Vraag & Antwoord

Beveiliging & privacy

Trojan Vundo =\

22 antwoorden
  • Hallo, Ik heb last van het Trojan Vundo virus. Ik heb combofix al gedraaid, alleen als de pc opnieuw opgestart is krijg ik geen log. Weet iemand wat ik daaraan doen kan? Nou heb ik net HijackThis geinstalleerd en daar heb ik wel een log van. Here it is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:33, on 2007-12-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.memedia.com/advantage/moreinfo.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {3DA0F2D0-F0CD-425C-9323-B5A52203727F} - C:\WINDOWS\system32\ddaya.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\cbxutqq.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196792601655 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196857807765 O20 - Winlogon Notify: awtronk - awtronk.dll (file missing) O20 - Winlogon Notify: cbxutqq - C:\WINDOWS\SYSTEM32\cbxutqq.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 5686 bytes
  • kick
  • kan iemand mij plz helpen. Ik sta op het punt om windows er opnieuw op te zetten, want ik kan nu niets. Mijn bureaublad pictogrammen zijn weg en ik heb geen taakbalk.
  • Rustig aan hé! Ik kijk even voor je
  • Start Hijackthis, kies voor 'do a system scan only' en vink onderstaande regels aan: [b:95b0138835] O2 - BHO: (no name) - {3DA0F2D0-F0CD-425C-9323-B5A52203727F} - C:\WINDOWS\system32\ddaya.dll (file missing) O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\cbxutqq.dll O20 - Winlogon Notify: awtronk - awtronk.dll (file missing) O20 - Winlogon Notify: cbxutqq - C:\WINDOWS\SYSTEM32\cbxutqq.dll [/b:95b0138835] Sluit alle openstaande vensters, behalve Hijackthis en klik op 'Fix checked' Kun je de inhoud van C:\[b:95b0138835]Combofix.txt[/b:95b0138835] eens posten? Als je die niet kan vinden, laat combofix opnieuw runnen en post het logje, samen met een nieuw Hijackthis logfile. Pim :)
  • Ik krijg er volgens mij niet een te zien. En als ik Combofix opnieuw run maakt het niet uit, want hij geeft geen log. In C:\ComboFix staat dit: ComboFix 07-12-18.1 - Glenn 2007-12-18 19:31:02.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.207 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Glenn\Bureaublad\ComboFix.exe . [img:e106062430]http://img139.imageshack.us/img139/2731/lalzcc9.jpg[/img:e106062430]
  • Sla de regels die je niet kan vinden maar over, draai Combofix opnieuw en post die log :wink:
  • Ik heb combofix al 3 keer opnieuw gerunned, maar dat helpt niets, want ik krijg geen log als windows opnieuw opgestart is.
  • ComboFix 07-12-18.1 - Glenn 2007-12-18 20:08:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.238 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Glenn\Bureaublad\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))) . 2007-12-18 16:33 . 2007-12-18 16:33 <DIR> d----c--- C:\Program Files\Trend Micro 2007-12-18 16:12 . 2007-12-18 19:48 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn 2007-12-18 16:12 . 2007-12-18 16:12 1,409 --a--c--- C:\WINDOWS\QTFont.for 2007-12-18 16:04 . 2007-12-18 20:03 <DIR> dr-h-c--- C:\Documents and Settings\Glenn\Onlangs geopend 2007-12-18 13:44 . 2007-05-16 09:41 29,704 --a--c--- C:\WINDOWS\system32\uxtuneup.dll 2007-12-18 13:43 . 2007-12-18 13:44 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2007 2007-12-18 13:43 . 2007-12-18 13:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-12-17 16:14 . 2007-12-17 22:20 <DIR> d----c--- C:\Program Files\Winamp Remote 2007-12-17 16:12 . 2007-12-17 16:17 <DIR> d----c--- C:\Program Files\Winamp 2007-12-17 16:12 . 2007-12-17 16:20 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Winamp 2007-12-15 14:09 . 2007-12-15 14:10 <DIR> d----c--- C:\Program Files\Macromedia 2007-12-15 14:09 . 2007-12-15 14:13 <DIR> d----c--- C:\Program Files\Common Files\Macromedia 2007-12-15 14:08 . 2007-12-15 14:08 <DIR> d----c--- C:\WINDOWS\Downloaded Installations 2007-12-14 15:22 . 2007-12-14 15:22 <DIR> d----c--- C:\WINDOWS\Sun 2007-12-14 14:38 . 2007-12-14 14:42 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Hamachi 2007-12-14 14:37 . 2007-12-14 14:37 25,280 --a--c--- C:\WINDOWS\system32\drivers\hamachi.sys 2007-12-13 16:21 . 2007-12-16 15:42 <DIR> d----c--- C:\Program Files\TrackMania Nations ESWC 2007-12-12 17:11 . 2007-12-12 17:12 <DIR> d----c--- C:\Program Files\Pivot Stickfigure Animator 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll 2007-12-11 21:07 . 2007-12-11 21:07 121 --a--c--- C:\WINDOWS\bdagent.INI 2007-12-11 14:08 . 