    dat is mijn wens walt disney 43.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
    bllafbty.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    bptjatmt.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    jrgagjds.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    rayectds.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    rewdnkwo.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    scaisnup.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    shtukelw.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    svhdnktj.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    vpqvhjje.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    vpxgmcrr.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    vwckhqri.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    xltgcxbb.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
    Movies.exe C:\Documents and Settings\Wout\Bureaublad\wout\backups Win95.SK Incurable.Moved.
    ftreuils.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    fuyswhjg.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    gjilclpf.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    gpxvlhoq.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    gxoqhkvd.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    ijxxtsbo.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    kbyhromn.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    kkaesuwc.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    kkeclbln.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    ktlndube.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    lbcolfqj.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    ldexdyfy.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    lieqmjds.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    lpmrpfxp.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    lxfxmrbh.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    metktfxs.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    mnrlkxks.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    msukhwml.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    mtmbpytc.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    niecltrv.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    nweiyvnh.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    oomhywan.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    oqdpxovc.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    plvvwpci.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    posemibs.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    prcbnern.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    rfaqrtgf.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    rptxtjqf.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    ssrvljqy.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    tfaiibvl.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    tipnosmx.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    tpysoccp.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    tsvgpxaa.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    umrsqfta.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    uxhyuvrf.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    vbqpkakl.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    wcymvgwt.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    wlpupuwc.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    wtvvyuwv.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    xkwtmhol.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    xyfjrtuk.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    ylcioqwq.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    ysegqhbj.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
    sfksiesoy[1].htm C:\Documents and Settings\Wout\Local Settings\Temporary Internet Files\Content.IE5\4XUZ8XIN Trojan.Click.2452 Deleted.
    a120_tb.dll C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar Adware.Softomate Incurable.Moved.
    02VK31DA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
    03USDACA.NQF C:\Program Files\ESET\infected Trojan.NtRootKit.239 Deleted.
    0WV5BNAA.NQF C:\Program Files\ESET\infected Adware.Zango Incurable.Moved.
    11UFUGBA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3338 Deleted.
    13LJX3BA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
    2CBTDCCA.NQF C:\Program Files\ESET\infected Adware.Advert Incurable.Moved.
    2DFKERAA.NQF C:\Program Files\ESET\infected Trojan.Virtumod Deleted.
    2MSPB5BA.NQF C:\Program Files\ESET\infected Adware.Crew Incurable.Moved.
    2NSMTEDA.NQF C:\Program Files\ESET\infected Trojan.Isbar Incurable.Moved.
    2YX4K2BA.NQF C:\Program Files\ESET\infected BackDoor.Vocc Deleted.
    30Z3SLCA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
    4ALAEQAA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
    51G5VCBA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3338 Deleted.
    5BCIPYAA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
    5EPCGMAA.NQF C:\Program Files\ESET\infected Win32.HLLW.Banshee Incurable.Moved.
    5S3DAMAA.NQF C:\Program Files\ESET\infected Dialer.Coulomb Incurable.Moved.
    5XBURIDA.NQF C:\Program Files\ESET\infected Adware.Zango Incurable.Moved.
    B0L31RAA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
    BGW5TADA.NQF C:\Program Files\ESET\infected Adware.TopSearch Incurable.Moved.
    BHSSCIDA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
    C40E0GAA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
    C5AD42CA.NQF C:\Program Files\ESET\infected Trojan.Virtumod Deleted.
    DK5QD1CA.NQF C:\Program Files\ESET\infected Trojan.Mezzia Deleted.
    EL1GSDCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.21939 Deleted.
    EUXFKFCA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
    FGWASXAA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
