Vraag & Antwoord

Beveiliging & privacy

Help! Ik krijg Malware niet weg

22 antwoorden
  • Hallo, Ik kreeg een paar dagen terug tijdens het internetten een virusmelding en ervaar sindsdien veel problemen met mn laptop. Ik heb zelf van alles geprobeerd, maar het lijkt alleen maar van kwaad naar erger te gaan. Zou iemand mij alsjeblieft willen helpen mn pc weer voor elkaar te krijgen? Symptomen: - Pc is super traag - Kopieren/plakken of het slepen van bestanden kan niet meer - Taakbalk geeft de geopende mappen niet meer - Veel programma's werken niet meer goed of worden direct weer afgesloten. - Geluid werkt niet meer Ik heb zelf al een aantal dingen geprobeerd, waaronder scannen met Antivir, McAfee, CureIt, HitmanPro 2, Spyware Doctor en ik heb al iets geprobeer met Killbox en Combofix Tijdens het scannen kwam ik de naam Vundo, Virtumonde en ConHook vaak tegen maar ook allerlei anderen virussen die telkens leken te veranderen. Op internet heb ik al iets gevonden over Rootkits die telkens allerlei ook rotzooi instaleren, dat gevoel krijg ik wel bij deze situatie. Uiteindelijk heb ik meer geprobeerd dan ik er eigenlijk vanaf weet, dus ik hoop dat iemand mij kan helpen dit aan te pakken. Alexander
  • Hierbij wat informatie. Kijk eens op dit onderwerp waarbij Gerben het een en ander uitgebreid vertelt. In het bijzonder het onderdeel over HijackThis, lees dat onderwerp aandachtig, download het programma, maak een scan en post de logfile zoals aangegeven. http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358 Van de specialisten krijg je ongetwijfeld reactie, wees niet ongeduldig het is tenslotte zondag en men zit niet 24 uur per dag achter de computer.(hoewel het soms wel lijkt bij de helpers, gelukkig maar.) Mijn kennis op dat vlak is onvolledig om iemand accuraat verder te helpen.
  • Ten eerste bedankt voor je reactie. Ik heb Hijack gedraait vanaf een USB stick, omdat ik dus geen bestanden kan verplaatsen. Het leek erop dat dit niet voor problemen zorgde en er is deze logfile uit gerold: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:16, on 2007-12-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\DAEMON Tools\daemon.exe G:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nsc.utwente.nl/ O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?') O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.utstart.nl O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156503411890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156507324031 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 7832 bytes
  • 1. Ik zie drie actieve virussccanners in je logfile staan:[b:9ac1b82eb5]Avira[/b:9ac1b82eb5], [b:9ac1b82eb5]Mcafee[/b:9ac1b82eb5] en [b:9ac1b82eb5]Nod32[/b:9ac1b82eb5]. Meerdere virusscanners leiden tot onnodige traagheid en veroorzaken conflicten. Maak daarom een keuze tussen één van de virusscanners en verwijder de overige via start --> configuratiescherm --> software. 2. Herstart je PC. 3. Download [b:9ac1b82eb5][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url][/b:9ac1b82eb5] naar je [b:9ac1b82eb5]bureaublad[/b:9ac1b82eb5] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:9ac1b82eb5]download Combofix opnieuw[/b:9ac1b82eb5]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:9ac1b82eb5]combofix.exe[/u:9ac1b82eb5] Kies voor "Continue" door [b:9ac1b82eb5]1[/b:9ac1b82eb5] te typen gevolgd door [b:9ac1b82eb5]ENTER[/b:9ac1b82eb5]. Tijdens het runnen van de fix, [b:9ac1b82eb5]NIET[/b:9ac1b82eb5] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:9ac1b82eb5]combofix.txt[/b:9ac1b82eb5] openen. [i:9ac1b82eb5]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:9ac1b82eb5] Succes! Pim
  • [quote:09a6da205a="pimvandenderen"]1. Ik zie drie actieve virussccanners in je logfile staan:[b:09a6da205a]Avira[/b:09a6da205a], [b:09a6da205a]Mcafee[/b:09a6da205a] en [b:09a6da205a]Nod32[/b:09a6da205a]. Meerdere virusscanners leiden tot onnodige traagheid en veroorzaken conflicten. Maak daarom een keuze tussen één van de virusscanners en verwijder de overige via start --> configuratiescherm --> software. [/quote:09a6da205a] Ik weet dat het onverstandig is meerdere virusscanners te instaleren. Ik had altijd Mcafee maar deze kon niks meer vinden en ik had het gevoel dat deze beschadigd was, daarom had ik Antivir geinstaleerd. NOD32 zat volgens mij bij Hitmanpro in en had ik niet meer aangedacht. NOD32 heb ik normaal kunnen verwijderen, maar bij McAfee wilde dit echt niet lukken en heb ik geprobeerd het met de hand te verwijderen, wat min of meer gelukt is. ComboFix is gelukt alleen gaf hij wel na de regel "Completed Stage_10" de melding "Acces Denied" en in de regel daarna stond "grep: writing output: invalid argument". Na regel "Completed Stage_19" stond er weer "Acces Denied." Dit is de ComboFix log: ComboFix 07-12-18.1 - Student 2007-12-19 15:43:14.2 - NTFSx86 Running from: C:\Documents and Settings\dell image\Desktop\ComboFix.exe . /wow section - STAGE 10 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Temp\30587899.exe . ((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))) . 2007-12-15 23:30 . 2007-12-15 23:32 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-15 23:30 . 2007-12-15 23:32 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-15 23:30 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-15 23:30 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-15 23:29 . 2007-12-16 18:12 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-12-15 23:29 . 2007-12-15 23:29 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\PC Tools 2007-12-15 23:01 . 2007-12-19 15:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-15 22:05 . 2007-12-15 22:05 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\Lavasoft 2007-12-15 21:35 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-12-15 21:35 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-12-15 21:35 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-12-15 21:35 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-12-15 21:34 . 2007-12-15 21:34 <DIR> d-------- C:\Program Files\Webroot 2007-12-15 21:34 . 