Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Spyware/virus probleem

None
11 antwoorden
  • K'heb last van een virusje/spyware die telkens mijn antivirus besmet. Bij het opstarten van mijn pc verschijnt er ook een lege msdos schermpje met daarboven gbeex??? Kan iemand mij aub helpen, hieronder vind je het Hijackthislogje dank

    Logfile of HijackThis v1.99.1
    Scan saved at 8:16:12, on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Documents and Settings\Amin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {54877DF1-BDF9-4ABA-B6DB-796B51D1B1F5} - D:\WINDOWS\system32\mljjg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - D:\WINDOWS\system32\awttsqr.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: awttsqr - D:\WINDOWS\SYSTEM32\awttsqr.dll
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  • Oude versie van HJT gooi die maar weg.

    Download [b:142f66770a]HijackThis Install[/color:142f66770a][/b:142f66770a] en sla deze op je bureaublad op.
    Open [b:142f66770a]HJTinstall.exe[/b:142f66770a] om HijackThis te installeren.

    Dubbelklik op het Icoontje van Hijackthis op je bureaublad
    [i:142f66770a](indien je meldingen krijgt, gewoon op OK ed. drukken)[/i:142f66770a].
    Kies de bovenste optie: "[b:142f66770a]Do a systemscan and save a logfile[/b:142f66770a]".

    Als deze scan compleet is zal er een kladblok/notepad bestand openen.
    Kopieer de inhoud van dit bestand en post het in het in je volgende reactie.



    Download [b:142f66770a]Combofix[/b:142f66770a] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:142f66770a]download Combofix opnieuw[/b:142f66770a]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:142f66770a]
    Dubbelklik op [b:142f66770a]Combofix.exe[/b:142f66770a]
    Volg de instructies, aanvaard de disclaimer door [b:142f66770a]1[/b:142f66770a] (continue) te typen, gevolgd door [b:142f66770a]ENTER[/b:142f66770a].
    Tijdens het runnen van de fix, [b:142f66770a]NIET[/b:142f66770a] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:142f66770a]
    Wanneer de fix voltooid is en na herstart, zal de log [b:142f66770a]combofix.txt[/b:142f66770a] openen.
    [i:142f66770a]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:142f66770a]

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:142f66770a]
    O2 - BHO: (no name) - {54877DF1-BDF9-4ABA-B6DB-796B51D1B1F5} - D:\WINDOWS\system32\mljjg.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O20 - Winlogon Notify: awttsqr - D:\WINDOWS\SYSTEM32\awttsqr.dll
    [/b:142f66770a]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.
  • Dank u zeer voor jou hulp, hieronder vind je het nieuwe hijackthislogje en het combofixlogje :wink:

    ComboFix 08-01-20.1 - Amin 2008-01-20 23:14:45.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.107 [GMT 1:00]
    Running from: D:\Documents and Settings\Amin\Desktop\ComboFix.exe
    * Created a new restore point

    [b:37789cb434]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b:37789cb434][/color:37789cb434]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\WINDOWS\system32\awtss.dll
    D:\WINDOWS\system32\awttsqr.dll
    D:\WINDOWS\system32\gjjlm.ini
    D:\WINDOWS\system32\gjjlm.ini2
    D:\WINDOWS\system32\jkkll.dll
    D:\WINDOWS\system32\jkkll.exe
    D:\WINDOWS\system32\llkkj.ini
    D:\WINDOWS\system32\llkkj.ini2
    D:\WINDOWS\system32\mljjg.exe
    D:\WINDOWS\system32\pmnlkjh.dll
    D:\WINDOWS\system32\sstwa.ini2
    D:\WINDOWS\system32\vtutrpo.dll
    D:\WINDOWS\system32\xbeeg.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
    .