    FO4EORBA.NQF C:\Program Files\ESET\infected Dialer.Webcont Incurable.Moved.
    FXUOUXCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.3385 Incurable.Moved.
    H2VYPSCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.22042 Deleted.
    HAKXOWBA.NQF C:\Program Files\ESET\infected Adware.NewDotNet Incurable.Moved.
    HAQ352CA.NQF C:\Program Files\ESET\infected Trojan.Isbar.450 Deleted.
    HDEXL3CA.NQF C:\Program Files\ESET\infected Trojan.KeyLogger.89 Deleted.
    HJXW2ACA.NQF C:\Program Files\ESET\infected Adware.TopSearch Incurable.Moved.
    JE5HZPCA.NQF C:\Program Files\ESET\infected Win32.HLLW.Krepper Deleted.
    JOZ1RZBA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
    KM0DP3DA.NQF C:\Program Files\ESET\infected BackDoor.Vocc Deleted.
    L2IYKCCA.NQF C:\Program Files\ESET\infected Tool.GameCrack Incurable.Moved.
    LH3GI5AA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.8620 Deleted.
    LM10VGBA.NQF C:\Program Files\ESET\infected Trojan.Virtumod Deleted.
    MAZFTHCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
    MIZB5WCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.13549 Deleted.
    MLY2I4DA.NQF C:\Program Files\ESET\infected Dialer.Webcont Incurable.Moved.
    MQEG4QCA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
    MVCELPAA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.9222 Deleted.
    N2HPOVDA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.19256 Deleted.
    NVO1J5DA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
    NYH4ITAA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
    O00HGZBA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
    O2H0Z3DA.NQF C:\Program Files\ESET\infected Adware.Crew Incurable.Moved.
    OBBUPSCA.NQF C:\Program Files\ESET\infected Win32.HLLW.Banshee Incurable.Moved.
    OBHCGBDA.NQF C:\Program Files\ESET\infected Adware.TopSearch Incurable.Moved.
    P34QDRBA.NQF C:\Program Files\ESET\infected Trojan.Mezzia Deleted.
    PL410YAA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.4990 Deleted.
    QTBYX0CA.NQF C:\Program Files\ESET\infected Win32.HLLW.Krepper Deleted.
    QXVCSJCA.NQF C:\Program Files\ESET\infected Adware.Crew Incurable.Moved.
    RH5FD1AA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.4990 Deleted.
    RJUWHPBA.NQF C:\Program Files\ESET\infected Dialer.Coulomb Incurable.Moved.
    RUJUT3AA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.420 Deleted.
    T11EMBCA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3338 Deleted.
    TWOOINDA.NQF C:\Program Files\ESET\infected BackDoor.Madtro Deleted.
    U3NI42DA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
    UDNHGDCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.6217 Deleted.
    UT2505BA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
    UVYNTZBA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.8620 Deleted.
    VK2V0BCA.NQF C:\Program Files\ESET\infected BackDoor.Vocc Deleted.
    W5HUHUCA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3338 Deleted.
    X3EA4PBA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3290 Deleted.
    Y2GSQRCA.NQF C:\Program Files\ESET\infected Tool.GameCrack Incurable.Moved.
    YDWBBABA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
    YFSTH5DA.NQF C:\Program Files\ESET\infected Adware.TopSearch Incurable.Moved.
    YSYKBEDA.NQF C:\Program Files\ESET\infected Trojan.Virtumod Deleted.
    NPMyWebS.dll C:\Program Files\Mozilla Firefox\plugins Adware.Msearch Incurable.Moved.
    riched20.dll C:\Program Files\MSN Messenger Adware.Msearch Incurable.Moved.
    F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    F3HTTPCT.DLL C:\Program Files\MyWebSearch\bar\1.bin Trojan.Isbar.438 Deleted.
    F3PSSAVR.SCR C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    F3SCHMON.EXE C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\1.bin Trojan.DownLoader.7028 Deleted.
    F3WPHOOK.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    M3IDLE.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.MWS Incurable.Moved.
    M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    M3PLUGIN.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    MWSBAR.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
    MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
    NPMYWEBS.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
    MWSSRCAS.DLL C:\Program Files\MyWebSearch\SrchAstt\1.bin Adware.MWS Incurable.Moved.
    8WrT25S.dat C:\Program Files\TrojanHunter 4.6\Quarantine Trojan.Virtumod Deleted.
    Bar888.dll.vir C:\QooBox\Quarantine\C\Program Files\Common Files\{34E52~1 Adware.Lucky Incurable.Moved.
    UnInstall.exe.vir C:\QooBox\Quarantine\C\Program Files\Common Files\{34E52~1 Adware.IWantSearch Incurable.Moved.
    Bar888.dll.vir C:\QooBox\Quarantine\C\Program Files\Common Files\{34E52~2 Adware.Lucky Incurable.Moved.
    UnInstall.exe.vir C:\QooBox\Quarantine\C\Program Files\Common Files\{34E52~2 Adware.IWantSearch Incurable.Moved.
    iifdcby.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    mljiihi.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    pmnmmkj.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    vtursro.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    yayvsqq.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    7EN6BEGvyf.ini C:\WINDOWS\system32 BackDoor.Cia.24 Incurable.Moved.
    allwylnj.dll C:\WINDOWS\system32 Trojan.Juan Deleted.
    f3PSSavr.scr C:\WINDOWS\system32 Adware.Msearch Incurable.Moved.
    ftpuhtqs.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
    mtdgoiwv.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    nysknkbe.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    qfofdcoy.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
    qpocvlgw.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
    svchosts.exe~ C:\WINDOWS\system32 Trojan.MulDrop.6162 Deleted.
    uonhdmwq.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.


