Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Malware...

None
29 antwoorden
  • Hallo,

    Het is weer eens zover, ik heb zogenoemde malware op m'n pc… surfen gaat zeer traag en als ik een pagina wil openen wil hij vaak eerst een site openene van errorsafe ofzo… ik krijg ook steeds een popup rechtsbeneden met de mededeling dat ik mogelijk malware heb. Virusscan en adaware wil weer eens niet baten…

    Alvast bedankt voor de hulp!

    Hier is een logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:33:36, on 7-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\WINDOWS\system32\qwerty12.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\winntify.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    E:\Program Files\NewsBin
    bpro.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9478edc1-d5bf-4e73-9826-69348809436a} - C:\WINDOWS\system32\dssdfi.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp1BC3.tmp.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Robert\LOCALS~1\Temp\woso.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\efccca.dll",forkonce
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [gc60tfuz6] C:\DOCUME~1\Robert\LOCALS~1\Temp\crasos.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?657caab18499431ea4e21bac314be19
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?657caab18499431ea4e21bac314be19
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150639646484
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\gebcdec.dll
    O20 - Winlogon Notify: dssdfi - C:\WINDOWS\SYSTEM32\dssdfi.dll
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
  • Niemand… ??? :(
  • Je zou al met dit kunnen beginnen :
    Download Combofix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren
    Plaats deze log in je volgende post. En dan wordt het wachten op de specialisten om je een remedie aan de hand te doen.
  • Ok dan, bedankt…

    Hierbij de log:

    ComboFix 07-08-09.3 - "Robert" 2007-08-09 18:51:46.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.585 [GMT 2:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Robert\APPLIC~1\tmp1363.tmp.exe
    C:\DOCUME~1\Robert\APPLIC~1\tmp1397.tmp.exe
    C:\DOCUME~1\Robert\APPLIC~1\tmp1B65.tmp.exe
    C:\DOCUME~1\Robert\APPLIC~1\tmp1B9C.tmp.exe
    C:\DOCUME~1\Robert\APPLIC~1\tmp1BC3.tmp.exe
    C:\DOCUME~1\Robert\APPLIC~1\tmp3DE.tmp.exe
    C:\DOCUME~1\Robert\APPLIC~1\tmpA4.tmp.exe
    C:\Program Files\SpyLocked 4.0
    C:\Program Files\SpyLocked 4.0\ignored.lst
    C:\Program Files\SpyLocked 4.0\sd.ini
    C:\Program Files\video activex access
    C:\Program Files\video activex access\iesbpl.dll
    C:\Program Files\video activex access\iesbunst.exe
    C:\Program Files\video activex access\iesmin.exe
    C:\Program Files\video activex access\iesplg.dll
    C:\Program Files\video activex access\iesunst.exe
    C:\Program Files\video activex access\imsmn.exe
    C:\Program Files\video activex access\imsunst.exe
    C:\Program Files\video activex access\ot.ico
    C:\Program Files\video activex access\ts.ico
    C:\Program Files\video activex access\uninst.exe
    C:\WINDOWS\acccfe.ini
    C:\WINDOWS\efccca.dll
    C:\WINDOWS\system32\awtsqpn.dll
    C:\WINDOWS\system32\dn50d8897b.dat
    C:\WINDOWS\system32\dssdfi.dll
    C:\WINDOWS\system32\gebcdec.dll
    C:\WINDOWS\system32\geebaxx.dll
    C:\WINDOWS\system32\ou9sound.dll
    C:\WINDOWS\system32\qwerty12.exe
    C:\WINDOWS\system32\ssqpnmk.dll
    C:\WINDOWS\system32\ssqponk.dll
    C:\WINDOWS\system32\ssqpqpn.dll
    C:\WINDOWS\system32\sstqqnm.dll
    C:\WINDOWS\system32\tmp1BC3.tmp.dll
    C:\WINDOWS\system32\vtutqqo.dll
    C:\WINDOWS\system32\vtuttuv.dll
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\system32\winntify.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_DOMAINSERVICE
    ——-\LEGACY_WINNOTIFY
    ——-\DomainService
    ——-\Winnotify


    ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


    2007-08-09 18:55 13,380 –a—— C:\WINDOWS\system32\vturrpn.dll
    2007-08-09 18:51 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-09 18:46 <DIR> d——– C:\WINDOWS\LastGood.Tmp
    2007-08-05 19:47 25,664 –a—— C:\WINDOWS\system32\DYGoC76h.exe
    2007-07-23 23:10 <DIR> d——– C:\Program Files\MSECache
    2007-07-14 13:04 <DIR> d——– C:\Program Files\Canon
    2007-07-14 12:54 <DIR> d——– C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ScanSoft
    2007-07-11 18:32 28,672 ——— C:\WINDOWS\system32\verclsid.exe
    2007-07-10 19:01 90,112 –a—— C:\WINDOWS\unvise32.exe
    2007-07-10 19:01 86,016 –a—— C:\WINDOWS\unvise32qt.exe
    2007-07-10 19:01 <DIR> d——– C:\WINDOWS\system32\QuickTime
    2007-07-10 19:01 <DIR> d——– C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
    2007-07-10 19:00 <DIR> d——– C:\Program Files\The Rosetta Stone
    2007-07-10 18:58 <DIR> d——– C:\Rosetta Application
    2007-07-09 21:17 <DIR> dr——- C:\DOCUME~1\LOCALS~1.NTA\Favorieten
    2007-07-09 21:17 <DIR> d——– C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Google


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-07 19:19 ——— d——– C:\Program Files\eMule
    2007-08-05 13:51 ——— d——– C:\DOCUME~1\Robert\APPLIC~1\Canon
    2007-07-14 13:04 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-07-14 12:56 ——— d——– C:\Program Files\ewido anti-malware
    2007-07-14 12:53 ——— d——– C:\Program Files\Common Files\ScanSoft Shared
    2007-07-13 18:12 53418 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-07-13 18:12 364330 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-07-10 19:01 ——— d——– C:\Program Files\QuickTime
    2007-07-10 18:04 ——— d——– C:\Program Files\Google
    2007-07-05 14:38 ——— d——– C:\Program Files\SPAMfighter
    2007-07-05 14:38 ——— d——– C:\Program Files\Common Files\Ankiro
    2007-07-05 14:38 ——— d——– C:\DOCUME~1\Robert\APPLIC~1\SPAMfighter
    2007-07-05 14:37 ——— d——– C:\Program Files\Common Files\Application
    2007-06-25 15:04 1184400 –a—— C:\WINDOWS\system32\FreeImage.dll
    2001-11-23 06:08 712704 –a—— C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    2006-06-27 18:34:53 952 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2006-06-18 16:02]
    "Cmaudio"="cmicnfg.cpl" []
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-10 19:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []

    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04]

    R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5.sys


    Contents of the 'Scheduled Tasks' folder
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At15.job
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-09 17:01:01 C:\WINDOWS\Tasks\At20.job
    2007-08-08 18:01:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-07 19:01:00 C:\WINDOWS\Tasks\At22.job
    2007-08-08 20:01:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-07 21:01:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\DYGoC76h.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-09 19:02:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-09 19:04:02 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-08-09 19:03

    — E O F —
  • Heeft al een flink boeltje opgekuist. Mogen wij nu nog eens een vers logje van HiJackThis. En hoe zit het verder met de problemen ?
  • De malware waarschuwing krijg ik niet meer, surfen gaat nog wel behoorlijk traag (duurt lang voordat een pagina geheel geopend is)…

    Logfile of HijackThis v1.99.1
    Scan saved at 23:04:10, on 9-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\qwerty12.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {b8e41ad0-def2-47b7-a02c-eb78a9163112} - C:\WINDOWS\system32\docman.dll
  • Hier is een stukje van je log zoekgeraakt, vrees ik :D Er ontbreekt nog een heel pak na de 02-lijntjes.
  • Oops…. :)

    Logfile of HijackThis v1.99.1
    Scan saved at 18:31:28, on 10-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\WINDOWS\system32\qwerty12.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\NewsBin
    bpro.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {b8e41ad0-def2-47b7-a02c-eb78a9163112} - C:\WINDOWS\system32\docman.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?657caab18499431ea4e21bac314be19
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?657caab18499431ea4e21bac314be19
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150639646484
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\vtstuvs.dll
    O20 - Winlogon Notify: docman - C:\WINDOWS\SYSTEM32\docman.dll
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
  • Goed advies Kape



    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:398418a714][b:398418a714]
    File::
    C:\WINDOWS\system32\vturrpn.dll

    [/color:398418a714][/b:398418a714][/list:u:398418a714]Sla dit op op je Bureaublad als [b:398418a714]CFScript.txt[/b:398418a714]