2007-12-15 21:34 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\Webroot 2007-12-15 21:34 . 2007-12-15 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-12-15 21:34 . 2007-12-15 21:34 164 --a------ C:\install.dat 2007-12-15 21:33 . 2007-12-15 21:33 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-15 21:33 . 2007-12-15 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-15 21:32 . 2007-12-15 21:36 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-15 21:32 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-15 21:25 . 2007-12-15 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-12-15 21:15 . 2007-12-15 21:15 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2007-12-15 21:15 . 2007-12-19 15:34 <DIR> d-------- C:\Program Files\Hitman Pro 2007-12-14 19:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-14 15:18 . 2007-12-14 15:18 <DIR> d-------- C:\Program Files\Avira 2007-12-14 15:05 . 2007-12-15 23:32 7,423 --ahs---- C:\WINDOWS\system32\qtutv.ini2 2007-12-14 14:36 . 2007-12-15 20:54 941,885 --ahs---- C:\WINDOWS\system32\mcsqruug.ini 2007-12-14 09:16 . 2007-12-14 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-13 22:30 . 2007-12-13 22:38 <DIR> d-------- C:\Documents and Settings\dell image\DoctorWeb 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d-------- C:\Program Files\Windows Live 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-13 22:01 . 2007-12-13 22:01 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-13 14:10 . 2007-12-13 14:10 <DIR> d-------- C:\Program Files\MSECache 2007-12-13 13:34 . 2007-12-14 15:15 100,180 --ahs---- C:\WINDOWS\system32\qqtwa.ini2 2007-12-13 13:34 . 2007-12-14 15:15 100,180 --ahs---- C:\WINDOWS\system32\qqtwa.ini 2007-12-13 02:04 . 2007-12-13 02:04 35,840 --a------ C:\WINDOWS\system32\nnnllml.dll__DELETE_ON_REBOOT 2007-12-10 14:31 . 2007-12-10 14:31 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\vlc 2007-12-10 14:29 . 2007-12-10 14:29 <DIR> d-------- C:\Program Files\VideoLAN 2007-12-10 14:25 . 2007-12-10 14:25 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2007-12-05 00:54 . 2007-12-05 00:54 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\DivX 2007-12-05 00:12 . 2007-12-05 00:12 <DIR> d-------- C:\Program Files\7-Zip 2007-11-30 17:06 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2007-11-30 17:06 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2007-11-30 17:06 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax 2007-11-30 17:06 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2007-11-30 17:06 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2007-11-30 17:06 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv 2007-11-30 17:06 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2007-11-30 17:06 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd 2007-11-30 17:06 . 2007-11-30 17:06 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-11-30 17:06 . 2007-11-30 17:06 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-11-30 17:01 . 1998-10-09 14:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe 2007-11-29 10:29 . 2007-12-10 14:38 <DIR> d-------- C:\Program Files\DivX 2007-11-26 14:21 . 2007-12-14 09:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-26 14:21 . 2007-12-13 21:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-26 14:21 . 2007-12-13 21:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-26 14:21 . 2007-12-13 21:16 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-25 21:24 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll 2007-11-25 20:51 . 2007-11-25 20:51 111,969 --------- C:\WINDOWS\hpoins11.dat.temp 2007-11-25 20:51 . 2006-05-06 09:25 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp 2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-11-25 20:43 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-25 20:43 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-11-25 20:43 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-11-25 20:43 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-11-25 20:43 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-11-25 20:43 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-11-25 20:43 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-11-25 20:42 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\HP 2007-11-25 20:42 . 2007-11-25 21:25 111,969 --a------ C:\WINDOWS\hpoins11.dat 2007-11-25 20:40 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll 2007-11-25 20:40 . 2006-01-04 09:12 77,824 --a------ C:\WINDOWS\system32\HPZIDS01.dll 2007-11-25 20:40 . 2006-05-06 09:25 6,947 --------- C:\WINDOWS\hpomdl11.dat 2007-11-19 22:27 . 2007-12-10 14:25 <DIR> d-------- C:\Program Files\StuffPlug3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-17 19:14 --------- d-----w C:\Program Files\Alcohosoft 2007-12-13 18:47 --------- d-----w C:\Documents and Settings\dell image\Application Data\uTorrent 2007-12-13 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-10 13:38 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-10 13:38 --------- d-----w C:\Program Files\V-Direct v2.0b4 2007-11-26 13:47 --------- d-----w C:\Program Files\MSN Messenger 2007-11-26 13:41 --------- d-----w C:\Program Files\DAEMON Tools 2007-11-18 15:44 --------- d-----w C:\Documents and Settings\dell image\Application Data\Apple Computer 2007-11-16 19:09 --------- d-----w C:\Program Files\Common Files\McAfee 2007-11-16 09:59 --------- d-----w C:\Program Files\Google 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 17:37 --------- d-----w C:\Program Files\Intel 2007-11-12 16:51 --------- d-----w C:\Program Files\Alfa & Ariss 2007-11-12 12:05 --------- d-----w C:\Documents and Settings\dell image\Application Data\U3 2007-11-07 14:15 --------- d-----w C:\Documents and Settings\dell image\Application Data\Winamp 2007-11-05 09:51 --------- d-----w C:\Program Files\Guitar Pro 5 2007-11-05 07:50 --------- d-----w C:\Documents and Settings\dell image\Application Data\atitray 2007-11-05 07:41 --------- d-----w C:\Program Files\MultiRes 2007-11-05 07:40 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe 2007-11-05 07:40 --------- d-----w C:\Program Files\Radeon Omega Drivers 2007-11-03 