Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis log

None
13 antwoorden
  • Ik heb iets op mijn systeem, wat er niet hoort. Probeert ook via explorer.exe contact te maken met een vage site.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:01:27, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\RMClock\RMClock.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\total commander\TOTALCMD.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijack This\HiJackThis.exe

    O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)


    End of file - 4849 bytes

    Het gaat iig om deze file: jjjhgf.dll
  • OOO gerben toch.


    Download [b:d3d0f65bde]Combofix[/b:d3d0f65bde] naar je Bureaublad.[list:d3d0f65bde]
    Dubbelklik op [b:d3d0f65bde]Combofix.exe[/b:d3d0f65bde]
    Volg de instructies, aanvaard de disclaimer door [b:d3d0f65bde]1[/b:d3d0f65bde] (continue) te typen gevolgd door [b:d3d0f65bde]ENTER[/b:d3d0f65bde].
    Tijdens het runnen van de fix, [b:d3d0f65bde]NIET[/b:d3d0f65bde] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:d3d0f65bde]
    Wanneer de fix voltooid is en na herstart, zal de log [b:d3d0f65bde]combofix.txt[/b:d3d0f65bde] openen.
    [i:d3d0f65bde]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:d3d0f65bde]

    Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:d3d0f65bde]
    O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll
    O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll
    [/b:d3d0f65bde]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.
  • Hijackthis kan ze niet verwijdern, had ik al geprobeerd. Killbox evenmin. Virustotal meent virtumonde te herkennen, o.a. door f-secure. Hun removal tool herkent het ook, maar verwijdert het niet. Vundofix evenmin.

    ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 13:38:15.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.348 [GMT 1:00]
    Running from: L:\trojan\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
    .