    Sleep [b:398418a714]CFScript.txt[/b:398418a714] in [b:398418a714]ComboFix.exe[/b:398418a714] zoals getoond in onderstaand voorbeeld :

    [img:398418a714]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:398418a714]

    Dit zal [b:398418a714]ComboFix[/b:398418a714] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:398418a714]Combofix.txt[/b:398418a714] in je volgende antwoord

    Download: [b:398418a714]RemoveVideoActiveXObject.exe[/b:398418a714][/color:398418a714]
    Sla het bestand op je bureaublad op, daarna dubbelklikken.
    Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

    Daarna de [b:398418a714]PC herstarten[/b:398418a714] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Post daarna het logje C:\[b:398418a714]RVAXO-results.log[/b:398418a714] in je volgende bericht




    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:398418a714]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {b8e41ad0-def2-47b7-a02c-eb78a9163112} - C:\WINDOWS\system32\docman.dll
    O20 - Winlogon Notify: docman - C:\WINDOWS\SYSTEM32\docman.dll
    [/b:398418a714]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Open de verkenner ("Mijn Computer") en kies [b:398418a714]Extra[/b:398418a714] -> [b:398418a714]Mapopties…[/b:398418a714]
    Controleer onder [b:398418a714]Weergave[/b:398418a714] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende bestanden:
    C:\WINDOWS\system32\[b:398418a714]docman.dll[/b:398418a714]

    Plaats een nieuw HJT logje en het nieuwe combofix logje.
  • [quote:e6b1d5bcab="juisterr"]Goed advies Kape[/quote:e6b1d5bcab] Graag gedaan :D
  • Ok, bedankt…. docman.dll was al verwijderd na een scan met nod32, ik heb nu nog wel docman.dns, laten staan neem ik aan?

    Hier de combofix log:

    ComboFix 07-08-09.3 - "Robert" 2007-08-10 23:16:27.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.637 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Robert\Bureaublad\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\vturrpn.dll


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Robert\APPLIC~1\tmp801E.tmp.exe
    C:\DOCUME~1\Robert\APPLIC~1\tmpE9E.tmp.exe
    C:\WINDOWS\system32\dn50d8897b.dat
    C:\WINDOWS\system32\docman.dll
    C:\WINDOWS\system32\jkhhgfd.dll
    C:\WINDOWS\system32\mljgedb.dll
    C:\WINDOWS\system32\vtstqop.dll
    C:\WINDOWS\system32\vtstuvs.dll
    C:\WINDOWS\system32\vturrpn.dll
    C:\WINDOWS\system32\vturssp.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


    2007-08-09 23:18 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-08-09 23:18 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-08-09 23:18 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-08-09 19:06 2,184,704 —–c— C:\WINDOWS\system32\dllcache
    toskrnl.exe
    2007-08-09 19:06 2,140,672 —–c— C:\WINDOWS\system32\dllcache
    tkrnlmp.exe
    2007-08-09 19:06 2,061,952 —–c— C:\WINDOWS\system32\dllcache
    tkrnlpa.exe
    2007-08-09 19:06 2,020,352 —–c— C:\WINDOWS\system32\dllcache
    tkrpamp.exe
    2007-08-09 18:51 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-05 19:47 25,664 –a—— C:\WINDOWS\system32\DYGoC76h.exe
    2007-07-23 23:10 <DIR> d——– C:\Program Files\MSECache
    2007-07-14 13:04 <DIR> d——– C:\Program Files\Canon
    2007-07-14 12:54 <DIR> d——– C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ScanSoft
    2007-07-11 18:32 28,672 ——— C:\WINDOWS\system32\verclsid.exe
    2007-07-10 19:01 90,112 –a—— C:\WINDOWS\unvise32.exe
    2007-07-10 19:01 86,016 –a—— C:\WINDOWS\unvise32qt.exe
    2007-07-10 19:01 <DIR> d——– C:\WINDOWS\system32\QuickTime
    2007-07-10 19:01 <DIR> d——– C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
    2007-07-10 19:00 <DIR> d——– C:\Program Files\The Rosetta Stone
    2007-07-10 18:58 <DIR> d——– C:\Rosetta Application