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2007-11-02 15:25 --------- d-----w C:\Documents and Settings\dell image\Application Data\Atari 2007-11-02 15:21 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-02 15:20 --------- d-----w C:\Documents and Settings\dell image\Application Data\Leadertech 2007-11-02 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-02 15:12 --------- d-----w C:\Program Files\Common Files\PocketSoft 2007-11-02 14:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-31 20:42 --------- d-----w C:\Program Files\HammerHead 2007-10-31 15:19 --------- d-----w C:\Program Files\Winamp 2007-10-30 08:09 --------- d-----w C:\Documents and Settings\dell image\Application Data\Teleca 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 21:12 --------- d-----w C:\Documents and Settings\dell image\Application Data\Sony Ericsson 2007-10-29 21:09 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-10-29 21:09 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared 2007-10-29 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-10-29 21:08 --------- d-----w C:\Program Files\Sony Ericsson 2007-10-29 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca 2007-10-29 21:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-29 19:32 --------- d-----w C:\Program Files\uTorrent 2007-10-29 19:18 --------- d-----w C:\Program Files\Java 2007-10-29 19:17 --------- d-----w C:\Program Files\Common Files\Java 2007-10-29 18:53 --------- d-----w C:\Program Files\QuickTime 2007-10-29 18:52 --------- d-----w C:\Program Files\Apple Software Update 2007-10-29 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-29 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-29 18:07 --------- d-----w C:\Documents and Settings\dell image\Application Data\fretsonfire 2007-10-29 17:46 --------- d-----w C:\Documents and Settings\dell image\Application Data\ATI 2007-10-29 17:37 --------- d-----w C:\Program Files\ATI 2007-10-29 14:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-29 12:14 --------- d-----w C:\Program Files\Mozilla 2007-10-29 12:14 --------- d-----w C:\Documents and Settings\dell image\Application Data\Thunderbird 2007-10-29 12:14 --------- d-----w C:\Documents and Settings\dell image\Application Data\Talkback 2007-10-29 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-10-29 09:22 --------- d-----w C:\Program Files\MSXML 4.0 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-29 04:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-09-29 04:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 04:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-09-29 03:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-09-29 03:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 03:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-09-29 03:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-09-29 03:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-09-29 03:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-09-29 03:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 03:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-09-29 03:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-09-29 03:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-09-29 03:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-09-29 03:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-09-29 03:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-09-29 03:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-09-29 03:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48] "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 18:33 C:\WINDOWS\stsystra.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-17 10:43] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell image^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk] path=C:\Documents and Settings\dell image\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe . Contents of the 'Scheduled Tasks' folder "2007-10-29 11:26:46 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2007-10-29 11:26:45 C:\WINDOWS\Tasks\McQcTask.job" . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-19 15:47:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-19 15:48:33 . 2007-12-12 20:23:27 --- E O F --- [b:09a6da205a]Dit is de HijackThis log die daarna gemaakt heb:[/b:09a6da205a] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:51:58, on 19-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\explorer.exe G:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nsc.utwente.nl/ O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?') O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.utstart.nl O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156503411890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156507324031 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 6662 bytes
  • Lijkt goed gegaan te zijn! Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan: [b:99d0b89fe9] O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) [/b:99d0b89fe9] Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:99d0b89fe9] File:: C:\WINDOWS\system32\nnnllml.dll__DELETE_ON_REBOOT [/b:99d0b89fe9] Sla dit op op je Bureaublad als [b:99d0b89fe9]CFScript.txt[/b:99d0b89fe9] Sleep [b:99d0b89fe9]CFScript.txt[/b:99d0b89fe9] in [b:99d0b89fe9]ComboFix.exe[/b:99d0b89fe9] zoals getoond in onderstaand voorbeeld : [img:99d0b89fe9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:99d0b89fe9] Dit zal [b:99d0b89fe9]ComboFix[/b:99d0b89fe9] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:99d0b89fe9]Combofix.txt[/b:99d0b89fe9] in je volgende antwoord samen met een nieuw HijackThislogje. Hoe werkt het inmiddels? Pim
  • [quote:1e52443a68="pimvandenderen"]Sleep [b:1e52443a68]CFScript.txt[/b:1e52443a68] in [b:1e52443a68]ComboFix.exe[/b:1e52443a68] zoals getoond in onderstaand voorbeeld : [img:1e52443a68]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:1e52443a68][/quote:1e52443a68] Zoals eerder vermeldt kan ik geen bestanden slepen, het lijkt wel alsof de icoontjes zitten vast geroest. Kan ik op een andere manier, bijvoorbeeld met een oprachtregel o.i.d., het script in combofix laden?