    2008-01-20 23:11 . 2000-08-31 08:00 51,200 –a—— D:\WINDOWS\NirCmd.exe
    2008-01-20 23:09 . 2008-01-20 23:09 <DIR> d——– D:\Program Files\Trend Micro
    2008-01-20 07:45 . 2008-01-20 07:45 <DIR> d——– D:\Program Files\Ashampoo
    2008-01-20 01:38 . 2008-01-20 08:09 <DIR> d——– D:\Program Files\CCleaner
    2008-01-20 01:33 . 2008-01-20 01:33 <DIR> d——– D:\VundoFix Backups
    2008-01-19 07:19 . 2008-01-20 08:01 210 –ah—– D:\WINDOWS\sysdata.dat
    2008-01-19 07:18 . 2008-01-20 01:53 282 –ah—– D:\WINDOWS\wininf.dat
    2008-01-19 07:17 . 2008-01-19 07:19 <DIR> d——– D:\Program Files\Dachshund Software
    2008-01-19 07:17 . 2008-01-20 08:04 199 –ah—– D:\WINDOWS\winshell.dat
    2008-01-19 07:02 . 2008-01-20 08:09 <DIR> d——– D:\Program Files\Spyware Doctor
    2008-01-19 04:12 . 2007-12-21 08:21 71,176 –a—— D:\WINDOWS\system32\drivers\epfw.sys
    2008-01-19 04:12 . 2007-12-21 08:21 53,768 –a—— D:\WINDOWS\system32\drivers\epfwtdi.sys
    2008-01-19 04:12 . 2007-12-21 08:21 30,728 –a—— D:\WINDOWS\system32\drivers\epfwndis.sys
    2008-01-19 03:47 . 2008-01-19 03:47 <DIR> d——– D:\Documents and Settings\Amin\Application Data\ESET
    2008-01-19 03:45 . 2008-01-19 04:12 <DIR> d——– D:\Documents and Settings\All Users\Application Data\ESET
    2008-01-19 02:41 . 2008-01-19 03:01 <DIR> d——– D:\WINDOWS\BDOSCAN8
    2008-01-18 10:19 . 2008-01-19 06:38 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-02 22:26 . 2008-01-02 22:26 38 –a—— D:\WINDOWS\avisplitter.INI
    2007-12-30 05:13 . 2007-12-30 05:13 <DIR> d——– D:\Program Files\K-Lite Codec Pack
    2007-12-30 04:38 . 2007-12-30 04:38 <DIR> d——– D:\Program Files\The File Splitter 1.31
    2007-12-27 13:30 . 2007-12-27 13:30 <DIR> d——– D:\Documents and Settings\Amin\Application Data\Nero
    2007-12-27 13:26 . 2007-12-27 13:26 <DIR> d——– D:\Program Files\Nero
    2007-12-27 13:26 . 2008-01-20 07:11 <DIR> d——– D:\Program Files\Common Files\Nero
    2007-12-27 13:26 . 2007-12-27 13:26 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Nero
    2007-12-27 09:35 . 2008-01-15 01:10 <DIR> d——– D:\Program Files\mIRC
    2007-12-27 09:35 . 2008-01-15 02:24 <DIR> d——– D:\Documents and Settings\Amin\Application Data\mIRC
    2007-12-27 03:31 . 2008-01-19 06:38 92 –a—— D:\WINDOWS\WININIT.INI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-20 07:08 ——— d—–w D:\Program Files\DivX
    2008-01-20 06:57 ——— d—a-w D:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-19 02:00 ——— d—–w D:\Program Files\QuickTime
    2008-01-18 09:21 ——— d—–w D:\Program Files\iTunes
    2008-01-15 01:10 ——— d—–w D:\Program Files\PartyGaming
    2008-01-10 03:39 ——— d—–w D:\Program Files\DivX Subtitle Displayer
    2008-01-05 21:24 ——— d—–w D:\Documents and Settings\Amin\Application Data\Azureus
    2008-01-05 04:13 ——— d—–w D:\Program Files\MegaSpoof
    2007-12-27 08:31 ——— d—–w D:\Program Files\Azureus
    2007-12-27 06:51 ——— d—–w D:\Program Files\windamas
    2007-12-27 02:36 ——— d–h–w D:\Program Files\InstallShield Installation Information
    2007-12-27 02:34 ——— d—–w D:\Program Files\Common Files\InstallShield
    2007-12-19 23:05 ——— d—–w D:\Program Files\3D Checkers
    2007-12-18 22:33 ——— d—–w D:\Program Files\iPod
    2007-12-18 22:32 ——— d—–w D:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-18 22:31 ——— d—–w D:\Program Files\Apple Software Update
    2007-12-18 22:31 ——— d—–w D:\Documents and Settings\All Users\Application Data\Apple
    2007-12-16 04:04 ——— d—–w D:\Program Files\Easiestutils
    2007-12-11 05:49 ——— d—–w D:\Documents and Settings\Amin\Application Data\dvdcss
    2007-12-07 06:03 ——— d—–w D:\Program Files\MadCheckers
    2007-11-26 17:21 ——— d—–w D:\Documents and Settings\All Users\Application Data\Trymedia
    2007-11-26 08:20 ——— d—–w D:\Program Files\CGN
    2007-11-21 12:04 ——— d—–w D:\Program Files\Microsoft ActiveSync
    2007-11-21 10:26 ——— d—–w D:\Program Files\SlySoft
    2007-11-20 22:20 ——— d—–w D:\Program Files\BearShare Pro
    2007-11-20 02:36 ——— d—–w D:\Program Files\Common Files\Adobe
    2007-10-25 09:26 53,248 —-a-w D:\WINDOWS\bdoscandel.exe
    .
    [code:1:37789cb434]<pre>
    —-a-w 153,136 2008-01-18 20:09:34 D:\Program Files\Common Files\Nero\Lib\NeroCheck .exe
    —-a-w 158,208 2008-01-19 03:05:48 D:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
    </pre>[/code:1:37789cb434]