    2007-11-10 12:47 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-10 12:36 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\DoctorWeb
    2007-11-10 03:54 36,864 ——— C:\WINDOWS\system32\ljjjhgf.dll
    2007-11-09 18:06 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic
    2007-11-09 17:30 <DIR> d——– c:\Program Files\a-squared HiJackFree
    2007-11-09 17:29 <DIR> d——– c:\Program Files\a-squared Free
    2007-11-09 17:10 <DIR> d——– c:\Program Files\VideoLAN
    2007-11-09 17:09 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc
    2007-11-09 17:08 <DIR> d——– c:\Program Files\K-Lite Codec Pack
    2007-11-08 19:56 <DIR> d——– C:\WINDOWS
    view
    2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
    2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32
    vudisp.exe
    2007-11-08 13:16 <DIR> d——– c:\Program Files\Realtek AC97
    2007-11-08 13:07 <DIR> d——– c:\Program Files\Driver Sweeper
    2007-11-08 13:00 <DIR> d——– c:\Program Files\UPHClean
    2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 6.0
    2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 4.0
    2007-11-08 12:45 1,104,896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-11-08 12:45 851,968 —–c— C:\WINDOWS\system32\dllcache\vgx.dll
    2007-11-08 12:45 549,376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-11-08 12:45 60,032 —–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
    2007-11-08 12:43 <DIR> d——– c:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-08 12:42 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
    2007-11-08 12:40 1,146,184 –a—— C:\WINDOWS\system32\FM20.DLL
    2007-11-08 12:40 40,960 –a—— C:\WINDOWS\system32\SSUBTMR6.DLL
    2007-11-08 12:40 32,584 –a—— C:\WINDOWS\system32\FM20ENU.DLL
    2007-11-08 12:40 10,752 –a—— C:\WINDOWS\system32\aamd532.dll
    2007-11-08 03:55 <DIR> d——– c:\Program Files\RMClock
    2007-11-07 14:23 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit
    2007-11-07 13:13 87,040 –a—— C:\WINDOWS\system32\wiafbdrv.dll
    2007-11-07 13:13 13,312 –a—— C:\WINDOWS\system32\hpsjmcro.dll
    2007-11-07 13:13 12,160 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-07 13:13 10,880 –a—— C:\WINDOWS\system32\drivers\scsiscan.sys
    2007-11-07 12:13 16,256 –a—— C:\WINDOWS\system32\drivers\symc810.sys
    2007-11-07 12:13 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-10 12:38 ——— d—–w c:\program files\\PeerGuardian2
    2007-11-10 12:01 ——— d—–w c:\program files\\Hijack This
    2007-11-10 11:57 ——— d—–w c:\program files\\Mozilla Firefox
    2007-11-10 11:48 ——— d—–w c:\program files\\Common Files
    2007-11-10 03:19 ——— d—–w c:\program files\\a-squared Free
    2007-11-10 03:06 ——— d—–w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7
    2007-11-09 16:30 ——— d—–w c:\program files\\a-squared HiJackFree
    2007-11-09 16:10 ——— d—–w c:\program files\\VideoLAN
    2007-11-09 16:08 ——— d—–w c:\program files\\K-Lite Codec Pack
    2007-11-08 18:30 ——— d–h–w c:\program files\\InstallShield Installation Information
    2007-11-08 12:16 ——— d—–w c:\program files\\Realtek AC97
    2007-11-08 12:08 ——— d—–w c:\program files\\Driver Sweeper
    2007-11-08 12:00 ——— d—–w c:\program files\\UPHClean
    2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 6.0
    2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 4.0
    2007-11-08 11:45 ——— d—–w c:\program files\\Internet Explorer
    2007-11-08 11:43 ——— d—–w c:\program files\\Outlook Express
    2007-11-08 11:43 ——— d—–w c:\program files\\Microsoft CAPICOM 2.1.0.2
    2007-11-08 03:07 ——— d—–w c:\program files\\Opera
    2007-11-08 02:55 ——— d—–w c:\program files\\RMClock
    2007-11-07 21:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-07 21:02 ——— d—–w c:\program files\\Spybot - Search & Destroy
    2007-11-07 20:55 ——— d—–w c:\program files\\SpywareBlaster
    2007-11-07 20:53 ——— d—–w c:\program files\\IrfanView
    2007-11-07 12:59 ——— d—–w c:\program files\\BitSpirit
    2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32
    vwddi.dll
    2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32
    vmctray.dll
    2007-10-28 15:52 8,531,968 —-a-w C:\WINDOWS\system32
    vcpl.dll
    2007-10-28 15:52 757,760 —-a-w C:\WINDOWS\system32
    vcplui.exe
    2007-10-28 15:52 7,424,992 —-a-w C:\WINDOWS\system32\drivers
    v4_mini.sys
    2007-10-28 15:52 6,901,760 —-a-w C:\WINDOWS\system32
    voglnt.dll
    2007-10-28 15:52 6,541,312 —-a-w C:\WINDOWS\system32
    vdisps.dll
    2007-10-28 15:52 5,768,320 —-a-w C:\WINDOWS\system32
    v4_disp.dll
    2007-10-28 15:52 466,944 —-a-w C:\WINDOWS\system32
    vshell.dll
    2007-10-28 15:52 45,056 —-a-w C:\WINDOWS\system32
    vmccsrs.dll
    2007-10-28 15:52 442,368 —-a-w C:\WINDOWS\system32
    vappbar.exe
    2007-10-28 15:52 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
    2007-10-28 15:52 380,928 —-a-w C:\WINDOWS\system32
    vapi.dll
    2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32
    vcodins.dll
    2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32
    vcod.dll
    2007-10-28 15:52 307,200 —-a-w C:\WINDOWS\system32
    vexpbar.dll
    2007-10-28 15:52 3,698,688 —-a-w C:\WINDOWS\system32
    vvitvs.dll
    2007-10-28 15:52 3,407,872 —-a-w C:\WINDOWS\system32
    vgames.dll
    2007-10-28 15:52 286,720 —-a-w C:\WINDOWS\system32
    vnt4cpl.dll
    2007-10-28 15:52 229,376 —-a-w C:\WINDOWS\system32
    vmccs.dll
    2007-10-28 15:52 2,486,272 —-a-w C:\WINDOWS\system32
    vwss.dll
    2007-10-28 15:52 188,416 —-a-w C:\WINDOWS\system32
    vmccss.dll
    2007-10-28 15:52 155,716 —-a-w C:\WINDOWS\system32
    vsvc32.exe
    2007-10-28 15:52 147,456 —-a-w C:\WINDOWS\system32
    vcolor.exe
    2007-10-28 15:52 1,703,936 —-a-w C:\WINDOWS\system32
    vwdmcpl.dll
    2007-10-28 15:52 1,626,112 —-a-w C:\WINDOWS\system32
    wiz.exe
    2007-10-28 15:52 1,478,656 —-a-w C:\WINDOWS\system32
    view.dll
    2007-10-28 15:52 1,339,392 —-a-w C:\WINDOWS\system32
    vdspsch.exe
    2007-10-28 15:52 1,212,416 —-a-w C:\WINDOWS\system32
    vmobls.dll
    2007-10-28 15:52 1,019,904 —-a-w C:\WINDOWS\system32
    vwimg.dll
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-02 16:45 4,109,376 —-a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-28 17:07 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 17:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 17:05 739,840 —-a-w C:\WINDOWS\system32\divx.dll
    2007-09-04 17:56 164,352 —-a-w C:\WINDOWS\system32\unrar.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}]
    2007-11-10 03:54 36864 ——— C:\WINDOWS\system32\ljjjhgf.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13]
    "MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59]
    "AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52]
    "nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
    "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
    "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsHistory"=01000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}"= C:\WINDOWS\system32\ljjjhgf.dll [2007-11-10 03:54 36864]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\ljjjhgf]
    ljjjhgf.dll 2007-11-10 03:54 36864 C:\WINDOWS\system32\ljjjhgf.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
    R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
    R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
    S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
    S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers
    vtcam.sys
    S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-10 13:38:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-10 13:39:25
    .
    — E O F —

    Hijackthis log ná combofix.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:42:52, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\RMClock\RMClock.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\total commander\TOTALCMD.EXE
    C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
    C:\Program Files\BitSpirit\BitSpirit.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijack This\HiJackThis.exe

    O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)


    End of file - 4961 bytes
  • Nogmaals geprobeerd met die tool van f-secure, lukt in tweede instantie wel. Het bestand is iig weg, en er is geen andere bijgekomen in hijackthis. Of jij moet nog iets zien?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:47:28, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
    C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\RMClock\RMClock.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\total commander\TOTALCMD.EXE
    C:\Program Files\Hijack This\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe


    End of file - 3983 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:012df8e898][b:012df8e898]
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=181773

    Collect::[4]
    C:\WINDOWS\system32\ljjjhgf.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}"=-

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\ljjjhgf]



    [/color:012df8e898][/b:012df8e898]
    [/list:u:012df8e898]Sla dit op op je Bureaublad als [b:012df8e898]CFScript.txt[/b:012df8e898].