2007-12-11 16:16 6,144 --ahsc--- C:\WINDOWS\Thumbs.db 2007-12-11 13:30 . 2007-12-11 13:30 <DIR> d----c--- C:\Program Files\Rockstar Games 2007-12-09 19:17 . 2007-12-09 19:17 <DIR> d----c--- C:\Program Files\MSXML 4.0 2007-12-08 23:45 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll 2007-12-08 23:15 . 2005-03-03 20:32 86,094 --a--c--- C:\WINDOWS\system32\ImageDrive.cpl 2007-12-08 23:01 . 2007-12-18 19:49 116 --a--c--- C:\WINDOWS\NeroDigital.ini 2007-12-08 21:34 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-12-08 21:34 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-12-08 21:33 . 2004-07-26 17:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll 2007-12-08 21:33 . 2004-07-26 17:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll 2007-12-08 21:33 . 2004-07-26 17:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll 2007-12-08 21:33 . 2004-07-26 17:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll 2007-12-08 21:33 . 2000-06-26 10:45 106,496 --a--c--- C:\WINDOWS\system32\TwnLib20.dll 2007-12-08 21:32 . 2007-12-08 21:32 <DIR> d----c--- C:\Program Files\Common Files\Ahead 2007-12-08 21:32 . 2007-12-08 21:33 <DIR> d----c--- C:\Program Files\Ahead 2007-12-08 21:32 . 2006-01-12 15:40 155,648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe 2007-12-08 19:41 . 2007-12-08 19:41 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\BitDefender 2007-12-08 19:41 . 2007-12-08 21:19 81,984 --a--c--- C:\WINDOWS\system32\bdod.bin 2007-12-08 19:39 . 2007-12-08 19:39 <DIR> d----c--- C:\Program Files\BitDefender 2007-12-08 19:39 . 2007-12-08 19:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BitDefender 2007-12-08 19:38 . 2007-12-08 19:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-08 19:35 . 2007-12-08 19:39 <DIR> d----c--- C:\Program Files\Common Files\BitDefender 2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d----c--- C:\Program Files\Webroot 2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d----c--- C:\Program Files\Common Files\Webroot Shared 2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Webroot 2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Webroot 2007-12-08 18:48 . 2007-11-26 14:47 194,888 --a--c--- C:\WINDOWS\Unwash6.exe 2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d----c--- C:\WINDOWS\system32\XPSViewer 2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d----c--- C:\Program Files\Reference Assemblies 2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d----c--- C:\Program Files\MSBuild 2007-12-07 23:02 . 2006-06-29 13:07 14,048 -----c--- C:\WINDOWS\system32\spmsg2.dll 2007-12-07 18:35 . 2007-12-07 18:35 287 --a--c--- C:\WINDOWS\game.ini 2007-12-07 18:24 . 2007-12-07 18:26 <DIR> d----c--- C:\WINDOWS\system32\NtmsData 2007-12-07 18:05 . 2007-12-07 18:05 <DIR> d----c--- C:\Program Files\Activision 2007-12-07 17:37 . 2007-12-07 17:37 <DIR> d--hsc--- C:\WINDOWS\ftpcache 2007-12-07 17:25 . 2007-12-07 17:25 <DIR> d----c--- C:\Program Files\MagicDisc 2007-12-07 17:25 . 2007-09-05 01:46 92,544 --a--c--- C:\WINDOWS\system32\drivers\mcdbus.sys 2007-12-07 16:41 . 2007-12-08 23:20 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Ahead 2007-12-06 23:01 . 2007-12-06 23:01 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-05 21:51 . 2007-12-05 21:51 <DIR> d----c--- C:\Program Files\Webteh 2007-12-05 21:51 . 2007-12-05 22:02 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\BSplayer PRO 2007-12-05 21:41 . 2007-12-05 21:41 <DIR> d----c--- C:\Program Files\MSXML 6.0 2007-12-05 21:25 . 2007-12-05 21:25 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\vlc 2007-12-05 21:22 . 2007-12-05 21:22 <DIR> d----c--- C:\Program Files\VideoLAN 2007-12-05 21:18 . 2007-12-05 21:18 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Thinstall 2007-12-05 17:36 . 2007-07-09 14:20 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-12-05 16:48 . 2007-07-30 19:19 271,224 --a--c--- C:\WINDOWS\system32\mucltui.dll 2007-12-05 16:48 . 2007-07-30 19:18 30,072 --a--c--- C:\WINDOWS\system32\mucltui.dll.mui 2007-12-05 14:55 . 2007-12-05 14:56 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\MSN6 2007-12-05 14:55 . 2007-12-05 14:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MSN6 2007-12-05 14:41 . 2007-12-05 14:41 395 --a--c--- C:\WINDOWS\ODBC.INI 2007-12-05 14:40 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-05 14:35 . 2007-12-13 20:34 <DIR> d----c--- C:\Program Files\DivX 2007-12-05 14:30 . 