Vraag & Antwoord

Beveiliging & privacy

hijackthis log

13 antwoorden
  • Ik heb iets op mijn systeem, wat er niet hoort. Probeert ook via explorer.exe contact te maken met een vage site. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:01:27, on 11/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\RMClock\RMClock.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\total commander\TOTALCMD.EXE C:\WINDOWS\explorer.exe C:\Program Files\Hijack This\HiJackThis.exe O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) -- End of file - 4849 bytes Het gaat iig om deze file: jjjhgf.dll
  • OOO gerben toch. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:d3d0f65bde]Combofix[/b:d3d0f65bde][/url] naar je Bureaublad.[list:d3d0f65bde] Dubbelklik op [b:d3d0f65bde]Combofix.exe[/b:d3d0f65bde] Volg de instructies, aanvaard de disclaimer door [b:d3d0f65bde]1[/b:d3d0f65bde] (continue) te typen gevolgd door [b:d3d0f65bde]ENTER[/b:d3d0f65bde]. Tijdens het runnen van de fix, [b:d3d0f65bde]NIET[/b:d3d0f65bde] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:d3d0f65bde] Wanneer de fix voltooid is en na herstart, zal de log [b:d3d0f65bde]combofix.txt[/b:d3d0f65bde] openen. [i:d3d0f65bde]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:d3d0f65bde] Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:d3d0f65bde] O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll [/b:d3d0f65bde] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen.
  • Hijackthis kan ze niet verwijdern, had ik al geprobeerd. Killbox evenmin. Virustotal meent virtumonde te herkennen, o.a. door f-secure. Hun removal tool herkent het ook, maar verwijdert het niet. Vundofix evenmin. ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 13:38:15.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.348 [GMT 1:00] Running from: L:\trojan\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-10 12:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-10 12:36 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\DoctorWeb 2007-11-10 03:54 36,864 --------- C:\WINDOWS\system32\ljjjhgf.dll 2007-11-09 18:06 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic 2007-11-09 17:30 <DIR> d-------- c:\Program Files\a-squared HiJackFree 2007-11-09 17:29 <DIR> d-------- c:\Program Files\a-squared Free 2007-11-09 17:10 <DIR> d-------- c:\Program Files\VideoLAN 2007-11-09 17:09 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc 2007-11-09 17:08 <DIR> d-------- c:\Program Files\K-Lite Codec Pack 2007-11-08 19:56 <DIR> d-------- C:\WINDOWS\nview 2007-11-08 19:56 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-11-08 19:56 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-11-08 13:16 <DIR> d-------- c:\Program Files\Realtek AC97 2007-11-08 13:07 <DIR> d-------- c:\Program Files\Driver Sweeper 2007-11-08 13:00 <DIR> d-------- c:\Program Files\UPHClean 2007-11-08 12:45 <DIR> d-------- c:\Program Files\MSXML 6.0 2007-11-08 12:45 <DIR> d-------- c:\Program Files\MSXML 4.0 2007-11-08 12:45 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-11-08 12:45 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-11-08 12:45 549,376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-11-08 12:45 60,032 -----c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-11-08 12:43 <DIR> d-------- c:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-08 12:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-08 12:40 1,146,184 --a------ C:\WINDOWS\system32\FM20.DLL 2007-11-08 12:40 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL 2007-11-08 12:40 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL 2007-11-08 12:40 10,752 --a------ C:\WINDOWS\system32\aamd532.dll 2007-11-08 03:55 <DIR> d-------- c:\Program Files\RMClock 2007-11-07 14:23 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit 2007-11-07 13:13 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-11-07 13:13 13,312 --a------ C:\WINDOWS\system32\hpsjmcro.dll 2007-11-07 13:13 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-07 13:13 10,880 --a------ C:\WINDOWS\system32\drivers\scsiscan.sys 2007-11-07 12:13 16,256 --a------ C:\WINDOWS\system32\drivers\symc810.sys 2007-11-07 12:13 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-10 12:38 --------- d-----w c:\program files\\PeerGuardian2 2007-11-10 12:01 --------- d-----w c:\program files\\Hijack This 2007-11-10 11:57 --------- d-----w c:\program files\\Mozilla Firefox 2007-11-10 11:48 --------- d-----w c:\program files\\Common Files 2007-11-10 03:19 --------- d-----w c:\program files\\a-squared Free 2007-11-10 03:06 --------- d-----w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7 2007-11-09 16:30 --------- d-----w c:\program files\\a-squared HiJackFree 2007-11-09 16:10 --------- d-----w c:\program files\\VideoLAN 2007-11-09 16:08 --------- d-----w c:\program files\\K-Lite Codec Pack 2007-11-08 18:30 --------- d--h--w c:\program files\\InstallShield Installation Information 2007-11-08 12:16 --------- d-----w c:\program files\\Realtek AC97 2007-11-08 12:08 --------- d-----w c:\program files\\Driver Sweeper 2007-11-08 12:00 --------- d-----w c:\program files\\UPHClean 2007-11-08 11:45 --------- d-----w c:\program files\\MSXML 6.0 2007-11-08 11:45 --------- d-----w c:\program files\\MSXML 4.0 2007-11-08 11:45 --------- d-----w c:\program files\\Internet Explorer 2007-11-08 11:43 --------- d-----w c:\program files\\Outlook Express 2007-11-08 11:43 --------- d-----w c:\program files\\Microsoft CAPICOM 2.1.0.2 2007-11-08 03:07 --------- d-----w c:\program files\\Opera 2007-11-08 02:55 --------- d-----w