  • Dat was ik even vergeten :oops: Download [url=http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTMoveIt[/url] (by OldTimer) naar je Bureaublad. [list] Dubbelklik op [b:7dcddb7134]OTMoveIt.exe[/b:7dcddb7134] om de tool te starten. Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst: [b:7dcddb7134] C:\WINDOWS\system32\nnnllml.dll [/b:7dcddb7134] Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:7dcddb7134]Paste List of Files/Folders to be moved" venster[/b:7dcddb7134] Klik op de rode [color=red:7dcddb7134]MoveIt![/color:7dcddb7134] knop [b:7dcddb7134]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:7dcddb7134] Sluit [b:7dcddb7134]OTMoveIt[/b:7dcddb7134] Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:7dcddb7134]Ja/Yes[/b:7dcddb7134].
  • [quote:f148aa0aa4="pimvandenderen"][b:f148aa0aa4]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:f148aa0aa4][/quote:f148aa0aa4] Toen ik op MoveIt klikte kreeg ik een virus waarschuwing van Antivir, aangezien ik dit bestand al veel vaker tegen kwam met een virus en ik er toen niets mee kon, heb ik op Ignore geklikt. Resultaat MoveIt: C:\WINDOWS\system32\nnnllml.dll__DELETE_ON_REBOOT moved succesfuly. Created on 12-20-2007 17:19:13 [b:f148aa0aa4]Daarna heb ik nog een HijackThis scan gedaan:[/b:f148aa0aa4] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:26:35, on 20-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\DAEMON Tools\daemon.exe G:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nsc.utwente.nl/ O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?') O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.utstart.nl O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156503411890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156507324031 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 6429 bytes
  • Prima, kun je dit eens uitvoeren: http://www.hijackthis.nl/forum/viewtopic.php?t=12603 Plaats daarna een nieuw Combofix logje en vertel even hoe het met je problemen gaat :)
  • [quote:e840f17138="pimvandenderen"]Prima, kun je dit eens uitvoeren: http://www.hijackthis.nl/forum/viewtopic.php?t=12603 Plaats daarna een nieuw Combofix logje en vertel even hoe het met je problemen gaat :)[/quote:e840f17138] Ik heb HitmanPro en alle onderdelen gedeinstaleerd, dit ging prima. Helaas merk ik nog geen verbetering.. Het geluid is nog steeds weg, de taakbalk is nog niet goed en ik kan nog niet kopieren en plakken. Het systeem lijkt niet zo instabiel als dat het eerst was, maar ik heb nog niet weer internet aangesloten omdat ik bang ben dat het nog steeds niet is opgelost. Misschien dat het virus wel weg is, maar windows nog steeds ernstig beschadigd is? [b:e840f17138]Dit is de log van ComboFix:[/b:e840f17138] ComboFix 07-12-15.1 - Student 2007-12-20 22:20:43.3 - NTFSx86 Running from: G:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))) . 2007-12-15 23:01 . 2007-12-20 22:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-15 22:05 . 2007-12-20 22:00 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\Lavasoft 2007-12-15 21:35 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-12-15 21:34 . 2007-12-15 21:34 164 --a------ C:\install.dat 2007-12-15 21:33 . 2007-12-20 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-15 21:32 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-15 21:25 . 2007-12-15 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-12-15 21:15 . 2007-12-15 21:15 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2007-12-15 21:15 . 2007-12-20 22:01 <DIR> d-------- C:\Program Files\Hitman Pro 2007-12-14 19:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-14 15:18 . 2007-12-14 15:18 <DIR> d-------- C:\Program Files\Avira 2007-12-14 15:05 . 2007-12-15 23:32 7,423 --ahs---- C:\WINDOWS\system32\qtutv.ini2 2007-12-14 14:36 . 2007-12-15 20:54 941,885 --ahs---- C:\WINDOWS\system32\mcsqruug.ini 2007-12-14 09:16 . 2007-12-14 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-13 22:30 . 2007-12-13 22:38 <DIR> d-------- C:\Documents and Settings\dell image\DoctorWeb 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d-------- C:\Program Files\Windows Live 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-13 22:01 . 2007-12-13 22:01 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-13 14:10 . 2007-12-13 14:10 <DIR> d-------- C:\Program Files\MSECache 2007-12-13 13:34 . 2007-12-14 15:15 100,180 --ahs---- C:\WINDOWS\system32\qqtwa.ini2 2007-12-13 13:34 . 2007-12-14 15:15 100,180 --ahs---- C:\WINDOWS\system32\qqtwa.ini 2007-12-10 14:31 . 2007-12-10 14:31 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\vlc 2007-12-10 14:29 . 2007-12-10 14:29 <DIR> d-------- C:\Program Files\VideoLAN 2007-12-10 14:25 . 2007-12-10 14:25 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2007-12-05 00:54 . 2007-12-05 00:54 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\DivX 2007-12-05 00:12 . 2007-12-05 00:12 <DIR> d-------- C:\Program Files\7-Zip 2007-11-30 17:06 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2007-11-30 17:06 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2007-11-30 17:06 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax 2007-11-30 17:06 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2007-11-30 17:06 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2007-11-30 17:06 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv 2007-11-30 17:06 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2007-11-30 17:06 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd 2007-11-30 17:06 . 2007-11-30 17:06 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-11-30 17:06 . 2007-11-30 17:06 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-11-30 17:01 . 1998-10-09 14:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe 2007-11-29 10:29 . 2007-12-10 14:38 <DIR> d-------- C:\Program Files\DivX 2007-11-26 14:21 . 2007-12-14 09:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-26 14:21 . 2007-12-13 21:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-26 14:21 . 2007-12-13 21:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-26 14:21 . 2007-12-13 21:16 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-25 21:24 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll 2007-11-25 20:51 . 2007-11-25 20:51 111,969 --------- C:\WINDOWS\hpoins11.dat.temp 2007-11-25 20:51 . 2006-05-06 09:25 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp 2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-11-25 20:43 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-25 20:43 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-11-25 20:43 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-11-25 20:43 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-11-25 20:43 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-11-25 20:43 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-11-25 20:43 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-11-25 20:42 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\HP 2007-11-25 20:42 . 