2007-12-05 14:32 <DIR> d----c--- C:\WINDOWS\SHELLNEW 2007-12-05 14:30 . 2007-12-05 14:30 <DIR> d----c--- C:\Program Files\Microsoft.NET 2007-12-05 14:23 . 2007-12-05 14:23 <DIR> dr-h-c--- C:\MSOCache 2007-12-05 13:52 . 2007-12-13 12:23 <DIR> d----c--- C:\Documents and Settings\Glenn\Contacts 2007-12-05 13:43 . 2007-12-18 13:37 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\uTorrent 2007-12-05 13:41 . 2007-12-05 13:41 <DIR> d----c--- C:\Program Files\Lx_cats 2007-12-05 13:41 . 2007-12-05 13:41 9,531 --a--c--- C:\WINDOWS\system32\LexFiles.ulf 2007-12-05 13:40 . 2004-11-09 15:29 65,536 -ra--c--- C:\WINDOWS\system32\lxbycfg.dll 2007-12-05 13:40 . 2005-01-20 18:43 1,385 -ra--c--- C:\WINDOWS\system32\lxby.loc 2007-12-05 13:39 . 2007-12-05 19:04 <DIR> d----c--- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} 2007-12-05 13:39 . 2007-12-05 13:41 <DIR> d----c--- C:\Program Files\Lexmark P910 Series 2007-12-05 13:34 . 2007-12-05 13:34 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\TuneUp Software 2007-12-04 22:01 . 2007-12-05 13:50 <DIR> d----c--- C:\Program Files\Windows Live 2007-12-04 22:01 . 2007-12-05 13:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-04 22:00 . 2007-12-05 19:08 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-04 21:56 . 2007-12-04 21:57 <DIR> d----c--- C:\WINDOWS\system32\nl-nl 2007-12-04 21:51 . 2007-12-12 17:14 <DIR> d--h-c--- C:\WINDOWS\$hf_mig$ 2007-12-04 21:50 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-04 21:50 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-04 21:50 . 2007-03-08 06:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-04 21:50 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-04 21:50 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-04 21:50 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-04 21:50 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-04 21:50 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-04 21:50 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-11 13:08 --------- dc----w C:\Program Files\QuickTime 2007-12-07 16:42 --------- dc----w C:\Program Files\Common Files\InstallShield 2007-12-04 17:57 --------- dc----w C:\Program Files\iTunes 2007-12-04 17:57 --------- dc----w C:\Program Files\iPod 2007-12-04 17:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-04 17:57 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2007-12-04 17:56 --------- dc----w C:\Program Files\Apple Software Update 2007-12-04 17:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-04 17:52 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-04 17:47 --------- dc----w C:\Program Files\CCleaner 2007-12-04 16:59 --------- dc----w C:\Program Files\microsoft frontpage 2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:45 1,291,776 -c--a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 00:47 96,760 -c--a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 -c--a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 -c--a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 -c--a-w C:\WINDOWS\system32\mscorier.dll 2007-10-22 02:39 267,272 -c--a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 66,056 -c--a-w C:\WINDOWS\system32\dxdllreg.exe 2007-10-22 02:37 17,928 -c--a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-12 14:14 3,734,536 -c--a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 -c--a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-11 08:55 88,576 -c--a-w C:\WINDOWS\system32\infocardapi.dll 2007-10-11 08:55 579,584 -c--a-w C:\WINDOWS\system32\icardagt.exe 2007-10-11 08:55 11,776 -c--a-w C:\WINDOWS\system32\icardres.dll 2007-10-09 12:03 779,800 -c--a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2007-10-09 12:03 73,752 -c--a-w C:\WINDOWS\system32\dxva2.dll 2007-10-09 12:03 493,080 -c--a-w C:\WINDOWS\system32\evr.dll 2007-10-09 12:03 350,744 -c--a-w C:\WINDOWS\system32\PresentationHost.exe 2007-10-09 12:03 33,304 -c--a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2007-10-09 12:03 161,304 -c--a-w C:\WINDOWS\system32\UIAutomationCore.dll 2007-10-09 12:03 106,520 -c--a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2007-10-09 12:03 1,986,072 -c--a-w C:\WINDOWS\system32\milcore.dll 2007-10-09 11:58 16,896 -c--a-w C:\WINDOWS\system32\tswpfwrp.exe 2007-10-04 17:16 356,352 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-10-04 16:14 81,920 -c--a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 16:14 753,664 -c--a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 16:14 6,750,208 -c--a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 16:14 6,344,704 -c--a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-04 16:14 45,056 -c--a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 16:14 442,368 -c--a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-04 16:14 425,984 -c--a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 16:14 36,864 -c--a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 16:14 36,864 -c--a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 16:14 356,352 -c--a-w C:\WINDOWS\system32\nvudisp.exe 2007-10-04 16:14 307,200 -c--a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 16:14 3,551,232 -c--a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 16:14 3,334,144 -c--a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 16:14 286,720 -c--a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 16:14 229,376 -c--a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-04 16:14 2,371,584 -c--a-w C:\WINDOWS\system32\nvwss.dll 2007-10-04 16:14 188,416 -c--a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-04 16:14 147,456 -c--a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-04 16:14 1,703,936 -c--a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-04 16:14 1,626,112 -c--a-w C:\WINDOWS\system32\nwiz.exe 2007-10-04 16:14 1,478,656 -c--a-w C:\WINDOWS\system32\nview.dll 2007-10-04 16:14 1,339,392 -c--a-w C:\WINDOWS\system32\nvdspsch.exe 2007-10-04 16:14 1,150,976 -c--a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-04 16:14 1,019,904 -c--a-w C:\WINDOWS\system32\nvwimg.dll 2007-10-02 08:56 444,776 -c--a-w C:\WINDOWS\system32\d3dx10_36.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4F90-B10D-FC6124A40F8C} [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}] [HKEY_CLASSES_ROOT\BitDefender Toolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe] "LXBYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-07-10 14:47] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe -k netsvcs [] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-07-10 14:47] R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-07-12 16:28] R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-07-02 16:29] R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map "2007-12-18 12:44:25 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2007-12-18 16:01:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-14 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-18 20:10:12 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . Voltooingstijd: 2007-12-18 20:12:09 . 2007-12-17 14:24:44 --- E O F ---
  • even opnieuw gedaan en nu wel een logje :)
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:c913298aa2] Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "381FFDE8-2394-4F90-B10D-FC6124A40F8C"=- [-HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}] [/b:c913298aa2] Sla dit op op je Bureaublad als [b:c913298aa2]CFScript.txt[/b:c913298aa2] Sleep [b:c913298aa2]CFScript.txt[/b:c913298aa2] in [b:c913298aa2]ComboFix.exe[/b:c913298aa2] zoals getoond in onderstaand voorbeeld : [img:c913298aa2]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:c913298aa2] Dit zal [b:c913298aa2]ComboFix[/b:c913298aa2] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:c913298aa2]Combofix.txt[/b:c913298aa2] in je volgende antwoord samen met een nieuw HijackThislogje. Hoe is het inmiddels met je problemen? Pim :)
  • [quote:23a064ce42="pimvandenderen"]Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:23a064ce42] Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "381FFDE8-2394-4F90-B10D-FC6124A40F8C"=- [-HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}] [/b:23a064ce42] Sla dit op op je Bureaublad als [b:23a064ce42]CFScript.txt[/b:23a064ce42] Sleep [b:23a064ce42]CFScript.txt[/b:23a064ce42] in [b:23a064ce42]ComboFix.exe[/b:23a064ce42] zoals getoond in onderstaand voorbeeld : [img:23a064ce42]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:23a064ce42] Dit zal [b:23a064ce42]ComboFix[/b:23a064ce42] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:23a064ce42]Combofix.txt[/b:23a064ce42] in je volgende antwoord samen met een nieuw HijackThislogje. Hoe is het inmiddels met je problemen? Pim :)[/quote:23a064ce42]Bedankt, het gaat nu goed met mijn pc. Ik heb nu tenminste een taakbalk en bureuabladachterpictogrammen. :D. Eerst moest ik alles vanuit taakbeheer doen en nu kan ik m'n pc weer normaal gebruiken. Ik ga nu doen dat kladblokbestandje in Combofix doen.