c:\program files\\RMClock 2007-11-07 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 21:02 --------- d-----w c:\program files\\Spybot - Search & Destroy 2007-11-07 20:55 --------- d-----w c:\program files\\SpywareBlaster 2007-11-07 20:53 --------- d-----w c:\program files\\IrfanView 2007-11-07 12:59 --------- d-----w c:\program files\\BitSpirit 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-28 15:52 8,531,968 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-28 15:52 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-28 15:52 7,424,992 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-28 15:52 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-28 15:52 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-28 15:52 5,768,320 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-28 15:52 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-28 15:52 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-28 15:52 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-28 15:52 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-28 15:52 380,928 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-28 15:52 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-28 15:52 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-28 15:52 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-28 15:52 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-28 15:52 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-28 15:52 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-28 15:52 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-28 15:52 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-28 15:52 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-28 15:52 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-28 15:52 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-10-28 15:52 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-10-28 15:52 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-10-28 15:52 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-28 15:52 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 16:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-09-04 17:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}] 2007-11-10 03:54 36864 --------- C:\WINDOWS\system32\ljjjhgf.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13] "MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59] "AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52] "nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40] "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=01000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}"= C:\WINDOWS\system32\ljjjhgf.dll [2007-11-10 03:54 36864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhgf] ljjjhgf.dll 2007-11-10 03:54 36864 C:\WINDOWS\system32\ljjjhgf.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 13:38:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 13:39:25 . --- E O F --- Hijackthis log ná combofix. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:42:52, on 11/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\RMClock\RMClock.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\total commander\TOTALCMD.EXE C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe C:\Program Files\BitSpirit\BitSpirit.exe C:\WINDOWS\explorer.exe C:\Program Files\Hijack This\HiJackThis.exe O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - C:\WINDOWS\system32\ljjjhgf.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - Winlogon Notify: ljjjhgf - C:\WINDOWS\SYSTEM32\ljjjhgf.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) -- End of file - 4961 bytes
  • Nogmaals geprobeerd met die tool van f-secure, lukt in tweede instantie wel. Het bestand is iig weg, en er is geen andere bijgekomen in hijackthis. Of jij moet nog iets zien? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:47:28, on 11/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\RMClock\RMClock.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\total commander\TOTALCMD.EXE C:\Program Files\Hijack This\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe -- End of file - 3983 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:012df8e898][b:012df8e898][color=blue:012df8e898] http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=181773 Collect::[4] C:\WINDOWS\system32\ljjjhgf.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhgf] [/color:012df8e898][/b:012df8e898] [/list:u:012df8e898]Sla dit op op je Bureaublad als [b:012df8e898]CFScript.txt[/b:012df8e898]. Sleep [b:012df8e898]CFScript.txt[/b:012df8e898] in [b:012df8e898]ComboFix.exe[/b:012df8e898] zoals getoond in onderstaand voorbeeld : [img:012df8e898]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:012df8e898] Dit zal [b:012df8e898]ComboFix[/b:012df8e898] doen herstarten. Aanvullend zal ComboFix een gezipt bestand op je Bureaublad plaatsen, met de naam [4]-Submit_2007-08-21...zip Na afloop van de scan zal een venstertje verschijnen met de titel "Submit files for further analysis", klik op [b:012df8e898]OK[/b:012df8e898] om de upload-pagina te openen. [b:012df8e898]kopieer[/b:012df8e898] de vetgedrukte padbeschrijving van de pagina en plak het in het invulvenster. Klik op [b:012df8e898]Send File[/b:012df8e898]. Voorbeeld: [url=http://img.photobucket.com/albums/v666/sUBs/CF-Submit.gif]http://img.photobucket.com/albums/v666/sUBs/CF-Submit.gif[/url] Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:012df8e898]Combofix.txt[/b:012df8e898] in je volgende antwoord. Post ter controle ook nog een nieuw log van hijackthis.