    —-
    Dat was een hele lijst !!


    Hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:26:09, on 7-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Proc skip] C:\DOCUME~1\Wout\APPLIC~1\STOPDR~1\Warn cool.exe
    O4 - Startup: Registration Myst V
    O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • Nog Bedankt Smeenk!!! :D

    Nog wat vragen:

    Moet ik deze acties voor elke gebruiker (account) doen?
    Was deze besmetting voldoende aanleiding voor Xs4all om internet eraf te gooien?

    Pff, nu maar hopen dat ie weer schoon is, anders gaat Windows eraf en lijkt mij een reinstall het beste.
  • Ik heb een aantal items nog eens per useraccount verwijderd met Hijackthis.
    O.a. My websearch blijft toch per gebruiker in het register staan.

    Ook de windows firewall heb ik weer aan de praat. Deze was duidelijk gesaboteerd door de service uit te schakelen. Via Services heb ik die weer geactiveerd.

    De PC is nu na defragmentatie aanzienlijk sneller. Bedankt voor de hulp !!!

    :D :D :D :D Top ! :D :D :D :D
  • Post nog maar even een nieuw logje van Combofix, ik denk dat er nog wel wat te vinden is ;)
  • "Wout" - 2007-06-08 21:11:43 Service Pack 2 NTFS
    ComboFix 07-06-3B - Running from: "C:\temp\"


    ((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))