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54877DF1-BDF9-4ABA-B6DB-796B51D1B1F5}]
    D:\WINDOWS\system32\mljjg.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    –a—— 2006-09-28 20:21 57344 D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2007-09-25 01:11 132496 D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    –a—— 2007-10-10 06:28 36352 D:\Program Files\Winamp\winampa.exe


    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-17 18:27:04 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 23:25:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-20 23:27:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-20 22:26:50

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:29:29, on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)


    End of file - 3813 bytes
  • Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:b594c60e6a][b:b594c60e6a][code:1:b594c60e6a]
    File::
    D:\WINDOWS\system32\mljjg.dll

    RENV::
    <pre>
    —-a-w 153,136 2008-01-18 20:09:34 D:\Program Files\Common Files\Nero\Lib\NeroCheck .exe
    —-a-w 158,208 2008-01-19 03:05:48 D:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
    </pre>
    Registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54877DF1-BDF9-4ABA-B6DB-796B51D1B1F5}]



    [/code:1:b594c60e6a][/color:b594c60e6a][/b:b594c60e6a]

    [/list:u:b594c60e6a]Sla dit op op je Bureaublad als [b:b594c60e6a]CFScript.txt[/b:b594c60e6a].

    Sleep [b:b594c60e6a]CFScript.txt[/b:b594c60e6a] in [b:b594c60e6a]ComboFix.exe[/b:b594c60e6a] zoals getoond in onderstaand voorbeeld :

    [img:b594c60e6a]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:b594c60e6a]

    Dit zal [b:b594c60e6a]ComboFix[/b:b594c60e6a] doen herstarten.

    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:b594c60e6a]Combofix.txt[/b:b594c60e6a] in je volgende antwoord.
  • Nieuwe combofixje :wink:

    ComboFix 08-01-21.3 - Amin 2008-01-22 1:46:06.2 - NTFSx86
    Running from: D:\Documents and Settings\Amin\Desktop\ComboFix.exe
    Command switches used :: D:\Documents and Settings\Amin\Desktop\CFScript.txt.txt
    * Created a new restore point

    [b:41b5b25cc1]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b:41b5b25cc1][/color:41b5b25cc1]

    FILE
    D:\WINDOWS\system32\mljjg.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Documents and Settings\Amin\Application Data\dach100.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
    .