  • ComboFix 07-12-18.1 - Glenn 2007-12-19 16:12:29.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.264 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Glenn\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Glenn\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))) . 2007-12-19 14:56 . 2007-12-19 14:56 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn 2007-12-19 14:56 . 2007-12-19 14:56 1,409 --a--c--- C:\WINDOWS\QTFont.for 2007-12-18 16:33 . 2007-12-18 16:33 <DIR> d----c--- C:\Program Files\Trend Micro 2007-12-18 16:04 . 2007-12-19 15:10 <DIR> dr-h-c--- C:\Documents and Settings\Glenn\Onlangs geopend 2007-12-18 13:44 . 2007-05-16 09:41 29,704 --a--c--- C:\WINDOWS\system32\uxtuneup.dll 2007-12-18 13:43 . 2007-12-18 13:44 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2007 2007-12-18 13:43 . 2007-12-18 13:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-12-17 16:14 . 2007-12-17 22:20 <DIR> d----c--- C:\Program Files\Winamp Remote 2007-12-17 16:12 . 2007-12-17 16:17 <DIR> d----c--- C:\Program Files\Winamp 2007-12-17 16:12 . 2007-12-17 16:20 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Winamp 2007-12-15 14:09 . 2007-12-15 14:10 <DIR> d----c--- C:\Program Files\Macromedia 2007-12-15 14:09 . 2007-12-15 14:13 <DIR> d----c--- C:\Program Files\Common Files\Macromedia 2007-12-15 14:08 . 2007-12-15 14:08 <DIR> d----c--- C:\WINDOWS\Downloaded Installations 2007-12-14 15:22 . 2007-12-14 15:22 <DIR> d----c--- C:\WINDOWS\Sun 2007-12-14 14:38 . 2007-12-14 14:42 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Hamachi 2007-12-14 14:37 . 2007-12-14 14:37 25,280 --a--c--- C:\WINDOWS\system32\drivers\hamachi.sys 2007-12-13 16:21 . 2007-12-16 15:42 <DIR> d----c--- C:\Program Files\TrackMania Nations ESWC 2007-12-12 17:11 . 2007-12-12 17:12 <DIR> d----c--- C:\Program Files\Pivot Stickfigure Animator 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll 2007-12-11 21:07 . 2007-12-11 21:07 121 --a--c--- C:\WINDOWS\bdagent.INI 2007-12-11 14:08 . 2007-12-11 16:16 6,144 --ahsc--- C:\WINDOWS\Thumbs.db 2007-12-11 13:30 . 2007-12-11 13:30 <DIR> d----c--- C:\Program Files\Rockstar Games 2007-12-09 19:17 . 2007-12-09 19:17 <DIR> d----c--- C:\Program Files\MSXML 4.0 2007-12-08 23:45 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll 2007-12-08 23:15 . 2005-03-03 20:32 86,094 --a--c--- C:\WINDOWS\system32\ImageDrive.cpl 2007-12-08 23:01 . 2007-12-18 19:49 116 --a--c--- C:\WINDOWS\NeroDigital.ini 2007-12-08 21:34 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-12-08 21:34 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-12-08 21:33 . 2004-07-26 17:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll 2007-12-08 21:33 . 2004-07-26 17:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll 2007-12-08 21:33 . 2004-07-26 17:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll 2007-12-08 21:33 . 2004-07-26 17:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll 2007-12-08 21:33 . 2000-06-26 10:45 106,496 --a--c--- C:\WINDOWS\system32\TwnLib20.dll 2007-12-08 21:32 . 2007-12-08 21:32 <DIR> d----c--- C:\Program Files\Common Files\Ahead 2007-12-08 21:32 . 2007-12-08 21:33 <DIR> d----c--- C:\Program Files\Ahead 2007-12-08 21:32 . 2006-01-12 15:40 155,648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe 2007-12-08 19:41 . 2007-12-08 19:41 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\BitDefender 2007-12-08 19:41 . 2007-12-08 21:19 81,984 --a--c--- C:\WINDOWS\system32\bdod.bin 2007-12-08 19:39 . 2007-12-08 19:39 <DIR> d----c--- C:\Program Files\BitDefender 2007-12-08 19:39 . 2007-12-08 19:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BitDefender 2007-12-08 19:38 . 2007-12-08 19:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-08 19:35 . 2007-12-08 19:39 <DIR> d----c--- C:\Program Files\Common Files\BitDefender 2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d----c--- C:\Program Files\Webroot 2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d----c--- C:\Program Files\Common Files\Webroot Shared 2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Webroot 2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Webroot 2007-12-08 18:48 . 