    2007-06-07 22:31 <DIR> d——– C:\Program Files\backups
    2007-06-07 17:32 <DIR> d–hs—- C:\DOCUME~1\Wout\Onlangs geopend
    2007-06-07 14:35 <DIR> d——– C:\DOCUME~1\Wout\DoctorWeb
    2007-06-07 14:33 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\U3
    2007-06-07 12:09 32,592 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-06-07 12:09 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-06-07 12:05 <DIR> d——– C:\DOCUME~1\Eigenaar\APPLIC~1\U3
    2007-06-07 09:48 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-07 08:35 1,127,814 –a—— C:\temp\combofix.exe
    2007-06-06 21:36 245,760 –a—— C:\Program Files\Uninstall Ask Toolbar.dll
    2007-06-06 20:58 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-06-06 20:57 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
    2007-06-06 20:43 <DIR> d——– C:\Program Files\Lavasoft
    2007-06-06 20:43 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-06 19:26 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-06-05 20:04 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\TrojanHunter
    2007-06-05 19:11 786,432 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-06-05 19:11 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-06-05 18:53 <DIR> d——– C:\Program Files\TrojanHunter 4.6
    2007-06-02 17:33 2,580 –a—— C:\WINDOWS\system32\rcwxwbgm.exe
    2007-06-02 17:29 2,580 –a—— C:\WINDOWS\system32
    dmgyuxg.exe
    2007-06-02 17:02 2,580 –a—— C:\WINDOWS\system32\dfjimgui.exe
    2007-06-02 10:39 2,580 –a—— C:\WINDOWS\system32\vwntvynn.exe
    2007-06-02 08:28 2,580 –a—— C:\WINDOWS\system32\onwqcfxj.exe
    2007-06-02 07:29 2,580 –a—— C:\WINDOWS\system32\jxsmnoic.exe
    2007-06-02 06:23 2,580 –a—— C:\WINDOWS\system32\troeiqll.exe
    2007-05-31 16:27 <DIR> d——– C:\Program Files\Counter-Strike Source
    2007-05-27 08:44 <DIR> d——– C:\Program Files\NeverwinterNights
    2007-05-26 08:00 <DIR> d——– C:\Program Files\UT2004
    2007-05-25 16:19 <DIR> d——– C:\Program Files\OpenArena
    2007-05-25 16:19 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\OpenArena
    2007-05-23 15:55 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\CrystalSpace
    2007-05-23 15:55 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\CrystalApp
    2007-05-19 17:54 <DIR> d——– C:\divx
    2007-05-19 17:07 <DIR> d——– C:\Program Files\VideoLAN
    2007-05-17 14:31 196,608 –a—— C:\WINDOWS\system32\ssleay32.dll
    2007-05-17 14:31 1,040,384 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-05-17 14:23 35 –a—— C:\readme.bat
    2007-05-16 16:05 3,082 –a—— C:\WINDOWS\system32\affv208325p1now.sys
    2007-05-16 08:16 <DIR> d——– C:\Program Files\WinAVIVideoConverter
    2007-05-16 07:48 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\vlc
    2007-05-16 07:03 <DIR> d——– C:\Program Files\Subdownloader
    2007-05-15 17:35 <DIR> d——– C:\Program Files\directx
    2007-05-15 10:12 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\Ahead
    2007-05-15 10:04 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-05-15 07:25 729,088 –a—— C:\WINDOWS\iun6002.exe
    2007-05-11 21:06 <DIR> d——– C:\Program Files\GoldEsel
    2007-05-11 21:06 <DIR> d——– C:\Program Files\Ahead
    2007-05-11 16:51 <DIR> d——– C:\Program Files\Nero
    2007-05-11 16:51 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-05-11 16:46 <DIR> d——– C:\Program Files\AskTBar
    2007-05-11 07:26 <DIR> d——– C:\temp
    2007-05-10 19:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name
    2007-05-10 18:59 <DIR> d——– C:\Program Files\Stop Draw Dart
    2007-05-10 18:59 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart
    2007-05-10 18:58 <DIR> d——– C:\Program Files\WinZix