    2008-01-21 06:08 . 2008-01-07 14:29 352 –ah—– D:\WINDOWS
    od32fixtemdono.reg
    2008-01-21 01:33 . 2008-01-21 05:34 <DIR> d——– D:\WINDOWS\SxsCaPendDel
    2008-01-21 01:24 . 2008-01-21 01:24 <DIR> d——– D:\Program Files\ToniArts
    2008-01-20 23:39 . 2003-04-06 17:19 155,648 –a—— D:\WINDOWS\system32\igfxtray.exe
    2008-01-20 23:35 . 2003-04-06 17:07 114,688 –a—— D:\WINDOWS\system32\hkcmd.exe
    2008-01-20 23:11 . 2000-08-31 08:00 51,200 –a—— D:\WINDOWS\NirCmd.exe
    2008-01-20 23:09 . 2008-01-20 23:09 <DIR> d——– D:\Program Files\Trend Micro
    2008-01-20 07:45 . 2008-01-20 07:45 <DIR> d——– D:\Program Files\Ashampoo
    2008-01-20 01:38 . 2008-01-21 04:06 <DIR> d——– D:\Program Files\CCleaner
    2008-01-19 07:19 . 2008-01-20 08:01 210 –ah—– D:\WINDOWS\sysdata.dat
    2008-01-19 07:18 . 2008-01-21 01:50 282 –ah—– D:\WINDOWS\wininf.dat
    2008-01-19 07:17 . 2008-01-19 07:19 <DIR> d——– D:\Program Files\Dachshund Software
    2008-01-19 07:17 . 2008-01-21 17:53 218 –ah—– D:\WINDOWS\winshell.dat
    2008-01-19 07:02 . 2008-01-20 08:09 <DIR> d——– D:\Program Files\Spyware Doctor
    2008-01-19 04:05 . 2008-01-19 04:05 158,208 –a–c— D:\WINDOWS\system32\dllcache\msconfig.exe
    2008-01-19 02:41 . 2008-01-19 03:01 <DIR> d——– D:\WINDOWS\BDOSCAN8
    2008-01-02 22:26 . 2008-01-02 22:26 38 –a—— D:\WINDOWS\avisplitter.INI
    2007-12-30 05:13 . 2007-12-30 05:13 <DIR> d——– D:\Program Files\K-Lite Codec Pack
    2007-12-30 04:38 . 2007-12-30 04:38 <DIR> d——– D:\Program Files\The File Splitter 1.31
    2007-12-27 13:26 . 2007-12-27 13:26 <DIR> d——– D:\Program Files\Nero
    2007-12-27 13:26 . 2008-01-20 07:11 <DIR> d——– D:\Program Files\Common Files\Nero
    2007-12-27 09:35 . 2008-01-15 01:10 <DIR> d——– D:\Program Files\mIRC
    2007-12-27 03:31 . 2008-01-19 06:38 92 –a—— D:\WINDOWS\WININIT.INI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-21 03:36 ——— d—–w D:\Program Files\DivX
    2008-01-21 00:24 ——— d–h–w D:\Program Files\InstallShield Installation Information
    2008-01-19 03:05 158,208 —-a-w D:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
    2008-01-19 02:00 ——— d—–w D:\Program Files\QuickTime
    2008-01-18 09:21 ——— d—–w D:\Program Files\iTunes
    2008-01-15 01:10 ——— d—–w D:\Program Files\PartyGaming
    2008-01-10 03:39 ——— d—–w D:\Program Files\DivX Subtitle Displayer
    2008-01-05 04:13 ——— d—–w D:\Program Files\MegaSpoof
    2007-12-27 08:31 ——— d—–w D:\Program Files\Azureus
    2007-12-27 06:51 ——— d—–w D:\Program Files\windamas
    2007-12-27 02:34 ——— d—–w D:\Program Files\Common Files\InstallShield
    2007-12-21 07:21 71,176 —-a-w D:\WINDOWS\system32\drivers\epfw.sys
    2007-12-21 07:21 53,768 —-a-w D:\WINDOWS\system32\drivers\epfwtdi.sys
    2007-12-21 07:21 30,728 —-a-w D:\WINDOWS\system32\drivers\epfwndis.sys
    2007-12-21 07:20 30,216 —-a-w D:\WINDOWS\system32\drivers\easdrv.sys
    2007-12-21 07:19 39,944 —-a-w D:\WINDOWS\system32\drivers\eamon.sys
    2007-12-19 23:05 ——— d—–w D:\Program Files\3D Checkers
    2007-12-18 22:33 ——— d—–w D:\Program Files\iPod
    2007-12-18 22:31 ——— d—–w D:\Program Files\Apple Software Update
    2007-12-16 04:04 ——— d—–w D:\Program Files\Easiestutils
    2007-12-07 17:28 7,680 —-a-w D:\WINDOWS\system32\ff_vfw.dll
    2007-12-07 06:03 ——— d—–w D:\Program Files\MadCheckers
    2007-12-04 01:33 682,496 —-a-w D:\WINDOWS\system32\divx.dll
    2007-11-29 22:30 3,596,288 —-a-w D:\WINDOWS\system32\qt-dx331.dll
    2007-11-29 22:30 200,704 —-a-w D:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 —-a-w D:\WINDOWS\system32\libdivx.dll
    2007-11-29 22:28 81,920 —-a-w D:\WINDOWS\system32\dpl100.dll
    2007-11-26 08:20 ——— d—–w D:\Program Files\CGN
    2007-11-21 10:26 34,308 —-a-w D:\WINDOWS\system32\Chip.dll
    2007-10-25 09:26 53,248 —-a-w D:\WINDOWS\bdoscandel.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2003-04-06 17:19 155648]
    "HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2003-04-06 17:07 114688]
    "egui"="D:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360]