2007-11-25 21:25 111,969 --a------ C:\WINDOWS\hpoins11.dat 2007-11-25 20:40 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll 2007-11-25 20:40 . 2006-01-04 09:12 77,824 --a------ C:\WINDOWS\system32\HPZIDS01.dll 2007-11-25 20:40 . 2006-05-06 09:25 6,947 --------- C:\WINDOWS\hpomdl11.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-17 19:14 --------- d-----w C:\Program Files\Alcohosoft 2007-12-13 18:47 --------- d-----w C:\Documents and Settings\dell image\Application Data\uTorrent 2007-12-13 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-10 13:38 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-10 13:38 --------- d-----w C:\Program Files\V-Direct v2.0b4 2007-12-10 13:25 --------- d-----w C:\Program Files\StuffPlug3 2007-11-26 13:47 --------- d-----w C:\Program Files\MSN Messenger 2007-11-26 13:41 --------- d-----w C:\Program Files\DAEMON Tools 2007-11-18 15:44 --------- d-----w C:\Documents and Settings\dell image\Application Data\Apple Computer 2007-11-16 19:09 --------- d-----w C:\Program Files\Common Files\McAfee 2007-11-16 09:59 --------- d-----w C:\Program Files\Google 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 17:37 --------- d-----w C:\Program Files\Intel 2007-11-12 16:51 --------- d-----w C:\Program Files\Alfa & Ariss 2007-11-12 12:05 --------- d-----w C:\Documents and Settings\dell image\Application Data\U3 2007-11-07 14:15 --------- d-----w C:\Documents and Settings\dell image\Application Data\Winamp 2007-11-05 09:51 --------- d-----w C:\Program Files\Guitar Pro 5 2007-11-05 07:50 --------- d-----w C:\Documents and Settings\dell image\Application Data\atitray 2007-11-05 07:41 --------- d-----w C:\Program Files\MultiRes 2007-11-05 07:40 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe 2007-11-05 07:40 --------- d-----w C:\Program Files\Radeon Omega Drivers 2007-11-03 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2007-11-02 15:25 --------- d-----w C:\Documents and Settings\dell image\Application Data\Atari 2007-11-02 15:21 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-02 15:20 --------- d-----w C:\Documents and Settings\dell image\Application Data\Leadertech 2007-11-02 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-02 15:12 --------- d-----w C:\Program Files\Common Files\PocketSoft 2007-11-02 14:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-31 20:42 --------- d-----w C:\Program Files\HammerHead 2007-10-31 15:19 --------- d-----w C:\Program Files\Winamp 2007-10-30 08:09 --------- d-----w C:\Documents and Settings\dell image\Application Data\Teleca 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 21:12 --------- d-----w C:\Documents and Settings\dell image\Application Data\Sony Ericsson 2007-10-29 21:09 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-10-29 21:09 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared 2007-10-29 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-10-29 21:08 --------- d-----w C:\Program Files\Sony Ericsson 2007-10-29 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca 2007-10-29 21:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-29 19:32 --------- d-----w C:\Program Files\uTorrent 2007-10-29 19:18 --------- d-----w C:\Program Files\Java 2007-10-29 19:17 --------- d-----w C:\Program Files\Common Files\Java 2007-10-29 18:53 --------- d-----w C:\Program Files\QuickTime 2007-10-29 18:52 --------- d-----w C:\Program Files\Apple Software Update 2007-10-29 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-29 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-29 18:07 --------- d-----w C:\Documents and Settings\dell image\Application Data\fretsonfire 2007-10-29 17:46 --------- d-----w C:\Documents and Settings\dell image\Application Data\ATI 2007-10-29 17:37 --------- d-----w C:\Program Files\ATI 2007-10-29 14:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-29 12:14 --------- d-----w C:\Program Files\Mozilla 2007-10-29 12:14 --------- d-----w C:\Documents and Settings\dell image\Application Data\Thunderbird 2007-10-29 12:14 --------- d-----w C:\Documents and Settings\dell image\Application Data\Talkback 2007-10-29 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-10-29 09:22 --------- d-----w C:\Program Files\MSXML 4.0 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-29 04:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-09-29 04:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 04:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-09-29 03:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-09-29 03:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 03:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-09-29 03:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-09-29 03:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-09-29 03:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-09-29 03:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 03:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-09-29 03:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-09-29 03:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-09-29 03:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-09-29 03:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-09-29 03:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-09-29 03:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-09-29 03:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-19_15.47.24.20 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-19 14:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-12-20 20:38:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-12-19 14:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-12-20 20:38:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-12-19 14:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-12-20 20:38:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48] "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 18:33 C:\WINDOWS\stsystra.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-17 10:43] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell image^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk] path=C:\Documents and Settings\dell image\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe . Contents of the 'Scheduled Tasks' folder "2007-10-29 11:26:46 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-10-29 11:26:45 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 22:21:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 22:22:10 C:\ComboFix2.txt ... 2007-12-19 15:48 . 2007-12-12 20:23:27 --- E O F ---