  • O ja Gerben, ze zijn niet meer te zien, waarschijnlijk verborgen nu. Geen O2 en O20 gevonden en dat wijst doorgaans op vundo. Voer de bovenstaande fix uit, ze kunnen daarmee de tool updaten en dan word het wel verwijderd.
  • Geen zipfile te zien. Twee keer gedaan voor de zekerheid. Na die fix van f-secure stond er overigens wel een ljjjhgf.dll.bak op de schijf. Bij herhaling van de fix vindt ie niets (de vorige keer dus wel). ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 18:47:39.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.746 [GMT 1:00] Running from: G:\downloads\ComboFix.exe Command switches used :: C:\Documents and Settings\Gerben Hoekstra\Desktop\cfscript.txt . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-10 16:34 <DIR> d-------- C:\tmp 2007-11-10 14:00 <DIR> d-------- c:\Program Files\Unlocker 2007-11-10 12:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-10 12:36 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\DoctorWeb 2007-11-09 18:06 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic 2007-11-09 17:30 <DIR> d-------- c:\Program Files\a-squared HiJackFree 2007-11-09 17:29 <DIR> d-------- c:\Program Files\a-squared Free 2007-11-09 17:10 <DIR> d-------- c:\Program Files\VideoLAN 2007-11-09 17:09 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc 2007-11-09 17:08 <DIR> d-------- c:\Program Files\K-Lite Codec Pack 2007-11-08 19:56 <DIR> d-------- C:\WINDOWS\nview 2007-11-08 19:56 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-11-08 19:56 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-11-08 13:16 <DIR> d-------- c:\Program Files\Realtek AC97 2007-11-08 13:07 <DIR> d-------- c:\Program Files\Driver Sweeper 2007-11-08 13:00 <DIR> d-------- c:\Program Files\UPHClean 2007-11-08 12:45 <DIR> d-------- c:\Program Files\MSXML 6.0 2007-11-08 12:45 <DIR> d-------- c:\Program Files\MSXML 4.0 2007-11-08 12:45 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-11-08 12:45 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-11-08 12:45 549,376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-11-08 12:45 60,032 -----c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-11-08 12:43 <DIR> d-------- c:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-08 12:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-08 12:40 1,146,184 --a------ C:\WINDOWS\system32\FM20.DLL 2007-11-08 12:40 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL 2007-11-08 12:40 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL 2007-11-08 12:40 10,752 --a------ C:\WINDOWS\system32\aamd532.dll 2007-11-08 03:55 <DIR> d-------- c:\Program Files\RMClock 2007-11-07 14:23 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit 2007-11-07 13:13 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-11-07 13:13 13,312 --a------ C:\WINDOWS\system32\hpsjmcro.dll 2007-11-07 13:13 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-07 13:13 10,880 --a------ C:\WINDOWS\system32\drivers\scsiscan.sys 2007-11-07 12:13 16,256 --a------ C:\WINDOWS\system32\drivers\symc810.sys 2007-11-07 12:13 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-10 17:46 --------- d-----w c:\program files\\PeerGuardian2 2007-11-10 17:42 --------- d-----w c:\program files\\Mozilla Firefox 2007-11-10 15:47 --------- d-----w c:\program files\\Hijack This 2007-11-10 15:38 --------- d-----w c:\program files\\Spybot - Search & Destroy 2007-11-10 15:32 --------- d-----w c:\program files\\Unlocker 2007-11-10 14:20 --------- d-----w c:\program files\\Common Files 2007-11-10 13:18 3,888 ----a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS 2007-11-10 13:06 --------- d-----w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7 2007-11-10 03:19 --------- d-----w c:\program files\\a-squared Free 2007-11-09 16:30 --------- d-----w c:\program files\\a-squared HiJackFree 2007-11-09 16:10 --------- d-----w c:\program files\\VideoLAN 2007-11-09 16:08 --------- d-----w c:\program files\\K-Lite Codec Pack 2007-11-08 18:30 --------- d--h--w c:\program files\\InstallShield Installation Information 2007-11-08 12:16 --------- d-----w c:\program files\\Realtek AC97 2007-11-08 12:08 --------- d-----w c:\program files\\Driver Sweeper 2007-11-08 12:00 --------- d-----w c:\program files\\UPHClean 2007-11-08 11:45 --------- d-----w c:\program files\\MSXML 6.0 2007-11-08 11:45 --------- d-----w c:\program files\\MSXML 4.0 2007-11-08 11:45 --------- d-----w c:\program files\\Internet Explorer 2007-11-08 11:43 --------- d-----w c:\program files\\Outlook Express 2007-11-08 11:43 --------- d-----w c:\program files\\Microsoft CAPICOM 2.1.0.2 2007-11-08 03:07 --------- d-----w c:\program files\\Opera 2007-11-08 02:55 --------- d-----w c:\program files\\RMClock 2007-11-07 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 20:55 --------- d-----w c:\program files\\SpywareBlaster 2007-11-07 20:53 --------- d-----w c:\program files\\IrfanView 2007-11-07 12:59 --------- d-----w c:\program files\\BitSpirit 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-28 15:52 8,531,968 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-28 15:52 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-28 15:52 7,424,992 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-28 15:52 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-28 15:52 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-28 15:52 5,768,320 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-28 