Vraag & Antwoord

Beveiliging & privacy

Trojan Vundo :(

12 antwoorden
  • Ik ben geloof ik de zoveelste die telkens de melding krijgt van norton dat het trojan vundo op zijn computer is gevonden. Ik ben niet zo goed met computers :oops: Hoe kom ik hiervan af? Groetjes Jeannette
  • Hoi Jeannette, Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je Bureaublad. [list:f6fe100e23] Dubbelklik [b:f6fe100e23]Combofix.exe[/b:f6fe100e23] Volg de instructies, aanvaard de disclaimer door "[b:f6fe100e23]1[/b:f6fe100e23]" te typen en te bevestigen via "[b:f6fe100e23]Enter[/b:f6fe100e23]". Tijdens het runnen van de fix, [b:f6fe100e23]NIET[/b:f6fe100e23] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:f6fe100e23] Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. [i:f6fe100e23]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:f6fe100e23] [b:f6fe100e23]Note:[/b:f6fe100e23] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren. Een hijackthis log kan je maken op onderstaande manier: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358 Succes! Pim
  • hijack kreeg ik dit: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:04, on 2-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Block Checker\block-checker.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\WINDOWS\explorer.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rayan-jawhar.babyhomepage.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.nl/center R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - (no file) O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {4DF3C52E-7CA9-439B-877D-B85E02F4AAA3} - C:\Documents and Settings\Tber\Local Settings\Application Data\microsoft\internet explorer\5inav.dat (file missing) O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vynqvzku.dll O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - C:\Program Files\Surfairy\SurfairyHlp.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C4716B29-2610-48FC-ACB2-B0E064B6AFB4} - C:\WINDOWS\system32\vtutt.dll O2 - BHO: (no name) - {F928F6B8-DCEE-8160-39A2-517C8B573D33} - C:\WINDOWS\Doedargp.dll (file missing) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vynqvzku.dll O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [dcc6f852] rundll32.exe "C:\WINDOWS\system32\xixvoxld.dll",b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.packardbell.nl/center O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnfotokalender.nl/quickshop/calendar/ImageUploader4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp11.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4341/mcfscan.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E4F0C.dat O20 - Winlogon Notify: vynqvzku - C:\WINDOWS\SYSTEM32\vynqvzku.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 10604 bytes En combofix zei dit: ComboFix 07-11-30.7 - Tber 2007-11-30 12:54:00.1 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Tber\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . ComboFix kreeg te maken met een onherstelbare fout!! Gelieve dit bestand - %g te uploaden - C:\ComboFix_error.dat naar : http://www.bleepingcomputer.com/submit-malware.php?channel=4 (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Fonts\' . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService (((((((((((((((((((( Bestanden Gemaakt van 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))) . 2007-11-30 13:35 . 2007-11-30 13:35 9,723 --a------ C:\ComboFix_error.dat 2007-11-30 12:00 . 2007-11-30 12:00 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-11-30 07:43 . 2007-11-30 13:59 105,003 ---hs---- C:\WINDOWS\system32\ttutv.ini2 2007-11-29 20:11 . 2007-11-29 20:11 77,888 --a------ C:\WINDOWS\system32\lomhgjnj.dll 2007-11-29 20:05 . 2007-11-29 20:05 784,965 ---hs---- C:\WINDOWS\system32\dlxovxix.ini 2007-11-29 20:02 . 2007-11-29 20:02 10,816 --------- C:\WINDOWS\system32\__c00E4F0C.dat 2007-11-29 19:57 . 2007-11-29 19:57 71,232 --a------ C:\WINDOWS\system32\bnfltwmb.exe 2007-11-28 16:56 . 