    Sleep [b:012df8e898]CFScript.txt[/b:012df8e898] in [b:012df8e898]ComboFix.exe[/b:012df8e898] zoals getoond in onderstaand voorbeeld :

    [img:012df8e898]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:012df8e898]

    Dit zal [b:012df8e898]ComboFix[/b:012df8e898] doen herstarten.

    Aanvullend zal ComboFix een gezipt bestand op je Bureaublad plaatsen, met de naam [4]-Submit_2007-08-21…zip
    Na afloop van de scan zal een venstertje verschijnen met de titel "Submit files for further analysis",
    klik op [b:012df8e898]OK[/b:012df8e898] om de upload-pagina te openen.

    [b:012df8e898]kopieer[/b:012df8e898] de vetgedrukte padbeschrijving van de pagina en plak het in het invulvenster.
    Klik op [b:012df8e898]Send File[/b:012df8e898].

    Voorbeeld: http://img.photobucket.com/albums/v666/sUBs/CF-Submit.gif

    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:012df8e898]Combofix.txt[/b:012df8e898] in je volgende antwoord.
    Post ter controle ook nog een nieuw log van hijackthis.
  • O ja Gerben, ze zijn niet meer te zien, waarschijnlijk verborgen nu.

    Geen O2 en O20 gevonden en dat wijst doorgaans op vundo.
    Voer de bovenstaande fix uit, ze kunnen daarmee de tool updaten en dan word het wel verwijderd.
  • Geen zipfile te zien. Twee keer gedaan voor de zekerheid. Na die fix van f-secure stond er overigens wel een ljjjhgf.dll.bak op de schijf. Bij herhaling van de fix vindt ie niets (de vorige keer dus wel).


    ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 18:47:39.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.746 [GMT 1:00]
    Running from: G:\downloads\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Gerben Hoekstra\Desktop\cfscript.txt
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
    .