  • Hmm, ik zit een beetje te slapen hierzo :oops: Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:5214fe8367] File:: C:\WINDOWS\system32\qtutv.ini2 C:\WINDOWS\system32\mcsqruug.ini C:\WINDOWS\system32\qqtwa.ini2 C:\WINDOWS\system32\qqtwa.ini Folder:: C:\Program Files\Hitman Pro [/b:5214fe8367] Sla dit op op je Bureaublad als [b:5214fe8367]CFScript.txt[/b:5214fe8367] Sleep [b:5214fe8367]CFScript.txt[/b:5214fe8367] in [b:5214fe8367]ComboFix.exe[/b:5214fe8367] zoals getoond in onderstaand voorbeeld : [img:5214fe8367]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:5214fe8367] Dit zal [b:5214fe8367]ComboFix[/b:5214fe8367] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:5214fe8367]Combofix.txt[/b:5214fe8367] in je volgende antwoord samen met een nieuw HijackThislogje. Hoe is het met je problemen? Pim
  • Ik ook een beetje, ik had bij mijn vorig antwoord moeten zetten dat ik ook nog steeds niet kan slepen en dus het tekst bestand niet in ComboFix kan slepen.. Wat nu?
  • [list:f204918b3b] Dubbelklik op [b:f204918b3b]OTMoveIt.exe[/b:f204918b3b] om de tool te starten. Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst: [b:f204918b3b] C:\WINDOWS\system32\qtutv.ini2 C:\WINDOWS\system32\mcsqruug.ini C:\WINDOWS\system32\qqtwa.ini2 C:\WINDOWS\system32\qqtwa.ini C:\Program Files\Hitman Pro [/b:f204918b3b] Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:f204918b3b]Paste List of Files/Folders to be moved" venster[/b:f204918b3b] Klik op de rode [color=red:f204918b3b]MoveIt![/color:f204918b3b] knop [b:f204918b3b]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:f204918b3b] Sluit [b:f204918b3b]OTMoveIt[/b:f204918b3b] [/list:u:f204918b3b] Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:f204918b3b]Ja/Yes[/b:f204918b3b]. Post het logje van OTmoveit samen met een nieuw Combofix logje in je volgende bericht :) Pim :)
  • Het is zover ik zie allemaal gelukt, ik hoop dat het nu snel voor elkaar komt.. [b:a3c01ce73d]MoveIt results:[/b:a3c01ce73d] C:\WINDOWS\system32\qtutv.ini2 moved successfully. C:\WINDOWS\system32\mcsqruug.ini moved successfully. C:\WINDOWS\system32\qqtwa.ini moved successfully. C:\WINDOWS\system32\qqtwa.ini2 moved successfully. C:\Program Files\Hitman Pro moved successfully. Created on 12-21-2007 15:14:49 [b:a3c01ce73d]Combofix log:[/b:a3c01ce73d] ComboFix 07-12-15.1 - Student 2007-12-21 15:17:03.4 - NTFSx86 Running from: G:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))) . 2007-12-15 23:01 . 2007-12-20 22:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-15 22:05 . 2007-12-20 22:00 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\Lavasoft 2007-12-15 21:35 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-12-15 21:34 . 2007-12-15 21:34 164 --a------ C:\install.dat 2007-12-15 21:33 . 2007-12-20 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-15 21:32 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-15 21:25 . 2007-12-15 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-12-15 21:15 . 2007-12-15 21:15 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2007-12-14 19:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-14 15:18 . 2007-12-14 15:18 <DIR> d-------- C:\Program Files\Avira 2007-12-14 09:16 . 2007-12-14 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-13 22:30 . 2007-12-13 22:38 <DIR> d-------- C:\Documents and Settings\dell image\DoctorWeb 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d-------- C:\Program Files\Windows Live 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-13 22:01 . 2007-12-13 22:01 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-13 14:10 . 2007-12-13 14:10 <DIR> d-------- C:\Program Files\MSECache 2007-12-10 14:31 . 2007-12-10 14:31 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\vlc 2007-12-10 14:29 . 2007-12-10 14:29 <DIR> d-------- C:\Program Files\VideoLAN 2007-12-10 14:25 . 2007-12-10 14:25 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2007-12-05 00:54 . 2007-12-05 00:54 <DIR> d-------- C:\Documents and Settings\dell image\Application Data\DivX 2007-12-05 00:12 . 2007-12-05 00:12 <DIR> d-------- C:\Program Files\7-Zip 2007-11-30 17:06 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2007-11-30 17:06 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2007-11-30 17:06 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax 2007-11-30 17:06 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2007-11-30 17:06 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2007-11-30 17:06 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv 2007-11-30 17:06 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2007-11-30 17:06 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd 2007-11-30 17:06 . 2007-11-30 17:06 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-11-30 17:06 . 2007-11-30 17:06 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-11-30 17:01 . 1998-10-09 14:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe 2007-11-29 10:29 . 2007-12-10 14:38 <DIR> d-------- C:\Program Files\DivX 2007-11-26 14:21 . 2007-12-14 09:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-26 14:21 . 2007-12-13 21:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-26 14:21 . 2007-12-13 21:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-26 14:21 . 2007-12-13 21:16 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-25 21:24 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll 2007-11-25 20:51 . 2007-11-25 20:51 111,969 --------- C:\WINDOWS\hpoins11.dat.temp 2007-11-25 20:51 . 2006-05-06 09:25 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp 2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-11-25 20:43 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-25 20:43 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-11-25 20:43 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-11-25 20:43 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-11-25 20:43 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-11-25 20:43 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-11-25 20:43 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-11-25 20:42 . 2007-11-25 20:43 <DIR> d-------- C:\Program Files\HP 2007-11-25 20:42 . 2007-11-25 21:25 111,969 --a------ C:\WINDOWS\hpoins11.dat 2007-11-25 20:40 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll 2007-11-25 20:40 . 2006-01-04 09:12 77,824 --a------ C:\WINDOWS\system32\HPZIDS01.dll 2007-11-25 20:40 . 2006-05-06 09:25 6,947 --------- C:\WINDOWS\hpomdl11.