15:52 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-28 15:52 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-28 15:52 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-28 15:52 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-28 15:52 380,928 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-28 15:52 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-28 15:52 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-28 15:52 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-28 15:52 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-28 15:52 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-28 15:52 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-28 15:52 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-28 15:52 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-28 15:52 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-28 15:52 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-28 15:52 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-10-28 15:52 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-10-28 15:52 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-10-28 15:52 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-28 15:52 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 16:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-09-04 17:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13] "MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59] "AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52] "nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40] "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=01000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 18:48:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 18:48:19 C:\ComboFix2.txt ... 2007-11-10 18:42 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:04, on 11/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\RMClock\RMClock.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\total commander\TOTALCMD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijack This\HiJackThis.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) -- End of file - 4232 bytes
  • tja tja tja, hmmm Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak [b:0f0847ed45]Combofix /U[/b:0f0847ed45], kies optie [b:0f0847ed45]2[/b:0f0847ed45] en Enter. Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan. En probeer deze opnieuw te downloaden. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:0f0847ed45][color=green:0f0847ed45]Combofix[/color:0f0847ed45][/b:0f0847ed45][/url] naar je Bureaublad.[list:0f0847ed45] Dubbelklik op [b:0f0847ed45]Combofix.exe[/b:0f0847ed45] Volg de instructies, aanvaard de disclaimer door [b:0f0847ed45]1[/b:0f0847ed45] (continue) te typen gevolgd door [b:0f0847ed45]ENTER[/b:0f0847ed45]. Tijdens het runnen van de fix, [b:0f0847ed45]NIET[/b:0f0847ed45] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:0f0847ed45] Wanneer de fix voltooid is en na herstart, zal de log [b:0f0847ed45]combofix.txt[/b:0f0847ed45] openen. [i:0f0847ed45]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:0f0847ed45] OPMERKING: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
  • ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-10 22:14:59.8 - NTFSx86 Running from: G:\downloads\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-10 19:15 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-10 19:15 <DIR> d-------- c:\Program Files\Java 2007-11-10 16:34 <DIR> d-------- C:\tmp 2007-11-10 14:00 <DIR> d-------- c:\Program Files\Unlocker 2007-11-10 12:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-10 12:36 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\DoctorWeb 2007-11-09 18:06 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic 2007-11-09 17:30 <DIR> d-------- c:\Program Files\a-squared HiJackFree 2007-11-09 17:29 <DIR> d-------- c:\Program Files\a-squared Free 2007-11-09 17:10 <DIR> d-------- c:\Program Files\VideoLAN 2007-11-09 17:09 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc 2007-11-09 17:08 <DIR> d-------- c:\Program Files\K-Lite Codec Pack 2007-11-08 19:56 <DIR> d-------- C:\WINDOWS\nview 2007-11-08 19:56 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-11-08 19:56 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-11-08 13:16 <DIR> d-------- c:\Program Files\Realtek AC97 2007-11-08 13:07 <DIR> d-------- c:\Program Files\Driver Sweeper 2007-11-08 13:00 <DIR> d-------- c:\Program Files\UPHClean 2007-11-08 12:45 <DIR> d-------- c:\Program Files\MSXML 6.0 2007-11-08 12:45 <DIR> d-------- c:\Program Files\MSXML 4.0 2007-11-08 12:45 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-11-08 12:45 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-11-08 12:45 549,376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-11-08 12:45 60,032 -----c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-11-08 12:43 <DIR> d-------- c:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-08 12:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-08 12:40 1,146,184 --a------ C:\WINDOWS\system32\FM20.DLL 2007-11-08 12:40 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL 2007-11-08 12:40 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL 2007-11-08 12:40 10,752 --a------ C:\WINDOWS\system32\aamd532.dll 2007-11-08 03:55 <DIR> d-------- c:\Program Files\RMClock 2007-11-07 14:23 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit 2007-11-07 13:13 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-11-07 13:13 13,312 --a------ C:\WINDOWS\system32\hpsjmcro.dll 2007-11-07 13:13 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-07 13:13 10,880 --a------ C:\WINDOWS\system32\drivers\scsiscan.sys 2007-11-07 12:13 16,256 --a------ C:\WINDOWS\system32\drivers\symc810.sys 2007-11-07 12:13 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-10 21:15 --------- d-----w c:\program files\\PeerGuardian2 2007-11-10 21:06 --------- d-----w c:\program files\\Mozilla Firefox 2007-11-10 18:15 --------- d-----w c:\program files\\Java 2007-11-10 18:15 --------- d-----w c:\program files\\Common Files 2007-11-10 17:52 --------- d-----w c:\program files\\Hijack This 2007-11-10 15:38 --------- d-----w c:\program files\\Spybot - Search & Destroy 2007-11-10 15:32 --------- d-----w c:\program files\\Unlocker 2007-11-10 13:18 3,888 ----a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS 2007-11-10 13:06 --------- d-----w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7 2007-11-10 03:19 --------- d-----w c:\program files\\a-squared Free 2007-11-09 16:30 --------- d-----w c:\program files\\a-squared HiJackFree 2007-11-09 16:10 --------- d-----w c:\program files\\VideoLAN 2007-11-09 16:08 --------- d-----w c:\program files\\K-Lite Codec Pack 2007-11-08 18:30 --------- d--h--w c:\program files\\InstallShield Installation Information 2007-11-08 12:16 --------- d-----w c:\program files\\Realtek AC97 2007-11-08 12:08 --------- d-----w c:\program files\\Driver Sweeper 2007-11-08 12:00 --------- d-----w c:\program files\\UPHClean 2007-11-08 11:45 --------- d-----w c:\program files\\MSXML 6.0 2007-11-08 11:45 --------- d-----w c:\program files\\MSXML 4.0 2007-11-08 11:45 --------- d-----w c:\program files\\Internet Explorer 2007-11-08 11:43 --------- d-----w c:\program files\\Outlook Express 2007-11-08 11:43 --------- d-----w c:\program files\\Microsoft CAPICOM 2.1.0.2 2007-11-08 03:07 --------- d-----w c:\program files\\Opera 2007-11-08 02:55 --------- d-----w c:\program files\\RMClock 2007-11-07 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 20:55 --------- d-----w c:\program files\\SpywareBlaster 2007-11-07 20:53 --------- d-----w c:\program files\\IrfanView 2007-11-07 12:59 --------- d-----w c:\program files\\BitSpirit 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-28 15:52 8,531,968 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-28 15:52 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-28 15:52 7,424,992 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-28 15:52 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-28 15:52 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-28 15:52 5,768,320 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-28 15:52 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-28 15:52 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-28 15:52 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-28 15:52 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-28 15:52 380,928 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-28 15:52 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-28 15:52 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-28 15:52 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-28 15:52 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-28 15:52 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-28 15:52 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-28 15:52 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-28 15:52 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-28 15:52 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-28 15:52 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-28 15:52 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-10-28 15:52 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-10-28 15:52 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-10-28 15:52 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-28 15:52 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 16:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-09-04 17:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13] "MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59] "AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52] "nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52] "SunJavaUpdateSched"="C:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40] "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=01000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 22:15:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 22:16:28 C:\ComboFix2.txt ... 2007-11-10 18:48 C:\ComboFix3.txt ... 2007-11-10 18:42 . --- E O F ---
  • Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [b:a0bb3a6950][color=blue:a0bb3a6950] Registry:: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 [/b:a0bb3a6950][/color:a0bb3a6950] Sla dit op op je Bureaublad als [b:a0bb3a6950]CFScript.txt[/b:a0bb3a6950]. Sleep [b:a0bb3a6950]CFScript.txt[/b:a0bb3a6950] in [b:a0bb3a6950]ComboFix.exe[/b:a0bb3a6950] zoals getoond in onderstaand voorbeeld : [img:a0bb3a6950]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:a0bb3a6950] Dit zal [b:a0bb3a6950]ComboFix[/b:a0bb3a6950] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:a0bb3a6950]Combofix.txt[/b:a0bb3a6950] in je volgende antwoord samen met een nieuw HijackThislogje. nog ergens last van nu?