    2007-11-10 16:34 <DIR> d——– C:\tmp
    2007-11-10 14:00 <DIR> d——– c:\Program Files\Unlocker
    2007-11-10 12:47 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-10 12:36 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\DoctorWeb
    2007-11-09 18:06 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic
    2007-11-09 17:30 <DIR> d——– c:\Program Files\a-squared HiJackFree
    2007-11-09 17:29 <DIR> d——– c:\Program Files\a-squared Free
    2007-11-09 17:10 <DIR> d——– c:\Program Files\VideoLAN
    2007-11-09 17:09 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc
    2007-11-09 17:08 <DIR> d——– c:\Program Files\K-Lite Codec Pack
    2007-11-08 19:56 <DIR> d——– C:\WINDOWS
    view
    2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
    2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32
    vudisp.exe
    2007-11-08 13:16 <DIR> d——– c:\Program Files\Realtek AC97
    2007-11-08 13:07 <DIR> d——– c:\Program Files\Driver Sweeper
    2007-11-08 13:00 <DIR> d——– c:\Program Files\UPHClean
    2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 6.0
    2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 4.0
    2007-11-08 12:45 1,104,896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-11-08 12:45 851,968 —–c— C:\WINDOWS\system32\dllcache\vgx.dll
    2007-11-08 12:45 549,376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-11-08 12:45 60,032 —–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
    2007-11-08 12:43 <DIR> d——– c:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-08 12:42 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
    2007-11-08 12:40 1,146,184 –a—— C:\WINDOWS\system32\FM20.DLL
    2007-11-08 12:40 40,960 –a—— C:\WINDOWS\system32\SSUBTMR6.DLL
    2007-11-08 12:40 32,584 –a—— C:\WINDOWS\system32\FM20ENU.DLL
    2007-11-08 12:40 10,752 –a—— C:\WINDOWS\system32\aamd532.dll
    2007-11-08 03:55 <DIR> d——– c:\Program Files\RMClock
    2007-11-07 14:23 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit
    2007-11-07 13:13 87,040 –a—— C:\WINDOWS\system32\wiafbdrv.dll
    2007-11-07 13:13 13,312 –a—— C:\WINDOWS\system32\hpsjmcro.dll
    2007-11-07 13:13 12,160 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-07 13:13 10,880 –a—— C:\WINDOWS\system32\drivers\scsiscan.sys
    2007-11-07 12:13 16,256 –a—— C:\WINDOWS\system32\drivers\symc810.sys
    2007-11-07 12:13 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-10 17:46 ——— d—–w c:\program files\\PeerGuardian2
    2007-11-10 17:42 ——— d—–w c:\program files\\Mozilla Firefox
    2007-11-10 15:47 ——— d—–w c:\program files\\Hijack This
    2007-11-10 15:38 ——— d—–w c:\program files\\Spybot - Search & Destroy
    2007-11-10 15:32 ——— d—–w c:\program files\\Unlocker
    2007-11-10 14:20 ——— d—–w c:\program files\\Common Files
    2007-11-10 13:18 3,888 —-a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
    2007-11-10 13:06 ——— d—–w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7
    2007-11-10 03:19 ——— d—–w c:\program files\\a-squared Free
    2007-11-09 16:30 ——— d—–w c:\program files\\a-squared HiJackFree
    2007-11-09 16:10 ——— d—–w c:\program files\\VideoLAN
    2007-11-09 16:08 ——— d—–w c:\program files\\K-Lite Codec Pack
    2007-11-08 18:30 ——— d–h–w c:\program files\\InstallShield Installation Information
    2007-11-08 12:16 ——— d—–w c:\program files\\Realtek AC97
    2007-11-08 12:08 ——— d—–w c:\program files\\Driver Sweeper
    2007-11-08 12:00 ——— d—–w c:\program files\\UPHClean
    2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 6.0
    2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 4.0
    2007-11-08 11:45 ——— d—–w c:\program files\\Internet Explorer
    2007-11-08 11:43 ——— d—–w c:\program files\\Outlook Express
    2007-11-08 11:43 ——— d—–w c:\program files\\Microsoft CAPICOM 2.1.0.2
    2007-11-08 03:07 ——— d—–w c:\program files\\Opera
    2007-11-08 02:55 ——— d—–w c:\program files\\RMClock
    2007-11-07 21:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-07 20:55 ——— d—–w c:\program files\\SpywareBlaster
    2007-11-07 20:53 ——— d—–w c:\program files\\IrfanView
    2007-11-07 12:59 ——— d—–w c:\program files\\BitSpirit
    2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32
    vwddi.dll
    2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32
    vmctray.dll
    2007-10-28 15:52 8,531,968 —-a-w C:\WINDOWS\system32
    vcpl.dll
    2007-10-28 15:52 757,760 —-a-w C:\WINDOWS\system32
    vcplui.exe
    2007-10-28 15:52 7,424,992 —-a-w C:\WINDOWS\system32\drivers
    v4_mini.sys
    2007-10-28 15:52 6,901,760 —-a-w C:\WINDOWS\system32
    voglnt.dll
    2007-10-28 15:52 6,541,312 —-a-w C:\WINDOWS\system32
    vdisps.dll
    2007-10-28 15:52 5,768,320 —-a-w C:\WINDOWS\system32
    v4_disp.dll
    2007-10-28 15:52 466,944 —-a-w C:\WINDOWS\system32
    vshell.dll
    2007-10-28 15:52 45,056 —-a-w C:\WINDOWS\system32
    vmccsrs.dll
    2007-10-28 15:52 442,368 —-a-w C:\WINDOWS\system32
    vappbar.exe
    2007-10-28 15:52 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
    2007-10-28 15:52 380,928 —-a-w C:\WINDOWS\system32
    vapi.dll
    2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32
    vcodins.dll
    2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32
    vcod.dll
    2007-10-28 15:52 307,200 —-a-w C:\WINDOWS\system32
    vexpbar.dll
    2007-10-28 15:52 3,698,688 —-a-w C:\WINDOWS\system32
    vvitvs.dll
    2007-10-28 15:52 3,407,872 —-a-w C:\WINDOWS\system32
    vgames.dll
    2007-10-28 15:52 286,720 —-a-w C:\WINDOWS\system32
    vnt4cpl.dll
    2007-10-28 15:52 229,376 —-a-w C:\WINDOWS\system32
    vmccs.dll
    2007-10-28 15:52 2,486,272 —-a-w C:\WINDOWS\system32
    vwss.dll
    2007-10-28 15:52 188,416 —-a-w C:\WINDOWS\system32
    vmccss.dll
    2007-10-28 15:52 155,716 —-a-w C:\WINDOWS\system32
    vsvc32.exe
    2007-10-28 15:52 147,456 —-a-w C:\WINDOWS\system32
    vcolor.exe
    2007-10-28 15:52 1,703,936 —-a-w C:\WINDOWS\system32
    vwdmcpl.dll
    2007-10-28 15:52 1,626,112 —-a-w C:\WINDOWS\system32
    wiz.exe
    2007-10-28 15:52 1,478,656 —-a-w C:\WINDOWS\system32
    view.dll
    2007-10-28 15:52 1,339,392 —-a-w C:\WINDOWS\system32
    vdspsch.exe
    2007-10-28 15:52 1,212,416 —-a-w C:\WINDOWS\system32
    vmobls.dll
    2007-10-28 15:52 1,019,904 —-a-w C:\WINDOWS\system32
    vwimg.dll
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-02 16:45 4,109,376 —-a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-28 17:07 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 17:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 17:05 739,840 —-a-w C:\WINDOWS\system32\divx.dll
    2007-09-04 17:56 164,352 —-a-w C:\WINDOWS\system32\unrar.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13]
    "MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59]
    "AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52]
    "nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
    "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
    "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsHistory"=01000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
    R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
    R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
    S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys
    S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
    S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers
    vtcam.sys
    S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-10 18:48:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-10 18:48:19
    C:\ComboFix2.txt … 2007-11-10 18:42
    .
    — E O F —




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:53:04, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
    C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\RMClock\RMClock.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\total commander\TOTALCMD.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijack This\HiJackThis.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)


    End of file - 4232 bytes
  • tja tja tja, hmmm

    Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak [b:0f0847ed45]Combofix /U[/b:0f0847ed45], kies optie [b:0f0847ed45]2[/b:0f0847ed45] en Enter.
    Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.



