Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

PC heel langzaam geworden

None
9 antwoorden
  • Wie wil even naar dit hijackthis logje kijken?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:44:57, on 5-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\oodag.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender8\bdswitch.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hitman Pro\srhelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Nikon\NkView4\NkVwMon.exe
    C:\Program Files\Casema SnelHelp\bin\mpbtn.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender8\vsserv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\Documents and Settings\Marcel\Application Data\U3\0000160EF17079C7\LaunchPad.exe
    H:\ATF-cleaner\ATF-Cleaner.exe
    H:\totalcmd\TOTALCMD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://klant.casema.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zonnet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblnzfk.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchTool
    sh17.dll
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [{8B-BB-B7-7E-ZN}] C:\windows\system32\dwdsregt.exe CHA001
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\asysljiz.exe CHA001
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\RunServices: [Realplayer One] realplay.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: TA_Start.lnk = ?
    O4 - Startup: Think-Adz.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe
    O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
    O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http:/
    edirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://www.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/co…oScopeLite.cab
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


    End of file - 10686 bytes

    Al vast bedankt!
  • Volg deze[/color:f184eb6680] instructies om [b:f184eb6680]ComboFix[/b:f184eb6680] te downloaden:
    [list:f184eb6680]
    Voer de instructies op de BleepingComputer pagina uit, [i:f184eb6680]inclusief het installeren van de XP Recovery Console[/i:f184eb6680]
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
    schakel dan deze scanner uit en [b:f184eb6680]download Combofix opnieuw.[/b:f184eb6680]
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    [list:f184eb6680]
    Dubbelklik op [b:f184eb6680]Combofix.exe[/b:f184eb6680]
    Tijdens het runnen van de fix, [b:f184eb6680]NIET[/b:f184eb6680] in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log [b:f184eb6680]Combofix.txt[/b:f184eb6680] openen.
    [/list:u:f184eb6680]

    [i:f184eb6680]Plaats deze log in je volgende post, samen met een vers HijackThis logje.[/i:f184eb6680][/list:u:f184eb6680]

    Succes!
    Pim
  • ComboFix 08-03-06.4 - Marcel 2008-03-07 8:33:57.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.303 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Marcel\Bureaublad\combofix.exe
    * Nieuw herstelpunt werd aangemaakt

    [b:66ba908586]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:66ba908586][/color:66ba908586]
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Diana\Menu Start\Programma's\Opstarten\TA_Start.lnk
    C:\Documents and Settings\Marcel\err.log
    C:\WINDOWS\system32\dwdsregt.exe
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\winpfz32.sys
    C:\WINDOWS\system32\zxdnt3d.cfg

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))
    .

    2008-03-05 12:11 . 2008-03-05 12:11 <DIR> d——– C:\Documents and Settings\Diana\Application Data\TuneUp Software
    2008-03-05 12:11 . 2008-03-05 12:11 306,432 –a—— C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe
    2008-03-05 12:11 . 2007-12-20 10:41 29,440 –a—— C:\WINDOWS\SYSTEM32\uxtuneup.dll
    2008-03-05 12:10 . 2008-03-05 12:11 <DIR> d——– C:\Program Files\TuneUp Utilities 2008
    2008-03-05 12:10 . 2008-03-05 12:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-03-05 12:03 . 2008-03-05 12:03 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-05 11:49 . 2008-03-05 11:49 <DIR> d——– C:\Documents and Settings\Diana\Application Data\U3
    2008-03-05 11:44 . 2008-03-05 11:44 <DIR> d——– C:\Documents and Settings\Diana\Application Data\PC Suite
    2008-03-05 09:52 . 2008-03-05 09:52 <DIR> dr-h—– C:\Documents and Settings\Marcel\Onlangs geopend
    2008-03-05 09:44 . 2008-03-05 09:44 <DIR> d——– C:\Program Files\Trend Micro
    2008-03-05 09:44 . 2008-03-05 09:44 <DIR> d——– C:\Program Files\CCleaner
    2008-03-05 09:43 . 2008-03-05 12:38 2,318 –a—— C:\WINDOWS\WINCMD.INI
    2008-03-05 09:41 . 2008-03-05 09:52 <DIR> d——– C:\Documents and Settings\Marcel\Application Data\U3