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-08 19:12:58 ——– d—–w C:\Program Files\MyWebSearch
    2007-06-07 13:56:05 ——– d—–w C:\Program Files\MSN Messenger
    2007-06-07 07:51:19 69,380 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-06-07 07:51:19 442,004 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-06-06 19:35:56 ——– d—–w C:\Program Files\Zylom Games
    2007-06-05 18:25:14 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-06-05 18:22:44 ——– d—–w C:\Program Files\Microsoft Games
    2007-06-03 07:25:49 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\uTorrent
    2007-06-03 07:25:01 ——– d—–w C:\Program Files\Valve
    2007-06-02 15:07:53 ——– d—–w C:\Program Files\Google
    2007-05-29 14:07:26 356 —-a-w C:\systeam.dll
    2007-05-23 13:23:14 ——– d—–w C:\Program Files\Call of Duty
    2007-05-19 15:39:48 ——– d—–w C:\Program Files\DivX
    2007-05-16 14:12:03 ——– d—–w C:\Program Files\WinAVI VideoConverter
    2007-05-15 05:15:18 1,339 —-a-w C:\WINDOWS\eReg.dat
    2007-05-14 04:55:49 ——– d—–w C:\Program Files\Movie Maker
    2007-05-14 04:55:44 ——– d—–w C:\Program Files\Messenger
    2007-05-12 20:49:03 ——– d—–w C:\Program Files\GameSpy Arcade
    2007-05-11 16:53:59 ——– d—–w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
    2007-05-11 13:22:06 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\AdobeUM
    2007-05-08 05:35:55 ——– d—–w C:\Program Files\TrackMania Nations ESWC
    2007-05-07 17:05:49 ——– d—–w C:\Program Files\BitLord
    2007-05-07 13:12:15 ——– d—–w C:\Program Files\Dell
    2007-05-02 18:04:23 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-02 18:04:19 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-05-02 18:04:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-05-02 18:04:05 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-05-02 18:02:06 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-05-02 18:02:06 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-05-02 18:02:04 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-05-02 18:02:02 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-05-02 18:02:02 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-05-02 18:02:02 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-02 18:01:56 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-02 18:01:56 740,442 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-05-02 02:33:57 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-05-02 02:33:56 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-26 05:44:31 43,520 —-a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-04-25 15:10:15 ——– d—–w C:\Program Files\Empire Interactive
    2007-04-24 05:57:58 ——– d—–w C:\Program Files\PowerISO
    2007-04-23 18:33:09 ——– d—–w C:\Program Files\Bethesda Softworks
    2007-04-20 05:02:21 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\Souptoys
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 15:48:09 ——– d—–w C:\Program Files\EA GAMES
    2007-04-18 15:47:24 ——– d—–w C:\Program Files\StealthBot
    2007-04-18 15:46:32 ——– d—–w C:\Program Files\Maplom
    2007-04-17 05:29:38 ——– d—–w C:\Program Files\Tremulous
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-09 12:27:07 31,548 —-a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2007-03-21 16:41:15 90,112 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-14 17:19:56 95,864 —-a-w C:\WINDOWS\system32\NeroCo.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2004-08-03 23:03:30 1,347,584 –sh–r C:\WINDOWS\system32\soundvol32.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 03:17]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2006-03-31 20:45]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 20:34]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Usnsvc usnsvc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13a83d8a-1453-11dc-a589-99b044036ab0}]
    AutoRun\command- E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bea8a92-c557-11da-9d83-000bdbc37813}]
    AutoRun\command- E:\Install.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a903b137-c0f1-11da-93a1-806d6172696f}]
    AutoRun\command- D:\setup.exe /autorun
    setup\command- D:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcaef07c-c736-11da-9d89-000bdbc37813}]
    AutoRun\command- F:\setup.exe /autorun
    directx\command- F:\DirectX\dxsetup.exe
    setup\command- F:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcaef07d-c736-11da-9d89-000bdbc37813}]
    AutoRun\command- G:\stub.exe

    *Newly Created Service* - GTNDIS5

    Contents of the 'Scheduled Tasks' folder
    2007-06-03 23:53:01 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-08 21:14:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-08 21:15:10
    C:\ComboFix-quarantined-files.txt … 2007-06-08 21:15
    C:\ComboFix2.txt … 2007-06-07 09:48

    — E O F —
  • De service van Windowsdefender is ook uitgeschakeld!
    Moet deze opnieuw worden geinstalleerd?
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:81f9006b0d][b:81f9006b0d]File::
    C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    C:\WINDOWS\system32\rcwxwbgm.exe
    C:\WINDOWS\system32
    dmgyuxg.exe
    C:\WINDOWS\system32\dfjimgui.exe
    C:\WINDOWS\system32\vwntvynn.exe
    C:\WINDOWS\system32\onwqcfxj.exe
    C:\WINDOWS\system32\jxsmnoic.exe
    C:\WINDOWS\system32\troeiqll.exe

    Folder::
    C:\WINDOWS\system32\RVAXO
    C:\Program Files\MyWebSearch
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name
    C:\Program Files\Stop Draw Dart
    C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart [/color:81f9006b0d][/b:81f9006b0d][/list:u:81f9006b0d]Sla dit op op je Bureaublad als [b:81f9006b0d]ComboFix-Do.txt[/b:81f9006b0d].