    En probeer deze opnieuw te downloaden.

    Download [b:0f0847ed45]Combofix[/color:0f0847ed45][/b:0f0847ed45] naar je Bureaublad.[list:0f0847ed45]
    Dubbelklik op [b:0f0847ed45]Combofix.exe[/b:0f0847ed45]
    Volg de instructies, aanvaard de disclaimer door [b:0f0847ed45]1[/b:0f0847ed45] (continue) te typen gevolgd door [b:0f0847ed45]ENTER[/b:0f0847ed45].
    Tijdens het runnen van de fix, [b:0f0847ed45]NIET[/b:0f0847ed45] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:0f0847ed45]
    Wanneer de fix voltooid is en na herstart, zal de log [b:0f0847ed45]combofix.txt[/b:0f0847ed45] openen.
    [i:0f0847ed45]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:0f0847ed45]

    OPMERKING: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
  • ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 22:14:59.8 - NTFSx86
    Running from: G:\downloads\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
    .

    2007-11-10 19:15 <DIR> d——– C:\Program Files\Common Files\Java
    2007-11-10 19:15 <DIR> d——– c:\Program Files\Java
    2007-11-10 16:34 <DIR> d——– C:\tmp
    2007-11-10 14:00 <DIR> d——– c:\Program Files\Unlocker
    2007-11-10 12:47 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-10 12:36 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\DoctorWeb
    2007-11-09 18:06 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic
    2007-11-09 17:30 <DIR> d——– c:\Program Files\a-squared HiJackFree
    2007-11-09 17:29 <DIR> d——– c:\Program Files\a-squared Free
    2007-11-09 17:10 <DIR> d——– c:\Program Files\VideoLAN
    2007-11-09 17:09 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc
    2007-11-09 17:08 <DIR> d——– c:\Program Files\K-Lite Codec Pack
    2007-11-08 19:56 <DIR> d——– C:\WINDOWS
    view
    2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
    2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32
    vudisp.exe
    2007-11-08 13:16 <DIR> d——– c:\Program Files\Realtek AC97
    2007-11-08 13:07 <DIR> d——– c:\Program Files\Driver Sweeper
    2007-11-08 13:00 <DIR> d——– c:\Program Files\UPHClean
    2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 6.0
    2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 4.0
    2007-11-08 12:45 1,104,896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-11-08 12:45 851,968 —–c— C:\WINDOWS\system32\dllcache\vgx.dll
    2007-11-08 12:45 549,376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-11-08 12:45 60,032 —–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
    2007-11-08 12:43 <DIR> d——– c:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-08 12:42 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
    2007-11-08 12:40 1,146,184 –a—— C:\WINDOWS\system32\FM20.DLL
    2007-11-08 12:40 40,960 –a—— C:\WINDOWS\system32\SSUBTMR6.DLL
    2007-11-08 12:40 32,584 –a—— C:\WINDOWS\system32\FM20ENU.DLL
    2007-11-08 12:40 10,752 –a—— C:\WINDOWS\system32\aamd532.dll
    2007-11-08 03:55 <DIR> d——– c:\Program Files\RMClock
    2007-11-07 14:23 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit
    2007-11-07 13:13 87,040 –a—— C:\WINDOWS\system32\wiafbdrv.dll
    2007-11-07 13:13 13,312 –a—— C:\WINDOWS\system32\hpsjmcro.dll
    2007-11-07 13:13 12,160 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-07 13:13 10,880 –a—— C:\WINDOWS\system32\drivers\scsiscan.sys
    2007-11-07 12:13 16,256 –a—— C:\WINDOWS\system32\drivers\symc810.sys
    2007-11-07 12:13 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-10 21:15 ——— d—–w c:\program files\\PeerGuardian2
    2007-11-10 21:06 ——— d—–w c:\program files\\Mozilla Firefox
    2007-11-10 18:15 ——— d—–w c:\program files\\Java
    2007-11-10 18:15 ——— d—–w c:\program files\\Common Files
    2007-11-10 17:52 ——— d—–w c:\program files\\Hijack This
    2007-11-10 15:38 ——— d—–w c:\program files\\Spybot - Search & Destroy
    2007-11-10 15:32 ——— d—–w c:\program files\\Unlocker
    2007-11-10 13:18 3,888 —-a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
    2007-11-10 13:06 ——— d—–w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7
    2007-11-10 03:19 ——— d—–w c:\program files\\a-squared Free
    2007-11-09 16:30 ——— d—–w c:\program files\\a-squared HiJackFree
    2007-11-09 16:10 ——— d—–w c:\program files\\VideoLAN
    2007-11-09 16:08 ——— d—–w c:\program files\\K-Lite Codec Pack
    2007-11-08 18:30 ——— d–h–w c:\program files\\InstallShield Installation Information
    2007-11-08 12:16 ——— d—–w c:\program files\\Realtek AC97
    2007-11-08 12:08 ——— d—–w c:\program files\\Driver Sweeper
    2007-11-08 12:00 ——— d—–w c:\program files\\UPHClean
    2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 6.0
    2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 4.0
    2007-11-08 11:45 ——— d—–w c:\program files\\Internet Explorer
    2007-11-08 11:43 ——— d—–w c:\program files\\Outlook Express
    2007-11-08 11:43 ——— d—–w c:\program files\\Microsoft CAPICOM 2.1.0.2