2007-11-26 14:47 194,888 --a--c--- C:\WINDOWS\Unwash6.exe 2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d----c--- C:\WINDOWS\system32\XPSViewer 2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d----c--- C:\Program Files\Reference Assemblies 2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d----c--- C:\Program Files\MSBuild 2007-12-07 23:02 . 2006-06-29 13:07 14,048 -----c--- C:\WINDOWS\system32\spmsg2.dll 2007-12-07 18:35 . 2007-12-07 18:35 287 --a--c--- C:\WINDOWS\game.ini 2007-12-07 18:24 . 2007-12-07 18:26 <DIR> d----c--- C:\WINDOWS\system32\NtmsData 2007-12-07 18:05 . 2007-12-07 18:05 <DIR> d----c--- C:\Program Files\Activision 2007-12-07 17:37 . 2007-12-07 17:37 <DIR> d--hsc--- C:\WINDOWS\ftpcache 2007-12-07 17:25 . 2007-12-07 17:25 <DIR> d----c--- C:\Program Files\MagicDisc 2007-12-07 17:25 . 2007-09-05 01:46 92,544 --a--c--- C:\WINDOWS\system32\drivers\mcdbus.sys 2007-12-07 16:41 . 2007-12-08 23:20 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Ahead 2007-12-06 23:01 . 2007-12-06 23:01 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Ahead 2007-12-05 21:51 . 2007-12-05 21:51 <DIR> d----c--- C:\Program Files\Webteh 2007-12-05 21:51 . 2007-12-05 22:02 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\BSplayer PRO 2007-12-05 21:41 . 2007-12-05 21:41 <DIR> d----c--- C:\Program Files\MSXML 6.0 2007-12-05 21:25 . 2007-12-05 21:25 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\vlc 2007-12-05 21:22 . 2007-12-05 21:22 <DIR> d----c--- C:\Program Files\VideoLAN 2007-12-05 21:18 . 2007-12-05 21:18 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\Thinstall 2007-12-05 17:36 . 2007-07-09 14:20 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-12-05 16:48 . 2007-07-30 19:19 271,224 --a--c--- C:\WINDOWS\system32\mucltui.dll 2007-12-05 16:48 . 2007-07-30 19:18 30,072 --a--c--- C:\WINDOWS\system32\mucltui.dll.mui 2007-12-05 14:55 . 2007-12-05 14:56 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\MSN6 2007-12-05 14:55 . 2007-12-05 14:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MSN6 2007-12-05 14:41 . 2007-12-05 14:41 395 --a--c--- C:\WINDOWS\ODBC.INI 2007-12-05 14:40 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-05 14:35 . 2007-12-13 20:34 <DIR> d----c--- C:\Program Files\DivX 2007-12-05 14:30 . 2007-12-05 14:32 <DIR> d----c--- C:\WINDOWS\SHELLNEW 2007-12-05 14:30 . 2007-12-05 14:30 <DIR> d----c--- C:\Program Files\Microsoft.NET 2007-12-05 14:23 . 2007-12-05 14:23 <DIR> dr-h-c--- C:\MSOCache 2007-12-05 13:52 . 2007-12-13 12:23 <DIR> d----c--- C:\Documents and Settings\Glenn\Contacts 2007-12-05 13:43 . 2007-12-18 13:37 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\uTorrent 2007-12-05 13:41 . 2007-12-05 13:41 <DIR> d----c--- C:\Program Files\Lx_cats 2007-12-05 13:41 . 2007-12-05 13:41 9,531 --a--c--- C:\WINDOWS\system32\LexFiles.ulf 2007-12-05 13:40 . 2004-11-09 15:29 65,536 -ra--c--- C:\WINDOWS\system32\lxbycfg.dll 2007-12-05 13:40 . 2005-01-20 18:43 1,385 -ra--c--- C:\WINDOWS\system32\lxby.loc 2007-12-05 13:39 . 2007-12-05 19:04 <DIR> d----c--- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} 2007-12-05 13:39 . 2007-12-05 13:41 <DIR> d----c--- C:\Program Files\Lexmark P910 Series 2007-12-05 13:34 . 2007-12-05 13:34 <DIR> d----c--- C:\Documents and Settings\Glenn\Application Data\TuneUp Software 2007-12-04 22:01 . 2007-12-05 13:50 <DIR> d----c--- C:\Program Files\Windows Live 2007-12-04 22:01 . 2007-12-05 13:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-04 22:00 . 2007-12-05 19:08 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-04 21:56 . 2007-12-04 21:57 <DIR> d----c--- C:\WINDOWS\system32\nl-nl 2007-12-04 21:51 . 2007-12-12 17:14 <DIR> d--h-c--- C:\WINDOWS\$hf_mig$ 2007-12-04 21:50 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-04 21:50 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-04 21:50 . 