    D:\Documents and Settings\Amin\Start Menu\Programs\Startup\
    AntiCrash.lnk - D:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 12:00:44 2301798]
    Hare.lnk - D:\Program Files\Dachshund Software\Hare\Hare.exe [2002-09-21 12:26:40 1874381]
    Zoom.lnk - D:\Program Files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 12:27:14 1446302]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    –a—— 2006-09-28 20:21 57344 D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2007-09-25 01:11 132496 D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    –a—— 2007-10-10 06:28 36352 D:\Program Files\Winamp\winampa.exe


    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-17 18:27:04 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-22 01:48:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-22 1:49:39
    ComboFix-quarantined-files.txt 2008-01-22 00:49:18
  • Netjes, mag ik ook een nieuw HJT logje aub
  • Het geluid van mijn pc dempt telkens vanzelf kan dit ook het gevolg zijn van een virusje?


    Nieuwe hijackthislogje :wink:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:06, on 2008-01-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\ESET\ESET Smart Security\ekrn.exe
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\Program Files\ESET\ESET Smart Security\egui.exe
    D:\WINDOWS\Integrator.exe
    D:\Program Files\VideoLAN\VLC\vlc.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Documents and Settings\Amin\Desktop\App\rapget\rapget.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AntiCrash.lnk = D:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
    O4 - Startup: Hare.lnk = D:\Program Files\Dachshund Software\Hare\Hare.exe
    O4 - Startup: Zoom.lnk = D:\Program Files\Dachshund Software\Zoom\Zoom.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)


    End of file - 4915 bytes
  • K'ga ervan uit dat mijn logje clean is dank voor je hulp :wink:
  • ja hoor,

    Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

    Verwijder ComboFix via [b:284c461ae0]Start[/b:284c461ae0] > [b:284c461ae0]Uitvoeren[/b:284c461ae0], kopiëer en plak [b:284c461ae0]Combofix /U[/b:284c461ae0] klik op OK of toets Enter.
    Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

    [img:284c461ae0]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:284c461ae0]
  • Is al gebeurd bedankt voor je hulp juisterr :wink:
  • Dat is mooi. :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.