    2007-11-08 03:07 ——— d—–w c:\program files\\Opera
    2007-11-08 02:55 ——— d—–w c:\program files\\RMClock
    2007-11-07 21:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-07 20:55 ——— d—–w c:\program files\\SpywareBlaster
    2007-11-07 20:53 ——— d—–w c:\program files\\IrfanView
    2007-11-07 12:59 ——— d—–w c:\program files\\BitSpirit
    2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32
    vwddi.dll
    2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32
    vmctray.dll
    2007-10-28 15:52 8,531,968 —-a-w C:\WINDOWS\system32
    vcpl.dll
    2007-10-28 15:52 757,760 —-a-w C:\WINDOWS\system32
    vcplui.exe
    2007-10-28 15:52 7,424,992 —-a-w C:\WINDOWS\system32\drivers
    v4_mini.sys
    2007-10-28 15:52 6,901,760 —-a-w C:\WINDOWS\system32
    voglnt.dll
    2007-10-28 15:52 6,541,312 —-a-w C:\WINDOWS\system32
    vdisps.dll
    2007-10-28 15:52 5,768,320 —-a-w C:\WINDOWS\system32
    v4_disp.dll
    2007-10-28 15:52 466,944 —-a-w C:\WINDOWS\system32
    vshell.dll
    2007-10-28 15:52 45,056 —-a-w C:\WINDOWS\system32
    vmccsrs.dll
    2007-10-28 15:52 442,368 —-a-w C:\WINDOWS\system32
    vappbar.exe
    2007-10-28 15:52 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
    2007-10-28 15:52 380,928 —-a-w C:\WINDOWS\system32
    vapi.dll
    2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32
    vcodins.dll
    2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32
    vcod.dll
    2007-10-28 15:52 307,200 —-a-w C:\WINDOWS\system32
    vexpbar.dll
    2007-10-28 15:52 3,698,688 —-a-w C:\WINDOWS\system32
    vvitvs.dll
    2007-10-28 15:52 3,407,872 —-a-w C:\WINDOWS\system32
    vgames.dll
    2007-10-28 15:52 286,720 —-a-w C:\WINDOWS\system32
    vnt4cpl.dll
    2007-10-28 15:52 229,376 —-a-w C:\WINDOWS\system32
    vmccs.dll
    2007-10-28 15:52 2,486,272 —-a-w C:\WINDOWS\system32
    vwss.dll
    2007-10-28 15:52 188,416 —-a-w C:\WINDOWS\system32
    vmccss.dll
    2007-10-28 15:52 155,716 —-a-w C:\WINDOWS\system32
    vsvc32.exe
    2007-10-28 15:52 147,456 —-a-w C:\WINDOWS\system32
    vcolor.exe
    2007-10-28 15:52 1,703,936 —-a-w C:\WINDOWS\system32
    vwdmcpl.dll
    2007-10-28 15:52 1,626,112 —-a-w C:\WINDOWS\system32
    wiz.exe
    2007-10-28 15:52 1,478,656 —-a-w C:\WINDOWS\system32
    view.dll
    2007-10-28 15:52 1,339,392 —-a-w C:\WINDOWS\system32
    vdspsch.exe
    2007-10-28 15:52 1,212,416 —-a-w C:\WINDOWS\system32
    vmobls.dll
    2007-10-28 15:52 1,019,904 —-a-w C:\WINDOWS\system32
    vwimg.dll
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-02 16:45 4,109,376 —-a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-28 17:07 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 17:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 17:05 739,840 —-a-w C:\WINDOWS\system32\divx.dll
    2007-09-04 17:56 164,352 —-a-w C:\WINDOWS\system32\unrar.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13]
    "MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59]
    "AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52]
    "nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52]
    "SunJavaUpdateSched"="C:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
    "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
    "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsHistory"=01000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
    R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
    R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
    S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys
    S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
    S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers
    vtcam.sys
    S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-10 22:15:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-10 22:16:28
    C:\ComboFix2.txt … 2007-11-10 18:48
    C:\ComboFix3.txt … 2007-11-10 18:42
    .
    — E O F —
  • Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
    [b:a0bb3a6950]

    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


    [/b:a0bb3a6950][/color:a0bb3a6950]


    Sla dit op op je Bureaublad als [b:a0bb3a6950]CFScript.txt[/b:a0bb3a6950].


    Sleep [b:a0bb3a6950]CFScript.txt[/b:a0bb3a6950] in [b:a0bb3a6950]ComboFix.exe[/b:a0bb3a6950] zoals getoond in onderstaand voorbeeld :

    [img:a0bb3a6950]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:a0bb3a6950]

    Dit zal [b:a0bb3a6950]ComboFix[/b:a0bb3a6950] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:a0bb3a6950]Combofix.txt[/b:a0bb3a6950] in je volgende antwoord samen met een nieuw HijackThislogje.

    nog ergens last van nu?
  • U kan klagen over deze infectie en de makers ervan op onderstaande site.

    http://www.malwarecomplaints.info/viewtopic.php?t=2157

    [b:734ae725bc]Uw klacht moet het volgende bevatten: [/b:734ae725bc][/color:734ae725bc]
    [b:734ae725bc]
    * In welke stad u woont.