    Sleep [b:81f9006b0d]ComboFix-Do.txt[/b:81f9006b0d] in [b:81f9006b0d]ComboFix.exe[/b:81f9006b0d] zoals getoond in onderstaand voorbeeld :

    [img:81f9006b0d]http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif[/img:81f9006b0d]

    Dit zal [b:81f9006b0d]ComboFix[/b:81f9006b0d] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:81f9006b0d]Combofix.txt[/b:81f9006b0d] in je volgende antwoord samen met een nieuw HijackThislogje.
  • "Wout" - 2007-06-09 7:21:15 Service Pack 2 NTFS
    Command switches used :: ""C:\Documents and Settings\Wout\Bureaublad\ComboFix-Do.txt""


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\Admin Global Mfcd
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\EQ GLOBAL SETUP
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\JugsAxisDupe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\license media ford
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\MeetSixth.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\start long pile
    C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart
    C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart\B1EE8C87
    C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart\pectadea.exe
    C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart\Tool Gpl Wma.exe
    C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart\Warn cool.exe
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\Stop Draw Dart
    C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    C:\WINDOWS\system32\RVAXO
    C:\WINDOWS\system32\RVAXO\d3dx.dat
    C:\WINDOWS\system32\RVAXO\remove.exe
    C:\WINDOWS\system32\RVAXO\vbzip11.dll
    C:\WINDOWS\system32\vwntvynn.exe


    ((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


    2007-06-08 21:28 <DIR> d——– C:\Program Files\Windows Defender
    2007-06-08 21:22 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\Lavasoft
    2007-06-07 22:31 <DIR> d——– C:\Program Files\backups
    2007-06-07 17:32 <DIR> d–hs—- C:\DOCUME~1\Wout\Onlangs geopend
    2007-06-07 14:35 <DIR> d——– C:\DOCUME~1\Wout\DoctorWeb
    2007-06-07 14:33 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\U3
    2007-06-07 12:05 <DIR> d——– C:\DOCUME~1\Eigenaar\APPLIC~1\U3
    2007-06-07 09:48 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-07 08:35 1,127,814 –a—— C:\temp\combofix.exe
    2007-06-06 21:36 245,760 –a—— C:\Program Files\Uninstall Ask Toolbar.dll
    2007-06-06 20:58 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-06-06 20:57 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
    2007-06-06 20:43 <DIR> d——– C:\Program Files\Lavasoft
    2007-06-06 20:43 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-06 19:26 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-06-05 20:04 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\TrojanHunter
    2007-06-05 19:11 786,432 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-06-05 19:11 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
    2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-06-05 18:53 <DIR> d——– C:\Program Files\TrojanHunter 4.6
    2007-05-31 16:27 <DIR> d——– C:\Program Files\Counter-Strike Source
    2007-05-27 08:44 <DIR> d——– C:\Program Files\NeverwinterNights
    2007-05-26 08:00 <DIR> d——– C:\Program Files\UT2004
    2007-05-25 16:19 <DIR> d——– C:\Program Files\OpenArena
    2007-05-25 16:19 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\OpenArena
    2007-05-23 15:55 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\CrystalSpace
    2007-05-23 15:55 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\CrystalApp
    2007-05-19 17:54 <DIR> d——– C:\divx
    2007-05-19 17:07 <DIR> d——– C:\Program Files\VideoLAN
    2007-05-17 14:31 196,608 –a—— C:\WINDOWS\system32\ssleay32.dll
    2007-05-17 14:31 1,040,384 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-05-17 14:23 35 –a—— C:\readme.bat
    2007-05-16 16:05 3,082 –a—— C:\WINDOWS\system32\affv208325p1now.sys
    2007-05-16 08:16 <DIR> d——– C:\Program Files\WinAVIVideoConverter
    2007-05-16 07:48 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\vlc
    2007-05-16 07:03 <DIR> d——– C:\Program Files\Subdownloader
    2007-05-15 17:35 <DIR> d——– C:\Program Files\directx
    2007-05-15 10:12 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\Ahead
    2007-05-15 10:04 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-05-15 07:25 729,088 –a—— C:\WINDOWS\iun6002.exe
    2007-05-11 21:06 <DIR> d——– C:\Program Files\GoldEsel
    2007-05-11 21:06 <DIR> d——– C:\Program Files\Ahead
    2007-05-11 16:51 <DIR> d——– C:\Program Files\Nero
    2007-05-11 16:51 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-05-11 16:46 <DIR> d——– C:\Program Files\AskTBar
    2007-05-11 07:26 <DIR> d——– C:\temp
    2007-05-10 18:58 <DIR> d——– C:\Program Files\WinZix