2007-11-28 16:56 71,232 --a------ C:\WINDOWS\system32\urtkhojy.exe 2007-11-28 16:29 . 2007-11-28 16:29 <DIR> d-------- C:\Program Files\SymNetDrv 2007-11-28 16:16 . 2007-11-29 19:57 784,905 ---hs---- C:\WINDOWS\system32\hrnvewvv.ini 2007-11-28 16:12 . 2007-11-28 16:12 81,984 --a------ C:\WINDOWS\system32\llyyhtfx.dll 2007-11-28 16:09 . 2007-11-28 16:09 <DIR> d-------- C:\Program Files\WinAble 2007-11-28 16:09 . 2007-11-28 16:09 <DIR> d-------- C:\Program Files\Temporary 2007-11-28 16:05 . 2007-11-28 16:05 71,232 --a------ C:\WINDOWS\system32\sfgemvlt.exe 2007-11-28 16:05 . 2007-11-28 16:05 36,864 --a------ C:\WINDOWS\system32\awtusqp.dll 2007-11-27 23:46 . 2007-11-27 23:46 71,232 --a------ C:\WINDOWS\system32\frohsnqv.exe 2007-11-27 23:29 . 2007-11-28 16:04 784,665 ---hs---- C:\WINDOWS\system32\wfvcltpr.ini 2007-11-27 23:22 . 2007-11-30 11:48 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-11-27 23:22 . 2007-11-27 23:22 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-11-27 23:20 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-27 23:20 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-27 23:17 . 2007-11-27 23:17 71,232 --a------ C:\WINDOWS\system32\nioyspma.exe 2007-11-27 23:07 . 2007-11-27 23:07 71,232 --a------ C:\WINDOWS\system32\bckibyhx.exe 2007-11-27 22:50 . 2007-11-27 23:15 784,485 ---hs---- C:\WINDOWS\system32\gnuhdope.ini 2007-11-27 22:44 . 2007-11-27 22:44 71,232 --a------ C:\WINDOWS\system32\rhuraohh.exe 2007-11-27 22:00 . 2007-11-27 22:42 784,305 ---hs---- C:\WINDOWS\system32\rqqfnkoj.ini 2007-11-27 21:58 . 2007-11-27 21:58 71,232 --a------ C:\WINDOWS\system32\efjpkbhy.exe 2007-11-25 17:10 . 2007-11-25 17:10 775,952 ---hs---- C:\WINDOWS\system32\qqmxrimt.ini 2007-11-25 17:09 . 2007-11-25 17:09 79,936 --a------ C:\WINDOWS\system32\lueevako.dll 2007-11-25 17:00 . 2007-11-25 17:00 71,232 --a------ C:\WINDOWS\system32\hmouhdaw.exe 2007-11-25 16:47 . 2007-11-25 17:10 775,892 ---hs---- C:\WINDOWS\system32\fiositpo.ini 2007-11-25 16:45 . 2007-11-25 16:45 79,936 --a------ C:\WINDOWS\system32\fxpicitt.dll 2007-11-25 16:41 . 2007-11-25 16:41 71,232 --a------ C:\WINDOWS\system32\euhttjpd.exe 2007-11-21 15:51 . 2007-11-29 19:34 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-17 12:01 . 2007-11-17 12:02 676,624 ---hs---- C:\WINDOWS\system32\gidnxniq.ini 2007-11-17 11:55 . 2007-11-17 11:55 71,232 --a------ C:\WINDOWS\system32\pymhbtpl.exe 2007-11-17 04:53 . 2007-11-17 11:55 676,564 ---hs---- C:\WINDOWS\system32\wvyicqfn.ini 2007-11-17 04:41 . 2007-11-17 04:41 71,232 --a------ C:\WINDOWS\system32\wqfhjsrc.exe 2007-11-16 14:49 . 2007-11-17 04:41 678,629 ---hs---- C:\WINDOWS\system32\kdpekiki.ini 2007-11-16 14:44 . 2007-11-16 14:44 71,232 --a------ C:\WINDOWS\system32\pcveopqi.exe 2007-11-16 13:58 . 2007-11-16 14:50 676,249 ---hs---- C:\WINDOWS\system32\ittqgnjs.ini 2007-11-16 13:52 . 2007-11-16 13:52 71,232 --a------ C:\WINDOWS\system32\hksmxwvr.exe 2007-11-16 13:33 . 2007-11-16 13:58 676,129 ---hs---- C:\WINDOWS\system32\huxmwrpq.ini 2007-11-16 13:23 . 2007-11-16 13:23 71,232 --a------ C:\WINDOWS\system32\idrebwmk.exe 2007-11-16 11:59 . 2007-11-16 13:23 676,009 ---hs---- C:\WINDOWS\system32\vjipbfqf.ini 2007-11-16 11:48 . 2007-11-14 20:43 104,891 --ahs---- C:\WINDOWS\system32\ttutv.ini 2007-11-14 19:51 . 2007-11-14 19:59 104,891 ---hs---- C:\WINDOWS\system32\ttutv.tmp 2007-11-14 18:29 . 2007-11-16 11:52 675,889 ---hs---- C:\WINDOWS\system32\hibjuptw.ini 2007-11-14 18:26 . 2007-11-14 18:26 79,424 --a------ C:\WINDOWS\system32\bscishiu.dll 2007-11-14 18:20 . 2007-11-14 18:20 71,232 --a------ C:\WINDOWS\system32\iarewkdp.exe 2007-11-13 15:40 . 2007-11-14 18:15 671,642 ---hs---- C:\WINDOWS\system32\dsxoukna.ini 2007-11-13 15:35 . 2007-11-13 15:35 71,232 --a------ C:\WINDOWS\system32\fsophoxn.exe 2007-11-12 13:46 . 2007-11-13 15:34 669,383 ---hs---- C:\WINDOWS\system32\avduedjl.ini 2007-11-12 13:41 . 2007-11-12 13:41 71,232 --a------ C:\WINDOWS\system32\eshublfb.exe 2007-11-12 13:38 . 2007-11-12 13:38 145,984 --------- C:\WINDOWS\system32\vynqvzku.dll 2007-11-12 13:38 . 