    * Welke infectie u heeft/had op uw pc.

    * Als het mogelijk is, het Internetadres waar u besmet werd.

    * Hoeveel geld en tijd u hierin hebt ingestoken om het van uw pc te verwijderen.

    * Wat wilt u dat de regering aan dit probleem doet. [/b:734ae725bc]

    [b:734ae725bc]Gelieve geen aanstootgevende taal te gebruiken.[/b:734ae725bc][/color:734ae725bc]
  • Voorzover ik zo kan zien geen problemen.

    ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-11 13:58:18.11 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.725 [GMT 1:00]
    Running from: C:\Documents and Settings\Gerben Hoekstra\Desktop\ComboFix(2).exe
    Command switches used :: C:\Documents and Settings\Gerben Hoekstra\Desktop\cfscript.txt
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
    .

    2007-11-11 00:59 <DIR> d——– c:\Program Files\Lightsmark 2007
    2007-11-10 19:15 <DIR> d——– C:\Program Files\Common Files\Java
    2007-11-10 19:15 <DIR> d——– c:\Program Files\Java
    2007-11-10 16:34 <DIR> d——– C:\tmp
    2007-11-10 14:00 <DIR> d——– c:\Program Files\Unlocker
    2007-11-10 12:47 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-10 12:36 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\DoctorWeb
    2007-11-09 18:06 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic
    2007-11-09 17:30 <DIR> d——– c:\Program Files\a-squared HiJackFree
    2007-11-09 17:29 <DIR> d——– c:\Program Files\a-squared Free
    2007-11-09 17:10 <DIR> d——– c:\Program Files\VideoLAN
    2007-11-09 17:09 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc
    2007-11-09 17:08 <DIR> d——– c:\Program Files\K-Lite Codec Pack
    2007-11-08 19:56 <DIR> d——– C:\WINDOWS
    view
    2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
    2007-11-08 19:56 356,352 –a—— C:\WINDOWS\system32
    vudisp.exe
    2007-11-08 13:16 <DIR> d——– c:\Program Files\Realtek AC97
    2007-11-08 13:07 <DIR> d——– c:\Program Files\Driver Sweeper
    2007-11-08 13:00 <DIR> d——– c:\Program Files\UPHClean
    2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 6.0
    2007-11-08 12:45 <DIR> d——– c:\Program Files\MSXML 4.0
    2007-11-08 12:45 1,104,896 —–c— C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-11-08 12:45 851,968 —–c— C:\WINDOWS\system32\dllcache\vgx.dll
    2007-11-08 12:45 549,376 —–c— C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-11-08 12:45 60,032 —–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
    2007-11-08 12:43 <DIR> d——– c:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-08 12:42 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
    2007-11-08 12:40 1,146,184 –a—— C:\WINDOWS\system32\FM20.DLL
    2007-11-08 12:40 40,960 –a—— C:\WINDOWS\system32\SSUBTMR6.DLL
    2007-11-08 12:40 32,584 –a—— C:\WINDOWS\system32\FM20ENU.DLL
    2007-11-08 12:40 10,752 –a—— C:\WINDOWS\system32\aamd532.dll
    2007-11-08 03:55 <DIR> d——– c:\Program Files\RMClock
    2007-11-07 14:23 <DIR> d——– C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit
    2007-11-07 13:13 87,040 –a—— C:\WINDOWS\system32\wiafbdrv.dll
    2007-11-07 13:13 13,312 –a—— C:\WINDOWS\system32\hpsjmcro.dll
    2007-11-07 13:13 12,160 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-07 13:13 10,880 –a—— C:\WINDOWS\system32\drivers\scsiscan.sys
    2007-11-07 12:13 16,256 –a—— C:\WINDOWS\system32\drivers\symc810.sys
    2007-11-07 12:13 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys
    2007-11-05 21:18 56 –a—— C:\WINDOWS\UninstallLightsmark2007.bat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-11 12:58 ——— d—–w c:\program files\\PeerGuardian2
    2007-11-11 12:36 ——— d—–w c:\program files\\Mozilla Firefox
    2007-11-11 00:00 ——— d—–w c:\program files\\Lightsmark 2007
    2007-11-10 18:15 ——— d—–w c:\program files\\Java
    2007-11-10 18:15 ——— d—–w c:\program files\\Common Files
    2007-11-10 17:52 ——— d—–w c:\program files\\Hijack This
    2007-11-10 15:38 ——— d—–w c:\program files\\Spybot - Search & Destroy
    2007-11-10 15:32 ——— d—–w c:\program files\\Unlocker
    2007-11-10 13:18 3,888 —-a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
    2007-11-10 13:06 ——— d—–w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7
    2007-11-10 03:19 ——— d—–w c:\program files\\a-squared Free
    2007-11-09 16:30 ——— d—–w c:\program files\\a-squared HiJackFree
    2007-11-09 16:10 ——— d—–w c:\program files\\VideoLAN
    2007-11-09 16:08 ——— d—–w c:\program files\\K-Lite Codec Pack
    2007-11-08 18:30 ——— d–h–w c:\program files\\InstallShield Installation Information
    2007-11-08 12:16 ——— d—–w c:\program files\\Realtek AC97
    2007-11-08 12:08 ——— d—–w c:\program files\\Driver Sweeper
    2007-11-08 12:00 ——— d—–w c:\program files\\UPHClean