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-07 13:56:05 ——– d—–w C:\Program Files\MSN Messenger
    2007-06-07 07:51:19 69,380 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-06-07 07:51:19 442,004 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-06-06 19:35:56 ——– d—–w C:\Program Files\Zylom Games
    2007-06-05 18:25:14 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-06-05 18:22:44 ——– d—–w C:\Program Files\Microsoft Games
    2007-06-03 07:25:49 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\uTorrent
    2007-06-03 07:25:01 ——– d—–w C:\Program Files\Valve
    2007-06-02 15:07:53 ——– d—–w C:\Program Files\Google
    2007-05-29 14:07:26 356 —-a-w C:\systeam.dll
    2007-05-23 13:23:14 ——– d—–w C:\Program Files\Call of Duty
    2007-05-19 15:39:48 ——– d—–w C:\Program Files\DivX
    2007-05-16 14:12:03 ——– d—–w C:\Program Files\WinAVI VideoConverter
    2007-05-15 05:15:18 1,339 —-a-w C:\WINDOWS\eReg.dat
    2007-05-14 04:55:49 ——– d—–w C:\Program Files\Movie Maker
    2007-05-14 04:55:44 ——– d—–w C:\Program Files\Messenger
    2007-05-12 20:49:03 ——– d—–w C:\Program Files\GameSpy Arcade
    2007-05-11 16:53:59 ——– d—–w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
    2007-05-11 13:22:06 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\AdobeUM
    2007-05-08 05:35:55 ——– d—–w C:\Program Files\TrackMania Nations ESWC
    2007-05-07 17:05:49 ——– d—–w C:\Program Files\BitLord
    2007-05-07 13:12:15 ——– d—–w C:\Program Files\Dell
    2007-05-02 18:04:23 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-02 18:04:19 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-05-02 18:04:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-05-02 18:04:05 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-05-02 18:02:06 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-05-02 18:02:06 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-05-02 18:02:04 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-05-02 18:02:02 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-05-02 18:02:02 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-05-02 18:02:02 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-02 18:01:56 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-02 18:01:56 740,442 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-05-02 02:33:57 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-05-02 02:33:56 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-26 05:44:31 43,520 —-a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-04-25 15:10:15 ——– d—–w C:\Program Files\Empire Interactive
    2007-04-24 05:57:58 ——– d—–w C:\Program Files\PowerISO
    2007-04-23 18:33:09 ——– d—–w C:\Program Files\Bethesda Softworks
    2007-04-20 05:02:21 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\Souptoys
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 15:48:09 ——– d—–w C:\Program Files\EA GAMES
    2007-04-18 15:47:24 ——– d—–w C:\Program Files\StealthBot
    2007-04-18 15:46:32 ——– d—–w C:\Program Files\Maplom
    2007-04-17 05:29:38 ——– d—–w C:\Program Files\Tremulous
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-09 12:27:07 31,548 —-a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2007-03-21 16:41:15 90,112 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-14 17:19:56 95,864 —-a-w C:\WINDOWS\system32\NeroCo.dll
    2004-08-03 23:03:30 1,347,584 –sh–r C:\WINDOWS\system32\soundvol32.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 03:17]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2006-03-31 20:45]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 20:34]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Usnsvc usnsvc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bea8a92-c557-11da-9d83-000bdbc37813}]
    AutoRun\command- E:\Install.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a903b137-c0f1-11da-93a1-806d6172696f}]
    AutoRun\command- D:\setup.exe /autorun
    setup\command- D:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcaef07c-c736-11da-9d89-000bdbc37813}]
    AutoRun\command- F:\setup.exe /autorun
    directx\command- F:\DirectX\dxsetup.exe
    setup\command- F:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcaef07d-c736-11da-9d89-000bdbc37813}]
    AutoRun\command- G:\stub.exe