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-05 10:43 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-03-05 10:37 ——— d—–w C:\Program Files\Java
    2008-03-05 08:53 ——— d—–w C:\Program Files\Microsoft AntiSpyware
    2008-03-05 08:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-05 08:50 ——— d—–w C:\Program Files\Hitman Pro
    2008-03-05 08:42 49 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb41.dat
    2008-03-05 08:42 381 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb1942.dat
    2008-03-05 08:38 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-24 22:55 14 —-a-w C:\Documents and Settings\Marcel\getfile.dat
    2008-02-24 18:27 0 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb8461.dat
    2008-02-23 14:07 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-02-23 13:04 ——— d—–w C:\Program Files\Google
    2008-02-03 19:08 ——— d—–w C:\Program Files\Windows Live Toolbar
    2008-01-20 22:15 ——— d—–w C:\Program Files\MP3 Player Utilities 3.79
    2007-12-07 02:18 824,832 —-a-w C:\WINDOWS\SYSTEM32\wininet.dll
    2007-02-23 13:25 20,480 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb4827.dat
    2007-01-02 23:23 9,216 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb8467.dat
    2007-01-02 23:23 0 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb6334.dat
    2007-01-02 23:20 0 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb5436.dat
    2006-09-25 19:46 27,904 —-a-w C:\Documents and Settings\Marcel\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}]
    2007-01-03 00:24 417792 –a—— C:\WINDOWS\system32\tcblnzfk.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
    "Start WingMan Profiler"="" []
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "NVIDIA Video drivers"="video_32sD.exe" []
    "Microsoft media services"="winmplayer.exe" []
    "Realplayer One"="realplay.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
    "NVIDIA Video drivers"="video_32sD.exe" []
    "NAV Auto Protect"="spoole32.exe" []
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 12:33:22 581693]
    DriveSelect.lnk - C:\Program Files\321Studios\Xpress\DriveSelect.exe [2003-05-05 20:19:37 217088]
    NkVwMon.exe.lnk - C:\Program Files\Nikon\NkView4\NkVwMon.exe [2002-09-21 21:11:18 114688]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 08:23]
    R2 U3sHlpDr;U3sHlpDr;C:\WINDOWS\System32\Drivers\U3sHlpDr.sys [2004-10-10 20:56]
    R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03]
    S2 FILESpy;FILESpy;C:C:\Program Files\Softwin\BitDefender8\filespy.sys []
    S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 08:23]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-05 12:11]
    S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-05 11:11:18 C:\WINDOWS\Tasks\Easy Onderhoud.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    "2007-09-07 17:40:21 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-07 08:35:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-03-07 8:36:40
    ComboFix-quarantined-files.txt 2008-03-07 07:36:25
    .
    2008-02-20 21:14:46 — E O F —
  • Tijdens het installeren van de recovery console ging er iets mis en dat heb ik dus nog niet voor elkaar.


    Hier nog een verse log van HJT:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:45:34, on 7-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Nikon\NkView4\NkVwMon.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zonnet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblnzfk.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\RunServices: [Realplayer One] realplay.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
    O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin
    pjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin
    pjpi160_03.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http:/
    edirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://www.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


    End of file - 7476 bytes
  • Ik zie al wat er fout ging, en de recovery console staat er nu op denk ik.

    Er werd gevraagd om het volgende te plaatsen:

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • Inmiddels heeft ESET nod32 de volgende infecties verwijderd:

    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dwdsregt.exe.vir - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1]
    C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP35\A0019502.exe - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe » NSIS » ý€ - Win32/Adware.SmartShopper application - was a part of the deleted object
    C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe » NSIS » SearchTool.dll - Win32/Adware.SmartShopper application - was a part of the deleted object
    C:\WINDOWS\18-979cccfcc7622e89302a49c23b6fa37a.exe » NSIS » br_rt.dll - probably a variant of Win32/Adware.Agent application - was a part of the deleted object
    C:\WINDOWS\19-13830fd1a8a5137f57332f003822f774.exe - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\mirar_distro_876088.exe - probably a variant of Win32/Adware.Agent application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\sideb.exe - Win32/Adware.EliteBar application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\SoftwareDistribution\EventCache\{952C51D1-730A-46DE-935D-8B2110D9072A}.bin - error opening [4]
    C:\WINDOWS\SYSTEM32\asysljiz.exe - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\SYSTEM32
    pdsregq.exe - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\SYSTEM32\qwinqoea.exe - Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\SYSTEM32\qwinqoeb.exe - Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\SYSTEM32\SearchTool
    sh17.dll - Win32/Adware.SmartShopper application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\SYSTEM32\SearchTool\SearchTool.dll - Win32/Adware.SmartShopper application - cleaned by deleting - quarantined [1]
    C:\WINDOWS\SYSTEM32\SmartShopper\SmartShopper0.dll - Win32/Adware.SmartShopper application - cleaned by deleting - quarantined [1]