  • U kan klagen over deze infectie en de makers ervan op onderstaande site. http://www.malwarecomplaints.info/viewtopic.php?t=2157 [b:734ae725bc][color=purple:734ae725bc]Uw klacht moet het volgende bevatten: [/b:734ae725bc][/color:734ae725bc] [b:734ae725bc] * In welke stad u woont. * Welke infectie u heeft/had op uw pc. * Als het mogelijk is, het Internetadres waar u besmet werd. * Hoeveel geld en tijd u hierin hebt ingestoken om het van uw pc te verwijderen. * Wat wilt u dat de regering aan dit probleem doet. [/b:734ae725bc] [b:734ae725bc][color=red:734ae725bc]Gelieve geen aanstootgevende taal te gebruiken.[/b:734ae725bc][/color:734ae725bc]
  • Voorzover ik zo kan zien geen problemen. ComboFix 07-11-08.1 - Gerben Hoekstra 2007-11-11 13:58:18.11 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.725 [GMT 1:00] Running from: C:\Documents and Settings\Gerben Hoekstra\Desktop\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Gerben Hoekstra\Desktop\cfscript.txt . ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))) . 2007-11-11 00:59 <DIR> d-------- c:\Program Files\Lightsmark 2007 2007-11-10 19:15 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-10 19:15 <DIR> d-------- c:\Program Files\Java 2007-11-10 16:34 <DIR> d-------- C:\tmp 2007-11-10 14:00 <DIR> d-------- c:\Program Files\Unlocker 2007-11-10 12:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-10 12:36 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\DoctorWeb 2007-11-09 18:06 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\Media Player Classic 2007-11-09 17:30 <DIR> d-------- c:\Program Files\a-squared HiJackFree 2007-11-09 17:29 <DIR> d-------- c:\Program Files\a-squared Free 2007-11-09 17:10 <DIR> d-------- c:\Program Files\VideoLAN 2007-11-09 17:09 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\vlc 2007-11-09 17:08 <DIR> d-------- c:\Program Files\K-Lite Codec Pack 2007-11-08 19:56 <DIR> d-------- C:\WINDOWS\nview 2007-11-08 19:56 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-11-08 19:56 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-11-08 13:16 <DIR> d-------- c:\Program Files\Realtek AC97 2007-11-08 13:07 <DIR> d-------- c:\Program Files\Driver Sweeper 2007-11-08 13:00 <DIR> d-------- c:\Program Files\UPHClean 2007-11-08 12:45 <DIR> d-------- c:\Program Files\MSXML 6.0 2007-11-08 12:45 <DIR> d-------- c:\Program Files\MSXML 4.0 2007-11-08 12:45 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-11-08 12:45 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-11-08 12:45 549,376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-11-08 12:45 60,032 -----c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-11-08 12:43 <DIR> d-------- c:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-08 12:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-08 12:40 1,146,184 --a------ C:\WINDOWS\system32\FM20.DLL 2007-11-08 12:40 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL 2007-11-08 12:40 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL 2007-11-08 12:40 10,752 --a------ C:\WINDOWS\system32\aamd532.dll 2007-11-08 03:55 <DIR> d-------- c:\Program Files\RMClock 2007-11-07 14:23 <DIR> d-------- C:\Documents and Settings\Gerben Hoekstra\Application Data\BitSpirit 2007-11-07 13:13 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-11-07 13:13 13,312 --a------ C:\WINDOWS\system32\hpsjmcro.dll 2007-11-07 13:13 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-07 13:13 10,880 --a------ C:\WINDOWS\system32\drivers\scsiscan.sys 2007-11-07 12:13 16,256 --a------ C:\WINDOWS\system32\drivers\symc810.sys 2007-11-07 12:13 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-05 21:18 56 --a------ C:\WINDOWS\UninstallLightsmark2007.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 12:58 --------- d-----w c:\program files\\PeerGuardian2 2007-11-11 12:36 --------- d-----w c:\program files\\Mozilla Firefox 2007-11-11 00:00 --------- d-----w c:\program files\\Lightsmark 2007 2007-11-10 18:15 --------- d-----w c:\program files\\Java 2007-11-10 18:15 --------- d-----w c:\program files\\Common Files 2007-11-10 17:52 --------- d-----w c:\program files\\Hijack This 2007-11-10 15:38 --------- d-----w c:\program files\\Spybot - Search & Destroy 2007-11-10 15:32 --------- d-----w c:\program files\\Unlocker 2007-11-10 13:18 3,888 ----a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS 2007-11-10 13:06 --------- d-----w C:\Documents and Settings\Gerben Hoekstra\Application Data\AVG7 2007-11-10 03:19 --------- d-----w c:\program files\\a-squared Free 2007-11-09 16:30 --------- d-----w c:\program files\\a-squared HiJackFree 2007-11-09 16:10 --------- d-----w c:\program files\\VideoLAN 2007-11-09 16:08 --------- d-----w c:\program files\\K-Lite Codec Pack 2007-11-08 18:30 --------- d--h--w c:\program files\\InstallShield Installation Information 2007-11-08 12:16 --------- d-----w c:\program files\\Realtek AC97 2007-11-08 12:08 --------- d-----w c:\program files\\Driver Sweeper 2007-11-08 12:00 --------- d-----w c:\program files\\UPHClean 2007-11-08 11:45 --------- d-----w c:\program files\\MSXML 6.0 2007-11-08 11:45 --------- d-----w c:\program files\\MSXML 4.0 2007-11-08 11:45 --------- d-----w c:\program files\\Internet Explorer 2007-11-08 11:43 --------- d-----w c:\program files\\Outlook Express 2007-11-08 11:43 --------- d-----w c:\program files\\Microsoft CAPICOM 2.1.0.2 2007-11-08 03:07 --------- d-----w c:\program files\\Opera 2007-11-08 02:55 --------- d-----w c:\program files\\RMClock 2007-11-07 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 20:55 --------- d-----w c:\program files\\SpywareBlaster 2007-11-07 20:53 --------- d-----w c:\program files\\IrfanView 2007-11-07 12:59 --------- d-----w c:\program files\\BitSpirit 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-28 15:52 8,531,968 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-28 15:52 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-28 15:52 7,424,992 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-28 15:52 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-28 15:52 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-28 15:52 5,768,320 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-28 15:52 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-28 15:52 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-28 15:52 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-28 15:52 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-28 15:52 380,928 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-28 15:52 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-28 15:52 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-28 15:52 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-28 15:52 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-28 15:52 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-28 15:52 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-28 15:52 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-28 15:52 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-28 15:52 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-28 15:52 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-28 15:52 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-10-28 15:52 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-10-28 15:52 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-10-28 15:52 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-28 15:52 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 16:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-09-04 17:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 13:13] "MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 06:59] "AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 07:09] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52] "nwiz"="nwiz.exe" [2007-10-28 16:52 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52] "SunJavaUpdateSched"="C:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-06 08:31] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40] "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=01000000 R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys R3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys S0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys *Newly Created Service* - PGFILTER . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 13:58:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-11 13:59:09 . --- E O F ---
  • Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen. Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak [b:76cc1810ac]Combofix /U[/b:76cc1810ac], kies optie [b:76cc1810ac]2[/b:76cc1810ac] en Enter. Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan. nog een klacht ingediend >?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.