2007-11-30 13:55 20,810 ---hs---- C:\WINDOWS\system32\vynqvzku.dllbox 2007-11-12 13:37 . 2007-11-30 07:27 105,806 ---hs---- C:\WINDOWS\system32\ttutv.bak2 2007-11-12 13:24 . 2007-11-12 13:24 317,536 --------- C:\WINDOWS\system32\vtutt.dll 2007-11-11 09:23 . 2007-11-11 09:23 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-11 09:22 . 2007-11-11 09:22 172,038 --a------ C:\winlogon.exe 2007-10-25 16:24 . 2007-10-25 14:24 53,760 --a------ C:\WINDOWS\b122.exe 2007-10-10 13:01 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-30 12:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-29 19:13 --------- d-----w C:\Program Files\Symantec 2007-11-29 19:01 113,233 ----a-w C:\WINDOWS\Fonts\a.zip 2007-11-27 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-17 11:17 --------- d-----w C:\Documents and Settings\Tber\Application Data\Symantec 2007-11-14 19:36 --------- d-----w C:\Program Files\LimeWire 2007-11-11 08:28 --------- d-----w C:\Program Files\Java 2007-11-11 08:23 278,542 ----a-w C:\WINDOWS\Fonts\Setup.exe 2007-11-01 16:24 --------- d-----w C:\Program Files\Lexmark X1100 Series 2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\system32\dllcache\shell32.dll 2007-09-07 08:16 63,012 ----a-w C:\Documents and Settings\Tber\Application Data\mdb.bin 2007-08-22 13:19 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 13:19 662,016 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 13:19 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 13:19 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 13:19 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 13:19 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 13:19 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 13:19 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 13:19 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 13:19 3,079,168 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 13:19 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 13:19 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 13:19 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 13:19 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 13:19 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 13:19 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 13:19 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 13:19 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0428FFC7-1931-45b7-95CB-3CBB919777E1}] C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DF3C52E-7CA9-439B-877D-B85E02F4AAA3}] C:\Documents and Settings\Tber\Local Settings\Application Data\microsoft\internet explorer\5inav.dat [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}] C:\Program Files\RXToolBar\sfcont.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{905F19D4-DD1A-4EF4-B471-441530B3E666}] 2007-11-12 13:24 317536 --------- C:\WINDOWS\system32\vtutt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-12 13:38 145984 --------- C:\WINDOWS\system32\vynqvzku.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2}] 2002-05-03 13:27 81920 --a--c--- C:\Program Files\Surfairy\SurfairyHlp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F928F6B8-DCEE-8160-39A2-517C8B573D33}] C:\WINDOWS\Doedargp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vynqvzku.dll [2007-11-12 13:38 145984] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2004-03-03 16:26] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [2005-08-10 17:46] "EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43] "ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 18:51] "Desksite CMA"="C:\Program Files\desksite\bin\cma.exe" [] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-03-03 16:25] "BullsEye Network"="C:\Program Files\BullsEye Network\bin\bargains.exe" [] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41] "SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-05 16:09] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-28 16:29] "dcc6f852"="C:\WINDOWS\system32\xixvoxld.dll" [] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vynqvzku] vynqvzku.dll 2007-11-12 13:38 145984 C:\WINDOWS\system32\vynqvzku.