    2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 6.0
    2007-11-08 11:45 ——— d—–w c:\program files\\MSXML 4.0
    2007-11-08 11:45 ——— d—–w c:\program files\\Internet Explorer
    2007-11-08 11:43 ——— d—–w c:\program files\\Outlook Express
    2007-11-08 11:43 ——— d—–w c:\program files\\Microsoft CAPICOM 2.1.0.2
    2007-11-08 03:07 ——— d—–w c:\program files\\Opera
    2007-11-08 02:55 ——— d—–w c:\program files\\RMClock
    2007-11-07 21:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-07 20:55 ——— d—–w c:\program files\\SpywareBlaster
    2007-11-07 20:53 ——— d—–w c:\program files\\IrfanView
    2007-11-07 12:59 ——— d—–w c:\program files\\BitSpirit
    2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32
    vwddi.dll
    2007-10-28 15:52 81,920 —-a-w C:\WINDOWS\system32
    vmctray.dll
    2007-10-28 15:52 8,531,968 —-a-w C:\WINDOWS\system32
    vcpl.dll
    2007-10-28 15:52 757,760 —-a-w C:\WINDOWS\system32
    vcplui.exe
    2007-10-28 15:52 7,424,992 —-a-w C:\WINDOWS\system32\drivers
    v4_mini.sys
    2007-10-28 15:52 6,901,760 —-a-w C:\WINDOWS\system32
    voglnt.dll
    2007-10-28 15:52 6,541,312 —-a-w C:\WINDOWS\system32
    vdisps.dll
    2007-10-28 15:52 5,768,320 —-a-w C:\WINDOWS\system32
    v4_disp.dll
    2007-10-28 15:52 466,944 —-a-w C:\WINDOWS\system32
    vshell.dll
    2007-10-28 15:52 45,056 —-a-w C:\WINDOWS\system32
    vmccsrs.dll
    2007-10-28 15:52 442,368 —-a-w C:\WINDOWS\system32
    vappbar.exe
    2007-10-28 15:52 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
    2007-10-28 15:52 380,928 —-a-w C:\WINDOWS\system32
    vapi.dll
    2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32
    vcodins.dll
    2007-10-28 15:52 35,328 —-a-w C:\WINDOWS\system32
    vcod.dll
    2007-10-28 15:52 307,200 —-a-w C:\WINDOWS\system32
    vexpbar.dll
    2007-10-28 15:52 3,698,688 —-a-w C:\WINDOWS\system32
    vvitvs.dll
    2007-10-28 15:52 3,407,872 —-a-w C:\WINDOWS\system32
    vgames.dll
    2007-10-28 15:52 286,720 —-a-w C:\WINDOWS\system32
    vnt4cpl.dll
    2007-10-28 15:52 229,376 —-a-w C:\WINDOWS\system32
    vmccs.dll
    2007-10-28 15:52 2,486,272 —-a-w C:\WINDOWS\system32
    vwss.dll
    2007-10-28 15:52 188,416 —-a-w C:\WINDOWS\system32
    vmccss.dll
    2007-10-28 15:52 155,716 —-a-w C:\WINDOWS\system32
    vsvc32.exe
    2007-10-28 15:52 147,456 —-a-w C:\WINDOWS\system32
    vcolor.exe
    2007-10-28 15:52 1,703,936 —-a-w C:\WINDOWS\system32
    vwdmcpl.dll
    2007-10-28 15:52 1,626,112 —-a-w C:\WINDOWS\system32
    wiz.exe
    2007-10-28 15:52 1,478,656 —-a-w C:\WINDOWS\system32
    view.dll
    2007-10-28 15:52 1,339,392 —-a-w C:\WINDOWS\system32
    vdspsch.exe
    2007-10-28 15:52 1,212,416 —-a-w C:\WINDOWS\system32
    vmobls.dll
    2007-10-28 15:52 1,019,904 —-a-w C:\WINDOWS\system32
    vwimg.dll
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-02 16:45 4,109,376 —-a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-28 17:07 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 17:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 17:05 739,840 —-a-w C:\WINDOWS\system32\divx.dll
    2007-09-04 17:56 164,352 —-a-w C:\WINDOWS\system32\unrar.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13]
    "MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59]
    "AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52]
    "nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52]
    "SunJavaUpdateSched"="C:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
    "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
    "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsHistory"=01000000

    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
    R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
    R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
    R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
    S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys
    S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
    S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers
    vtcam.sys
    S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys

    *Newly Created Service* - PGFILTER
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-11 13:58:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-11 13:59:09
    .
    — E O F —
  • Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.
    Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak [b:76cc1810ac]Combofix /U[/b:76cc1810ac], kies optie [b:76cc1810ac]2[/b:76cc1810ac] en Enter.
    Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.


    nog een klacht ingediend >?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.