2007-03-08 06:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-04 21:50 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-04 21:50 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-04 21:50 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-04 21:50 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-04 21:50 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-04 21:50 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-11 13:08 --------- dc----w C:\Program Files\QuickTime 2007-12-07 16:42 --------- dc----w C:\Program Files\Common Files\InstallShield 2007-12-04 17:57 --------- dc----w C:\Program Files\iTunes 2007-12-04 17:57 --------- dc----w C:\Program Files\iPod 2007-12-04 17:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-04 17:57 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2007-12-04 17:56 --------- dc----w C:\Program Files\Apple Software Update 2007-12-04 17:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-04 17:52 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-04 17:47 --------- dc----w C:\Program Files\CCleaner 2007-12-04 16:59 --------- dc----w C:\Program Files\microsoft frontpage 2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:45 1,291,776 -c--a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 00:47 96,760 -c--a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 -c--a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 -c--a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 -c--a-w C:\WINDOWS\system32\mscorier.dll 2007-10-22 02:39 267,272 -c--a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 66,056 -c--a-w C:\WINDOWS\system32\dxdllreg.exe 2007-10-22 02:37 17,928 -c--a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-12 14:14 3,734,536 -c--a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 -c--a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-11 08:55 88,576 -c--a-w C:\WINDOWS\system32\infocardapi.dll 2007-10-11 08:55 579,584 -c--a-w C:\WINDOWS\system32\icardagt.exe 2007-10-11 08:55 11,776 -c--a-w C:\WINDOWS\system32\icardres.dll 2007-10-09 12:03 779,800 -c--a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2007-10-09 12:03 73,752 -c--a-w C:\WINDOWS\system32\dxva2.dll 2007-10-09 12:03 493,080 -c--a-w C:\WINDOWS\system32\evr.dll 2007-10-09 12:03 350,744 -c--a-w C:\WINDOWS\system32\PresentationHost.exe 2007-10-09 12:03 33,304 -c--a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2007-10-09 12:03 161,304 -c--a-w C:\WINDOWS\system32\UIAutomationCore.dll 2007-10-09 12:03 106,520 -c--a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2007-10-09 12:03 1,986,072 -c--a-w C:\WINDOWS\system32\milcore.dll 2007-10-09 11:58 16,896 -c--a-w C:\WINDOWS\system32\tswpfwrp.exe 2007-10-04 17:16 356,352 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-10-04 16:14 81,920 -c--a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 16:14 753,664 -c--a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 16:14 6,750,208 -c--a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 16:14 6,344,704 -c--a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-04 16:14 45,056 -c--a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 16:14 442,368 -c--a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-04 16:14 425,984 -c--a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 16:14 36,864 -c--a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 16:14 36,864 -c--a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 16:14 356,352 -c--a-w C:\WINDOWS\system32\nvudisp.exe 2007-10-04 16:14 307,200 -c--a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 16:14 3,551,232 -c--a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 16:14 3,334,144 -c--a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 16:14 286,720 -c--a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 16:14 229,376 -c--a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-04 16:14 2,371,584 -c--a-w C:\WINDOWS\system32\nvwss.dll 2007-10-04 16:14 