Vraag & Antwoord

Beveiliging & privacy

nog een hijackthis logje....

10 antwoorden
  • Ik had ook dezelfde problemen..... :( Bedankt voor je tips Pim! heb RVAXO en Combofix al doorlopen. Kun jij me zeggen of er nog problemen inzitten, zie mijn logfile hieronder Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:23:16, on 15-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar9.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar9.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?dd836295d81746eb8ddca68f2dc82f0 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?dd836295d81746eb8ddca68f2dc82f0 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http:\\www.headstartservice.nl O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.innova-webplaner.de/innova/pano/prog/HOL/rundum.7.0.1.1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098358536814 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D4D4A885-14CD-4B24-ABA8-4130CDA59691} (DownloadManager.DownloadInterface) - http://system.aim4music.com/hostedshops/radio538/DownloadManager.CAB O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- End of file - 10882 bytes
  • Hoi Martin, Ik zie geen actieve malware in je logfile staan, zou je het logje van C:\[b:ac22698145]Combofix[/b:ac22698145].txt nog eens kunnen posten? Verder zie ik wel meerdere actieve virusscanners in je logfile staan, Symantec en NOD32. Meerdere scanners leiden tot traagheid en kunnen leiden tot conflicten. Verder daarom één van de twee scanners via start --> configuratiescherm --> software. Herstart daarna je PC en post een vers Hijackthis log tesamen met het logje van Combofix. Pim :)
  • Hoi Pim, bedankt voor je reaktie! Ik heb ondertussen niet stilgezeten en diverse programma's zoals spybot laten draaien. Ik denk dat de problemen zijn opgelost, maar als je nog even wil kijken dan graag! (Ik heb Symantec op jou advies er nu uit gegooid, was toch niet meer aktief). hieronder eerst een nieuw hijackthis logje en daarna het combofix logje. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:34:41, on 17-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearchFilter.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar9.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar9.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?dd836295d81746eb8ddca68f2dc82f0 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?dd836295d81746eb8ddca68f2dc82f0 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http:\\www.headstartservice.nl O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.innova-webplaner.de/innova/pano/prog/HOL/rundum.7.0.1.1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098358536814 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D4D4A885-14CD-4B24-ABA8-4130CDA59691} (DownloadManager.DownloadInterface) - http://system.aim4music.com/hostedshops/radio538/DownloadManager.CAB O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 12097 bytes en Combofix logje: ComboFix 07-12-15.5 - Bernardine 2007-12-15 17:34:18.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.176 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Bernardine\Bureaublad\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))) . 2007-12-15 17:20 . 2007-12-15 17:21 <DIR> d-------- C:\RVAXO 2007-12-15 17:18 . 2007-12-15 12:20 536,766 --a------ C:\WINDOWS\system32\RVAXO.bat 2007-12-15 17:18 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe 2007-12-15 13:16 . 2007-12-15 13:13 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-12-15 13:16 . 2007-12-15 13:13 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-12-15 13:16 . 2007-12-15 13:13 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-12-14 15:16 . 2007-12-14 15:16 10 --a------ C:\Documents and Settings\Wout\user.dat 2007-12-14 15:16 . 2007-12-14 15:16 0 --a------ C:\Documents and Settings\Wout\Emails.dat 2007-12-14 13:17 . 2007-12-14 13:17 0 --a------ C:\Documents and Settings\Maartje\Emails.dat 2007-12-14 13:16 . 2007-12-14 13:16 10 --a------ C:\Documents and Settings\Maartje\user.dat 2007-12-12 21:50 . 2007-12-12 21:50 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-12 21:50 . 2007-12-12 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-12 18:17 . 2007-12-12 18:17 10 --a------ C:\Documents and Settings\Stijn\user.dat 2007-12-12 18:17 . 2007-12-14 16:19 0 --a------ C:\Documents and Settings\Stijn\Emails.dat 2007-11-26 18:21 . 2007-11-26 18:21 <DIR> d-------- C:\Documents and Settings\Maartje\Application Data\Atari . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-15 16:30 45,914 ----a-w C:\Documents and Settings\Bernardine\Application Data\wklnhst.dat 2007-12-15 11:45 --------- d-----w C:\Program Files\Norton AntiVirus 2007-12-15 11:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-15 11:43 --------- d-----w C:\Program Files\Symantec 2007-12-15 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-12 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-02 18:52 --------- d-----w C:\Program Files\Lexmark X1100 Series 2007-11-14 19:58 1,154 ----a-w C:\Documents and Settings\Martin\Application Data\wklnhst.dat 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-31 06:55 1,020 ----a-w C:\Documents and Settings\Stijn\Application Data\wklnhst.dat 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-17 15:47 --------- d-----w C:\Program Files\GameSpy Arcade 2007-10-17 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-17 15:36 --------- d-----w C:\Program Files\Firefly Studios 2007-02-21 10:18 466 ----a-w C:\Program Files\Snelkoppeling naar Grisoft.lnk 2006-12-25 11:24 405,076 ----a-w C:\Program Files\mooie speeltuin.SV4 2006-09-15 11:16 0 ----a-w C:\Documents and Settings\Maartje\Application Data\wklnhst.dat 2006-01-07 21:00 71,128 ----a-w C:\Documents and Settings\Martin\Application Data\GDIPFONTCACHEV1.DAT 2005-09-28 19:24 67,992 ----a-w C:\Documents and Settings\Bernardine\Application Data\GDIPFONTCACHEV1.DAT 2005-09-17 13:11 0 ----a-w C:\Documents and Settings\Wout\Application Data\wklnhst.dat 2000-05-22 04:43 1,816,028 ----a-w C:\Documents and Settings\Maartje\Application Data\spookjes.exe 2000-05-22 04:43 1,816,028 ----a-w C:\Documents and Settings\Bernardine\Application Data\spookjes.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 03:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 10:04] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42] "SoundMan"="SOUNDMAN.EXE" [2004-09-16 13:39 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 16:06 C:\WINDOWS\AGRSMMSG.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-09-02 13:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-10-29 16:50 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-09-02 13:00 C:\WINDOWS\system32\rundll32.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-09-25 00:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-02-01 23:05] "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33] "CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-15 13:13] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00] C:\Documents and Settings\Stijn\Menu Start\Programma's\Opstarten\ WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-11 20:54:26] C:\Documents and Settings\Bernardine\Menu Start\Programma's\Opstarten\ WkCalRem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-11 20:54:26] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe [2005-09-20 17:10:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys R0 iteraid;iteraid;C:\WINDOWS\system32\DRIVERS\iteraid.sys R0 pciide1;pciide1;C:\WINDOWS\system32\DRIVERS\pciide.sys R0 SI3112r;SI3112r;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys R0 ulsata2;ulsata2;C:\WINDOWS\system32\DRIVERS\ulsata2.sys R0 viaide1;viaide1;C:\WINDOWS\system32\DRIVERS\viaidexp.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Inhoud van de 'Gedeelde Taken' map "2007-11-23 08:04:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-15 17:37:08 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\Eset\pr_imon.dll . Voltooingstijd: 2007-12-15 17:38:37 . 2007-12-12 19:05:28 --- E O F ---
  • Ziet er weer prima uit :) Verwijder RVAXO door de map op je bureaublad te openen en dubbelklik op [b:b09d7479c2]Uninstall.cmd[/b:b09d7479c2]. Verwijder Combofix: Ga naar start --> uitvoeren en typ daar: [b:b09d7479c2]Combofix /u[/b:b09d7479c2] Bevestig met Ok. Lees om herhaling te voorkomen deze beveiligingstips nog eens door: http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html Als je problemen over zijn kunnen we het afsluiten denk ik :) Pim
  • Trouwens, het is niet zo netjes om meerdere helpers tegelijk aan het werk te zetten :roll: http://www.hijackthis.nl/forum/viewtopic.php?t=13401
  • je hebt gelijk Pim, dat was ook niet mijn bedoeling. Ik had eerst op dit forum het bericht geplaatst, in reaktie op een ander bericht. Toen ik later keek kon ik mijn bericht echter niet meer terug vinden....Ik dacht dat het op de een of andere manier niet opgeslagen was en dus kwijt. Het was echter naar een apart nieuw bericht verplaatst.(was nog niet bekend met met de zoekfunctie....) :oops: Ondertussen ben ik op zoek gegaan naar info op hijack this en heb daar algemene instructies gevolgd om de boel op te schonen en tenslotte hier een nieuw logje gepost. Dus mijn excuses en nogmaals bedankt voor je hulp! NB: ik las ergens van iemand met dezelfde infectie dat hij de bestanden: C:\Documents and Settings\Gebruiker\Email.dat en ...\user.dat heetf staan. Ik heb ook opeens dit op het bureaublad staan: C:\Documents and Settings\Gebruiker\bureaublad\Email.dat en idem\user.dat. Volgens mij is dit al onschadelijk gemaakt, maar weet jij wat het is en of ik het weg kan gooien? Nogmaals bedankt en nogmaals excuus!
  • Maakt niet uit Martin :wink: Klopt inderdaad dat die twee bestanden wegmogen. Ik dacht dat RVAXO ze al had verwijderd maar kennelijk nog niet. Deze bestanden mag je ook nog verwijderen: C:\WINDOWS\[b:dc32bb1759]lnk_dados_2.dll[/b:dc32bb1759] C:\[b:dc32bb1759]start.bat[/b:dc32bb1759] Pim :)
  • O.k. bedankt Die laatste twee kan ik niet vinden... :roll: C:\WINDOWS\lnk_dados_2.dll C:\start.bat hoe verwijder ik dat?
  • Zorg ervoor dat verborgen mappen en bestanden worden weergeven [url=http://users.telenet.be/marcvn/spyware/1117602.htm]Hoe verborgen mappen en bestanden weer te geven[/url] Indien je ze daarna niet meer kan vinden, zijn ze al verwijderd :wink:
  • O.k. ook nu vind ik niets :D problemen dus helemaal opgelost. bedankt Pim, en prettige feestdagen en vakantie toegewenst!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.