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-17 19:14 --------- d-----w C:\Program Files\Alcohosoft 2007-12-13 18:47 --------- d-----w C:\Documents and Settings\dell image\Application Data\uTorrent 2007-12-13 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-10 13:38 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-10 13:38 --------- d-----w C:\Program Files\V-Direct v2.0b4 2007-12-10 13:25 --------- d-----w C:\Program Files\StuffPlug3 2007-11-26 13:47 --------- d-----w C:\Program Files\MSN Messenger 2007-11-26 13:41 --------- d-----w C:\Program Files\DAEMON Tools 2007-11-18 15:44 --------- d-----w C:\Documents and Settings\dell image\Application Data\Apple Computer 2007-11-16 19:09 --------- d-----w C:\Program Files\Common Files\McAfee 2007-11-16 09:59 --------- d-----w C:\Program Files\Google 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 17:37 --------- d-----w C:\Program Files\Intel 2007-11-12 16:51 --------- d-----w C:\Program Files\Alfa & Ariss 2007-11-12 12:05 --------- d-----w C:\Documents and Settings\dell image\Application Data\U3 2007-11-07 14:15 --------- d-----w C:\Documents and Settings\dell image\Application Data\Winamp 2007-11-05 09:51 --------- d-----w C:\Program Files\Guitar Pro 5 2007-11-05 07:50 --------- d-----w C:\Documents and Settings\dell image\Application Data\atitray 2007-11-05 07:41 --------- d-----w C:\Program Files\MultiRes 2007-11-05 07:40 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe 2007-11-05 07:40 --------- d-----w C:\Program Files\Radeon Omega Drivers 2007-11-03 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2007-11-02 15:25 --------- d-----w C:\Documents and Settings\dell image\Application Data\Atari 2007-11-02 15:21 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-02 15:20 --------- d-----w C:\Documents and Settings\dell image\Application Data\Leadertech 2007-11-02 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-02 15:12 --------- d-----w C:\Program Files\Common Files\PocketSoft 2007-11-02 14:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-31 20:42 --------- d-----w C:\Program Files\HammerHead 2007-10-31 15:19 --------- d-----w C:\Program Files\Winamp 2007-10-30 08:09 --------- d-----w C:\Documents and Settings\dell image\Application Data\Teleca 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 21:12 --------- d-----w C:\Documents and Settings\dell image\Application Data\Sony Ericsson 2007-10-29 21:09 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-10-29 21:09 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared 2007-10-29 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-10-29 21:08 --------- d-----w C:\Program Files\Sony Ericsson 2007-10-29 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca 2007-10-29 21:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-29 19:32 --------- d-----w C:\Program Files\uTorrent 2007-10-29 19:18 --------- d-----w C:\Program Files\Java 2007-10-29 19:17 --------- d-----w C:\Program Files\Common Files\Java 2007-10-29 18:53 --------- d-----w C:\Program Files\QuickTime 2007-10-29 18:52 --------- d-----w C:\Program Files\Apple Software Update 2007-10-29 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-29 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-29 18:07 --------- d-----w C:\Documents and Settings\dell image\Application Data\fretsonfire 2007-10-29 17:46 --------- d-----w C:\Documents and Settings\dell image\Application Data\ATI 2007-10-29 17:37 --------- d-----w C:\Program Files\ATI 2007-10-29 14:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-29 12:14 --------- d-----w C:\Program Files\Mozilla 2007-10-29 12:14 --------- d-----w C:\Documents and Settings\dell image\Application Data\Thunderbird 2007-10-29 12:14 --------- d-----w C:\Documents and Settings\dell image\Application Data\Talkback 2007-10-29 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-10-29 09:22 --------- d-----w C:\Program Files\MSXML 4.0 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-29 04:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-09-29 04:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 04:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-09-29 03:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-09-29 03:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 03:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-09-29 03:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-09-29 03:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-09-29 03:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-09-29 03:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 03:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-09-29 03:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-09-29 03:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-09-29 03:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-09-29 03:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-09-29 03:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-09-29 03:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-09-29 03:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-19_15.47.24.20 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-19 14:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-12-21 13:36:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-12-19 14:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-12-21 13:36:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-12-19 14:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-12-21 13:36:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48] "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 18:33 C:\WINDOWS\stsystra.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-17 10:43] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell image^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk] path=C:\Documents and Settings\dell image\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe . Contents of the 'Scheduled Tasks' folder "2007-10-29 11:26:46 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-10-29 11:26:45 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-21 15:18:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-21 15:18:30 C:\ComboFix2.txt ... 2007-12-20 22:22 C:\ComboFix3.txt ... 2007-12-19 15:48 . 2007-12-12 20:23:27 --- E O F ---
  • Leeg je Temp-mappen (Let op : de mappen [u:7a0861b527]leegmaken[/u:7a0861b527], niet verwijderen !!): C:\Windows\[b:7a0861b527]Temp[/b:7a0861b527] C:\Documents and Settings\<profielnaam>\Local Settings\[b:7a0861b527]Temp[/b:7a0861b527] C:\Documents and Settings\<profielnaam>\Local Settings\[b:7a0861b527]Temporary Internet Files[/b:7a0861b527] C:\Documents and Settings\<profielnaam>\Local Settings\Temporary Internet Files\[b:7a0861b527]content.ie5[/b:7a0861b527] Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er [b:7a0861b527]\content.ie5[/b:7a0861b527] achter in de adresbalk en klik enter. Maak je prullenbak leeg. Hoe is het met je problemen? Pim
  • Ik heb de tijdelijke mappen geleegd. De temp mappen waren zo goed als leeg, dat was een van de eerste dingen die ik had gedaan om de problemen op lossen. Ik moet helaas zeggen dat het niks beter is geworden.. Als de kopieer en/of sleep functie nou werkte, kon ik in ieder geval alles backuppen..
  • Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]Dr.Web Cureit[/url] naar je bureaublad. [list:bb42017fc3] * Dubbelklik [b:bb42017fc3]drweb-cureit.exe[/b:bb42017fc3] en sta het toe om de express scan te starten. * Indien een popup verschijnt met het voorstel tot kopen/50% korting, mag je deze sluiten met het kruisje. * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de [b:bb42017fc3]Yes to all[/b:bb42017fc3] knop bij de vraag 'cure it?'. Dit is enkel een korte scan. * Kies bovenaan in het menu voor [b:bb42017fc3]Language/Taal[/b:bb42017fc3] en wijzig deze naar [b:bb42017fc3]Dutch (Nederlands)[/b:bb42017fc3] indien deze bij jou anders staat ingesteld. * Druk op [b:bb42017fc3]F9[/b:bb42017fc3] en kies daarna voor [b:bb42017fc3]Acties[/b:bb42017fc3] en stel daar het volgende in onder [b:bb42017fc3]Malware[/b:bb42017fc3] : o Adware: [b:bb42017fc3]Verplaats[/b:bb42017fc3] Dialers: [b:bb42017fc3]Verplaats[/b:bb42017fc3] Jokes: [b:bb42017fc3]Rapportage[/b:bb42017fc3] Riskware: [b:bb42017fc3]Rapportage[/b:bb42017fc3] Hacktools: [b:bb42017fc3]Verplaats[/b:bb42017fc3] Haal dan het [b:bb42017fc3]vinkje weg bij "Prompt bij actie"[/b:bb42017fc3]. Druk dan op [b:bb42017fc3]OK[/b:bb42017fc3]. * Druk op [b:bb42017fc3]F9[/b:bb42017fc3] en kies daarna voor [b:bb42017fc3]Scan[/b:bb42017fc3] en verwijder het vinkje bij [b:bb42017fc3]Heuristische analyse[/b:bb42017fc3] en klik op [b:bb42017fc3]OK[/b:bb42017fc3]. * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations). * Selecteer hier [b:bb42017fc3]alle stations[/b:bb42017fc3]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. * Klik daarna de [color=green:bb42017fc3]groene pijl[/color:bb42017fc3] rechts om de scan te starten. * Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is. * Nadat de scan gedaan is, in het menu bovenaan, klik [b:bb42017fc3]Bestand[/b:bb42017fc3] en kies [b:bb42017fc3]Rapportage lijst opslaan[/b:bb42017fc3]. Bewaar het op je Bureaublad. * Sluit daarna Dr.Web Cureit. * [b:bb42017fc3]Herstart[/b:bb42017fc3] je computer!! [i:bb42017fc3]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.[/i:bb42017fc3] * Na het herstarten, [b:bb42017fc3]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.[/b:bb42017fc3] [/list:u:bb42017fc3] Dit wordt me laatste bericht voorlopig voordat ik op vakantie ga, misschien dat een andere helper in de tussentijd tijd heeft, maar het is nogal krap, geduld dus. Pim
  • Ik denk dat de handleiding voor CureIt voor een oudere versie bestemd is, want er zijn enkele dingen anders. De instellingen heb ik overgenomen en toen een volledige scan gedraaid. Er is helemaal niks gevonden en ik kon ook geen Rapportage opslaan. Tussendoor heb ik nog een keer Antivir gedraaid en die kon ook niks meer vinden. Ik ga nu proberen windows te herstellen, zodat ik misschien in ieder geval kan backuppen. In ieder geval heel erg bedankt voor al uw moeite.
  • Voor de herstel optie van de windows cd heb je een diskette nodig en mijn laptop heeft helemaal geen diskette station. Ik zit er aan te denken om misschien een tweede Windows XP pro instalatie te doen om dan wel met de bestanden te kunnen werken. Is er iemand die mij kan uitleggen of dit kan?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.