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\WINDOWS\system32\__c00E4F0C.dat "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutt.dll R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe R3 CVIAAUD;NEC VIA 3D Environmental Audio;C:\WINDOWS\system32\drivers\cviaaud.sys R3 CVIAHALA;CVIAHALA;C:\WINDOWS\system32\drivers\cviahal.sys S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys . Inhoud van de 'Gedeelde Taken' map "2007-11-28 15:15:53 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Tber.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "2007-11-30 11:24:04 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 13:57:08 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-11-30 14:13:27 - machine was rebooted . --- E O F --- Ik snap hier echt helemaaaal niets van :) Het heeft lang geduurd voordat het lukte.. HELLLP :)
  • iemand!?!?! :cry:
  • Rustig aan Jeannette! 1. Ga naar start --> configuratiescherm --> software en verwijder daar, indien aanwezig: [b:eea91b478b]RXToolBar Winable [/b:eea91b478b] 2. Start Hijackthis, kies voor [i:eea91b478b]'Do a system scan only'[/i:eea91b478b] en vink onderstaande regels aan, indien nog aanwezig: [b:eea91b478b] O2 - BHO: (no name) - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - (no file) O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: (no name) - {4DF3C52E-7CA9-439B-877D-B85E02F4AAA3} - C:\Documents and Settings\Tber\Local Settings\Application Data\microsoft\internet explorer\5inav.dat (file missing) O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vynqvzku.dll O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - C:\Program Files\Surfairy\SurfairyHlp.dll O2 - BHO: (no name) - {C4716B29-2610-48FC-ACB2-B0E064B6AFB4} - C:\WINDOWS\system32\vtutt.dll O2 - BHO: (no name) - {F928F6B8-DCEE-8160-39A2-517C8B573D33} - C:\WINDOWS\Doedargp.dll (file missing) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vynqvzku.dll O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [dcc6f852] rundll32.exe "C:\WINDOWS\system32\xixvoxld.dll",b O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E4F0C.dat O20 - Winlogon Notify: vynqvzku - C:\WINDOWS\SYSTEM32\vynqvzku.dll [/b:eea91b478b] Sluit nu [u:eea91b478b]alle[/u:eea91b478b] openstaande vensters, behalve Hijackthis en klik op [b:eea91b478b]Fix Checked[/b:eea91b478b]. 3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:eea91b478b] File:: C:\WINDOWS\system32\ttutv.ini2 C:\WINDOWS\system32\lomhgjnj.dll C:\WINDOWS\system32\dlxovxix.ini C:\WINDOWS\system32\__c00E4F0C.dat C:\WINDOWS\system32\bnfltwmb.exe C:\WINDOWS\system32\urtkhojy.exe C:\WINDOWS\system32\hrnvewvv.ini C:\WINDOWS\system32\llyyhtfx.dll C:\WINDOWS\system32\sfgemvlt.exe C:\WINDOWS\system32\awtusqp.dll C:\WINDOWS\system32\frohsnqv.exe C:\WINDOWS\system32\wfvcltpr.ini C:\WINDOWS\system32\nioyspma.exe C:\WINDOWS\system32\bckibyhx.exe C:\WINDOWS\system32\gnuhdope.ini C:\WINDOWS\system32\rhuraohh.exe C:\WINDOWS\system32\rqqfnkoj.ini C:\WINDOWS\system32\efjpkbhy.exe C:\WINDOWS\system32\qqmxrimt.ini C:\WINDOWS\system32\lueevako.dll C:\WINDOWS\system32\hmouhdaw.exe C:\WINDOWS\system32\fiositpo.ini C:\WINDOWS\system32\fxpicitt.dll C:\WINDOWS\system32\euhttjpd.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\gidnxniq.ini C:\WINDOWS\system32\pymhbtpl.exe C:\WINDOWS\system32\wvyicqfn.ini C:\WINDOWS\system32\wqfhjsrc.exe C:\WINDOWS\system32\kdpekiki.ini C:\WINDOWS\system32\pcveopqi.exe C:\WINDOWS\system32\ittqgnjs.ini C:\WINDOWS\system32\hksmxwvr.exe C:\WINDOWS\system32\huxmwrpq.ini C:\WINDOWS\system32\idrebwmk.exe C:\WINDOWS\system32\vjipbfqf.ini C:\WINDOWS\system32\ttutv.ini C:\WINDOWS\system32\ttutv.tmp C:\WINDOWS\system32\hibjuptw.ini C:\WINDOWS\system32\bscishiu.dll C:\WINDOWS\system32\iarewkdp.exe C:\WINDOWS\system32\dsxoukna.ini C:\WINDOWS\system32\fsophoxn.exe C:\WINDOWS\system32\avduedjl.ini C:\WINDOWS\system32\eshublfb.exe