    *Newly Created Service* - GTNDIS5

    Contents of the 'Scheduled Tasks' folder
    2007-06-09 05:28:52 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-09 07:31:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-09 7:32:40 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-09 07:32
    C:\ComboFix2.txt … 2007-06-08 21:15
    C:\ComboFix3.txt … 2007-06-07 09:48

    — E O F —


    Logfile of HijackThis v1.99.1
    Scan saved at 7:34:00, on 9-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32
    etdde.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • Verwijder de volgende map:
    C:\[b:e7230213e2]qoobox[/b:e7230213e2]\

    Maak dan je prullenbak leeg.

    [b:e7230213e2]Je Java software is verouderd.[/color:e7230213e2][/b:e7230213e2] oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[list:e7230213e2][*:e7230213e2]Download [b:e7230213e2]Java Runtime Environment (JRE) 6.1[/color:e7230213e2][/b:e7230213e2] en bewaar het naar je Bureaublad.
    [*:e7230213e2]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:e7230213e2]Ga dan naar [b:e7230213e2]Start[/b:e7230213e2] > [b:e7230213e2]Configuratiescherm[/b:e7230213e2] > [b:e7230213e2]Software[/b:e7230213e2] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:e7230213e2]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:e7230213e2]Klik dan op [b:e7230213e2]Verwijderen[/b:e7230213e2] of op de [b:e7230213e2]Wijzig/Verwijder[/b:e7230213e2] knop.
    [*:e7230213e2]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:e7230213e2]Na het verwijderen van alle oudere versies, [b:e7230213e2]herstart[/b:e7230213e2] je pc.
    [*:e7230213e2]Dubbelklik vervolgens op [b:e7230213e2]jre-6u1-windows-i586-p.exe[/b:e7230213e2] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:e7230213e2]

    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Kijk hier hoe je je systeemherstel moet uitschakelen.
    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

    Zijn alle problemen nu voorbij?
  • Toppie heel erg bedankt smeenk voor de hulp !! Ik heb er weer veel van geleerd.

    Ik heb alle bovenstaande acties gedaan en de problemen lijken nu voorbij.
    Alleen vraag ik me af of er nog restanten in de andere profielen (gebruiker accounts) kunnen zitten?

    Ik heb Windowsdefender opnieuw geinstalleerd en de windows firewall doet het ook weer. Misschien zet ik Sygate er nog bij.
  • Graag gedaan hoor :)

    Je zou nog wat onlinescanners kunnen laten lopen, misschien dat die nog wat restantjes vinden en verwijderen.
  • Ik heb NOD32 laten lopen, deze heeft inderdaad nog e.e.a. verwijderd.

    Daarna heb ik ook met Avast! antivirus (U3 versie 1.0.108) vanaf mijn USB stick gescanned. Ook deze vond een aantal malware items welke nu ook verwijderd zijn.

    Is een online scanner dan nog zinvol? De PC wordt zometeen opgehaald.
    Xs4all wil nu schriftelijk weten wat er allemaal gedaan is om de ADSL aansluiting weer te activeren! Als ik de logjes erbij doe, dan wordt het een heel pakket ! :lol:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.