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-10 18:51 ——— d——– C:\DOCUME~1\Robert\APPLIC~1\Canon
    2007-08-07 19:19 ——— d——– C:\Program Files\eMule
    2007-07-14 13:04 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-07-14 12:56 ——— d——– C:\Program Files\ewido anti-malware
    2007-07-14 12:53 ——— d——– C:\Program Files\Common Files\ScanSoft Shared
    2007-07-13 18:12 53418 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-07-13 18:12 364330 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-07-10 19:01 ——— d——– C:\Program Files\QuickTime
    2007-07-10 18:04 ——— d——– C:\Program Files\Google
    2007-07-05 14:38 ——— d——– C:\Program Files\SPAMfighter
    2007-07-05 14:38 ——— d——– C:\Program Files\Common Files\Ankiro
    2007-07-05 14:38 ——— d——– C:\DOCUME~1\Robert\APPLIC~1\SPAMfighter
    2007-07-05 14:37 ——— d——– C:\Program Files\Common Files\Application
    2007-06-25 15:04 1184400 –a—— C:\WINDOWS\system32\FreeImage.dll
    2001-11-23 06:08 712704 –a—— C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    2006-06-27 18:34:53 952 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-10 19:01]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2007-08-09 23:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []

    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04]

    R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers
    od32drv.sys
    R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5.sys


    Contents of the 'Scheduled Tasks' folder
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At15.job
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-10 16:01:00 C:\WINDOWS\Tasks\At19.job
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-10 17:01:00 C:\WINDOWS\Tasks\At20.job
    2007-08-10 18:01:00 C:\WINDOWS\Tasks\At21.job
    2007-08-10 19:01:03 C:\WINDOWS\Tasks\At22.job
    2007-08-10 20:01:00 C:\WINDOWS\Tasks\At23.job
    2007-08-09 21:01:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\DYGoC76h.exe
    2007-08-05 17:47:25 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\DYGoC76h.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-10 23:20:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-10 23:21:13 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-08-10 23:21
    C:\ComboFix2.txt … 2007-08-09 19:04

    — E O F —




    De hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:38:46, on 10-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?657caab18499431ea4e21bac314be19
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?657caab18499431ea4e21bac314be19
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150639646484
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
  • Hallo weer,


    * Open kladblok - Gebruik geen enkele andere texteditor dan kladblok het script zal falen!
    Kopieer en plak hetgeen wat in onderstaande quotebox staat in kladblok:

    [b:40ebf40c0f]
    File::
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job

    [/color:40ebf40c0f][/b:40ebf40c0f]
    Sla dit op op je Bureaublad als [b:40ebf40c0f]CFScript.txt[/b:40ebf40c0f]

    Sleep [b:40ebf40c0f]CFScript.txt[/b:40ebf40c0f] in [b:40ebf40c0f]ComboFix.exe[/b:40ebf40c0f] zoals getoond in onderstaand voorbeeld :

    [img:40ebf40c0f]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:40ebf40c0f]

    Dit zal [b:40ebf40c0f]ComboFix[/b:40ebf40c0f] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:40ebf40c0f]Combofix.txt[/b:40ebf40c0f] in je volgende antwoord samen met een nieuw HijackThislogje.

    Vertel gelijk even of je nog klachten hebt.

    Juisterr
  • ComboFix 07-08-09.3 - "Robert" 2007-08-12 12:11:42.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.660 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Robert\Bureaublad\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Robert\APPLIC~1\tmp115.tmp.exe
    C:\DOCUME~1\Robert\APPLIC~1\tmp129.tmp.exe
    C:\WINDOWS\system32\awvttsq.dll
    C:\WINDOWS\system32\ddcyxvt.dll
    C:\WINDOWS\system32\dn50d8897b.dat
    C:\WINDOWS\system32\jkhfccd.dll
    C:\WINDOWS\system32\kbdtrs.dll
    C:\WINDOWS\system32\mljgdca.dll
    C:\WINDOWS\system32\pmkhiif.dll
    C:\WINDOWS\system32\ssqrpqr.dll


    ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


    2007-08-10 23:44 <DIR> d——– C:\WWE Monday Night Raw 2007-08-06 XviD-SC-SDH
    2007-08-10 23:26 32,312 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-08-10 23:26 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-08-09 23:18 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-08-09 23:18 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-08-09 23:18 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-08-09 19:06 2,184,704 —–c— C:\WINDOWS\system32\dllcache
    toskrnl.exe
    2007-08-09 19:06 2,140,672 —–c— C:\WINDOWS\system32\dllcache
    tkrnlmp.exe
    2007-08-09 19:06 2,061,952 —–c— C:\WINDOWS\system32\dllcache
    tkrnlpa.exe
    2007-08-09 19:06 2,020,352 —–c— C:\WINDOWS\system32\dllcache
    tkrpamp.exe
    2007-08-09 18:51 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-05 19:47 25,664 –a—— C:\WINDOWS\system32\DYGoC76h.exe
    2007-07-23 23:10 <DIR> d——– C:\Program Files\MSECache
    2007-07-14 13:04 <DIR> d——– C:\Program Files\Canon
    2007-07-14 12:54 <DIR> d——– C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ScanSoft