C:\WINDOWS\system32\vynqvzku.dll C:\WINDOWS\system32\vynqvzku.dllbox C:\WINDOWS\system32\ttutv.bak2 C:\WINDOWS\system32\vtutt.dll C:\winlogon.exe C:\WINDOWS\b122.exe C:\WINDOWS\Fonts\a.zip C:\WINDOWS\Fonts\Setup.exe Folder:: C:\Program Files\WinAble C:\Program Files\RXToolBar Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0428FFC7-1931-45b7-95CB-3CBB919777E1}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DF3C52E-7CA9-439B-877D-B85E02F4AAA3}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{905F19D4-DD1A-4EF4-B471-441530B3E666}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F928F6B8-DCEE-8160-39A2-517C8B573D33}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dcc6f852"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vynqvzku] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\ 00 [/b:eea91b478b] Sla dit op op je Bureaublad als [b:eea91b478b]CFScript.txt[/b:eea91b478b] Sleep [b:eea91b478b]CFScript.txt[/b:eea91b478b] in [b:eea91b478b]ComboFix.exe[/b:eea91b478b] zoals getoond in onderstaand voorbeeld : [img:eea91b478b]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:eea91b478b] Dit zal [b:eea91b478b]ComboFix[/b:eea91b478b] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:eea91b478b]Combofix.txt[/b:eea91b478b] in je volgende antwoord samen met een nieuw HijackThislogje.
  • IK heb het gedaan Ik krijg nu de hele tijd de melding: de toepassing of DLL bestand c:\windows\system32\_c00E4F0C.dat is geen geldige windows kopie. Controleer dit op uw installatiediskette. En op mijn bureaublad is een zip file geplaatst genaamd catchme Nu krijg ik dit bij hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:33, on 2007-12-05 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Block Checker\block-checker.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\nhksrv.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rayan-jawhar.babyhomepage.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.nl/center R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A8CA1AF9-0B11-4AF2-8AFF-D04A7F0753F9} - C:\WINDOWS\system32\vtutt.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vynqvzku.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vynqvzku.dll O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.packardbell.nl/center O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnfotokalender.nl/quickshop/calendar/ImageUploader4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp11.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4341/mcfscan.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E4F0C.dat O20 - Winlogon Notify: vynqvzku - C:\WINDOWS\SYSTEM32\vynqvzku.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 8600 bytes
  • Kun je ook nog de inhoud van C:\Combofix.txt plaatsen? We zijn er nog niet :wink:
  • Zou ik daar een nieuwe van moeten hebben? van dat log van combofix? Ik heb namelijk alleen nog hetzelfde log van vorige keer!
  • Als het goed is, wanneer je CFscript in Combofix sleept, zou combofix na afloop een nieuw rapport moeten weergeven. In dit geval maakt het niet zoveel uit, doe het volgende even: Ga naar start --> uitvoeren en typ daar: [b:f06aa8fdc7]combofix /u[/b:f06aa8fdc7] Dit zal combofix verwijderen. Download Combofix daarna opnieuw via bovenstaande link en laat hem nog een keer draaien. Post na afloop het resultaat in je volgende bericht :wink:
  • Dat heb ik gedaan en nu als ik de computer opstart vragen ze om een wachtwoord. Ik heb geen account op de computer en heb geen flauw idee wat het wachtwoord is voor de account :cry: Ben nu op mijn werk. Wat nu?![/i]
  • Probeer eens een standaart wachtwoord die je vaak gebruikt, je moet deze toch echt hebben ingesteld tijdens je windows installatie. Je kan ook proberen om geen wachtwoord in te vullen en alleen op enter te klikken. Anders eens proberen: [b:923fd93b45]admin[/b:923fd93b45] of [b:923fd93b45]administrator[/b:923fd93b45] Pim
  • Ondertussen is de computer weer helemaal de oude! Dank je wel!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.