188,416 -c--a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-04 16:14 147,456 -c--a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-04 16:14 1,703,936 -c--a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-04 16:14 1,626,112 -c--a-w C:\WINDOWS\system32\nwiz.exe 2007-10-04 16:14 1,478,656 -c--a-w C:\WINDOWS\system32\nview.dll 2007-10-04 16:14 1,339,392 -c--a-w C:\WINDOWS\system32\nvdspsch.exe 2007-10-04 16:14 1,150,976 -c--a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-04 16:14 1,019,904 -c--a-w C:\WINDOWS\system32\nvwimg.dll 2007-10-02 08:56 444,776 -c--a-w C:\WINDOWS\system32\d3dx10_36.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe] "LXBYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-07-10 14:47] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe -k netsvcs [] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-07-10 14:47] R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-07-12 16:28] R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-07-02 16:29] R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map "2007-12-18 12:44:25 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2007-12-18 16:01:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-14 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-19 16:15:18 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . Voltooingstijd: 2007-12-19 16:16:21 C:\ComboFix2.txt ... 2007-12-18 20:12 . 2007-12-17 14:24:44 --- E O F ---
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:27:47, on 19-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.memedia.com/advantage/moreinfo.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196792601655 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196857807765 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 5353 bytes
  • Onderstaande regel mag je aanvinken en daarna klikken op 'Fix Checked' [b:b50b456fcd]O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) [/b:b50b456fcd] Deinstalleer Combofix, ga naar start --> uitvoeren en typ daar: [b:b50b456fcd]Combofix /u[/b:b50b456fcd]. Hoe is het met je problemen? Pim
  • [quote:b4690c7c43="pimvandenderen"]Onderstaande regel mag je aanvinken en daarna klikken op 'Fix Checked' [b:b4690c7c43]O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) [/b:b4690c7c43] Deinstalleer Combofix, ga naar start --> uitvoeren en typ daar: [b:b4690c7c43]Combofix /u[/b:b4690c7c43]. Hoe is het met je problemen? Pim[/quote:b4690c7c43]Thnx. Het gaat goed met m'n problemen, heb nergens last van. :D
  • Kan ik Hijackthis en de logjes nu verwijderen, of moet er nog iets gebeuren?
  • Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner[/url] (by Atribune) Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:0680dbd8f6]Select All[/b:0680dbd8f6]. Klik op de knop [b:0680dbd8f6]Empty Selected[/b:0680dbd8f6]. Het volgende doen als je ook [u:0680dbd8f6]FireFox[/u:0680dbd8f6] als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:0680dbd8f6]Select All[/b:0680dbd8f6]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:0680dbd8f6]Empty Selected.[/b:0680dbd8f6] Het volgende doen als je ook [u:0680dbd8f6]Opera[/u:0680dbd8f6] als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:0680dbd8f6]Select All[/b:0680dbd8f6]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:0680dbd8f6]Empty Selected[/b:0680dbd8f6]. Ga naar het tabblad "Main" en klik op de knop [b:0680dbd8f6]Exit[/b:0680dbd8f6] om het programma af te sluiten. Lees om herhaling te voorkomen deze beveiligingstips nog eens door: http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html Voor de rest is het goed :) Pim
  • Bedankt, serieus. :D Ik heb geen indee hoe dit virus zomaar op mijn computer kon komen, want ik heb een hele goeie virusscanner namelijk bitdefender. En een firewall heb ik ook aan staan. Maarja, het is nu tenminste weer goed zoals het hoort. :)
  • En dat ATF cleaner.. is dat zoiets als ccleaner, want dat heb ik namlelijk wel.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.