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-10 18:51 ——— d——– C:\DOCUME~1\Robert\APPLIC~1\Canon
    2007-08-07 19:19 ——— d——– C:\Program Files\eMule
    2007-07-14 13:04 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-07-14 12:56 ——— d——– C:\Program Files\ewido anti-malware
    2007-07-14 12:53 ——— d——– C:\Program Files\Common Files\ScanSoft Shared
    2007-07-13 18:12 53418 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-07-13 18:12 364330 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-07-10 19:01 ——— d——– C:\Program Files\QuickTime
    2007-07-10 19:00 ——— d——– C:\Program Files\The Rosetta Stone
    2007-07-10 18:04 ——— d——– C:\Program Files\Google
    2007-07-05 14:38 ——— d——– C:\Program Files\SPAMfighter
    2007-07-05 14:38 ——— d——– C:\Program Files\Common Files\Ankiro
    2007-07-05 14:38 ——— d——– C:\DOCUME~1\Robert\APPLIC~1\SPAMfighter
    2007-07-05 14:37 ——— d——– C:\Program Files\Common Files\Application
    2007-06-25 15:04 1184400 –a—— C:\WINDOWS\system32\FreeImage.dll
    2001-11-23 06:08 712704 –a—— C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    2006-06-27 18:34:53 952 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-10 19:01]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2007-08-09 23:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []

    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04]

    R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers
    od32drv.sys
    R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5.sys


    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-12 12:15:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-12 12:16:51 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-08-12 12:16
    C:\ComboFix2.txt … 2007-08-10 23:21
    C:\ComboFix3.txt … 2007-08-09 19:04

    — E O F —
  • Hij is weer een stuk sneller… bedankt voor de hulp !!
  • Hmmm, iets te vroeg gejuigd…

    Hij start de pagina's wel vaak snel op, echter als er nog plaatjes ofzo geladen moeten worden blijft de browser een aantal secondes hangen… :(
  • Mag ik nog even een nieuw HJT logje zien aub.

    O ja start je webbrowser en druk dan op ctrl en F5 sluit nu de pagina.
  • Komt ie dan…


    Logfile of HijackThis v1.99.1
    Scan saved at 16:51:06, on 12-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: (no name) - {f0ecc2b4-a7b3-48ec-bf42-b117a4ed3f8e} - C:\WINDOWS\system32\imonnui.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?657caab18499431ea4e21bac314be19
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?657caab18499431ea4e21bac314be19
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150639646484
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\awtsqpn.dll
    O20 - Winlogon Notify: imonnui - C:\WINDOWS\SYSTEM32\imonnui.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
  • Download [b:dc2fd0a34d]Combofix[/b:dc2fd0a34d] naar je Bureaublad.[list:dc2fd0a34d]
    Dubbelklik op [b:dc2fd0a34d]Combofix.exe[/b:dc2fd0a34d]
    Volg de instructies, aanvaard de disclaimer door [b:dc2fd0a34d]1[/b:dc2fd0a34d] (continue) te typen.
    Tijdens het runnen van de fix, [b:dc2fd0a34d]NIET[/b:dc2fd0a34d] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:dc2fd0a34d]
    Wanneer de fix voltooid is en na herstart, zal de log [b:dc2fd0a34d]combofix.txt[/b:dc2fd0a34d] openen.
    [i:dc2fd0a34d]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:dc2fd0a34d]

    Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:dc2fd0a34d]
    O2 - BHO: (no name) - {f0ecc2b4-a7b3-48ec-bf42-b117a4ed3f8e} - C:\WINDOWS\system32\imonnui.dll
    O20 - Winlogon Notify: imonnui - C:\WINDOWS\SYSTEM32\imonnui.dll
    [/b:dc2fd0a34d]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Open de verkenner ("Mijn Computer") en kies [b:dc2fd0a34d]Extra[/b:dc2fd0a34d] -> [b:dc2fd0a34d]Mapopties…[/b:dc2fd0a34d]
    Controleer onder [b:dc2fd0a34d]Weergave[/b:dc2fd0a34d] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende bestanden:
    C:\WINDOWS\system32\[b:dc2fd0a34d]imonnui.dll[/b:dc2fd0a34d]
  • [quote:8cecdc8f0c]Selecteer alleen de items die hieronder zijn genoemd:

    O2 - BHO: (no name) - {f0ecc2b4-a7b3-48ec-bf42-b117a4ed3f8e} - C:\WINDOWS\system32\imonnui.dll
    O20 - Winlogon Notify: imonnui - C:\WINDOWS\SYSTEM32\imonnui.dll
    [/quote:8cecdc8f0c]

    Deze waren niet aanwezig…

    [quote:8cecdc8f0c]Verwijder de volgende bestanden:
    C:\WINDOWS\system32\imonnui.dll[/quote:8cecdc8f0c]

    Dit bestand was ook niet aanwezig.

    ComboFix 07-08-09.3 - "Robert" 2007-08-12 17:33:36.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.631 [GMT 2:00]


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtsqpn.dll
    C:\WINDOWS\system32\dn50d8897b.dat
    C:\WINDOWS\system32\imonnui.dll
    C:\WINDOWS\system32\vtsttut.dll


    ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


    2007-08-10 23:44 <DIR> d——– C:\WWE Monday Night Raw 2007-08-06 XviD-SC-SDH
    2007-08-10 23:26 32,312 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-08-10 23:26 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-08-09 23:18 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-08-09 23:18 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-08-09 23:18 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-08-09 19:06 2,184,704 —–c— C:\WINDOWS\system32\dllcache
    toskrnl.exe
    2007-08-09 19:06 2,140,672 —–c— C:\WINDOWS\system32\dllcache
    tkrnlmp.exe
    2007-08-09 19:06 2,061,952 —–c— C:\WINDOWS\system32\dllcache
    tkrnlpa.exe
    2007-08-09 19:06 2,020,352 —–c— C:\WINDOWS\system32\dllcache
    tkrpamp.exe
    2007-08-09 18:51 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-05 19:47 25,664 –a—— C:\WINDOWS\system32\DYGoC76h.exe
    2007-07-23 23:10 <DIR> d——– C:\Program Files\MSECache
    2007-07-14 13:04 <DIR> d——– C:\Program Files\Canon
    2007-07-14 12:54 <DIR> d——– C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ScanSoft


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-12 14:48 ——— d——– C:\DOCUME~1\Robert\APPLIC~1\Canon
    2007-08-12 13:43 ——— d——– C:\Program Files\eMule
    2007-07-14 13:04 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-07-14 12:56 ——— d——– C:\Program Files\ewido anti-malware
    2007-07-14 12:53 ——— d——– C:\Program Files\Common Files\ScanSoft Shared
    2007-07-13 18:12 53418 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-07-13 18:12 364330 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-07-10 19:01 ——— d——– C:\Program Files\QuickTime
    2007-07-10 19:00 ——— d——– C:\Program Files\The Rosetta Stone
    2007-07-10 18:04 ——— d——– C:\Program Files\Google
    2007-07-05 14:38 ——— d——– C:\Program Files\SPAMfighter
    2007-07-05 14:38 ——— d——– C:\Program Files\Common Files\Ankiro
    2007-07-05 14:38 ——— d——– C:\DOCUME~1\Robert\APPLIC~1\SPAMfighter
    2007-07-05 14:37 ——— d——– C:\Program Files\Common Files\Application
    2007-06-25 15:04 1184400 –a—— C:\WINDOWS\system32\FreeImage.dll
    2001-11-23 06:08 712704 –a—— C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    2006-06-27 18:34:53 952 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-10 19:01]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2007-08-09 23:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []

    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04]

    R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers
    od32drv.sys
    R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5.sys


    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-12 17:37:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-12 17:38:05 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-08-12 17:38
    C:\ComboFix2.txt … 2007-08-12 12:16
    C:\ComboFix3.txt … 2007-08-10 23:21

    — E O F —


    Logfile of HijackThis v1.99.1
    Scan saved at 17:43:19, on 12-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?657caab18499431ea4e21bac314be19
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?657caab18499431ea4e21bac314be19
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150639646484
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
  • Logje ziet er goed uit, hoe is het nu met je problemen??

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.