    Number of scanned objects: 128549
    Number of threats found: 15
    Time of completion: 14:31:10 Total scanning time: 4029 sec (01:07:09)
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:4cc4335296]
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start WingMan Profiler"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "NVIDIA Video drivers"=-
    "Microsoft media services"=-
    "Realplayer One"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA Video drivers"=-
    "NAV Auto Protect"=-

    Driver::
    FILESpy
    [/b:4cc4335296]
    Sla dit op op je Bureaublad als [b:4cc4335296]CFScript.txt[/b:4cc4335296]

    Sleep [b:4cc4335296]CFScript.txt[/b:4cc4335296] in [b:4cc4335296]ComboFix.exe[/b:4cc4335296] zoals getoond in onderstaand voorbeeld :

    [img:4cc4335296]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:4cc4335296]

    Dit zal [b:4cc4335296]ComboFix[/b:4cc4335296] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:4cc4335296]Combofix.txt[/b:4cc4335296] in je volgende antwoord samen met een nieuw HijackThislogje.

    Nog problemen?
  • Oke, bovenstaande gedaan en na een herstart kwam de log:

    ComboFix 08-03-06.4 - Marcel 2008-03-08 14:57:43.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.196 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Marcel\Bureaublad\combofix.exe
    Command switches used :: C:\Documents and Settings\Marcel\Bureaublad\CFScript.txt.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))
    .

    2008-03-07 13:23 . 2008-03-08 15:01 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-03-07 13:23 . 2008-03-08 14:59 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-03-07 13:23 . 2008-03-07 13:23 268 –ah—– C:\sqmdata01.sqm
    2008-03-07 13:23 . 2008-03-07 13:23 244 –ah—– C:\sqmnoopt01.sqm
    2008-03-07 11:01 . 2008-03-07 11:01 268 –ah—– C:\sqmdata00.sqm
    2008-03-07 11:01 . 2008-03-07 11:01 244 –ah—– C:\sqmnoopt00.sqm
    2008-03-07 11:00 . 2008-03-07 11:00 <DIR> d——– C:\Program Files\ESET
    2008-03-07 11:00 . 2008-03-07 11:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2008-03-07 10:54 . 2004-09-29 12:07 113,538 -ra—— C:\WINDOWS\SYSTEM32\DRIVERS\mdusb.out
    2008-03-07 10:54 . 2004-09-29 12:07 83,552 -ra—— C:\WINDOWS\SYSTEM32\DRIVERS\m4301A.sys
    2008-03-05 12:11 . 2008-03-05 12:11 <DIR> d——– C:\Documents and Settings\Diana\Application Data\TuneUp Software
    2008-03-05 12:11 . 2008-03-05 12:11 306,432 –a—— C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe
    2008-03-05 12:11 . 2007-12-20 10:41 29,440 –a—— C:\WINDOWS\SYSTEM32\uxtuneup.dll
    2008-03-05 12:10 . 2008-03-05 12:11 <DIR> d——– C:\Program Files\TuneUp Utilities 2008
    2008-03-05 12:10 . 2008-03-05 12:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-03-05 12:03 . 2008-03-05 12:03 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-05 11:49 . 2008-03-05 11:49 <DIR> d——– C:\Documents and Settings\Diana\Application Data\U3
    2008-03-05 11:44 . 2008-03-05 11:44 <DIR> d——– C:\Documents and Settings\Diana\Application Data\PC Suite
    2008-03-05 09:52 . 2008-03-08 14:56 <DIR> dr-h—– C:\Documents and Settings\Marcel\Onlangs geopend
    2008-03-05 09:44 . 2008-03-05 09:44 <DIR> d——– C:\Program Files\Trend Micro
    2008-03-05 09:44 . 2008-03-05 09:44 <DIR> d——– C:\Program Files\CCleaner
    2008-03-05 09:43 . 2008-03-07 13:15 2,241 –a—— C:\WINDOWS\WINCMD.INI
    2008-03-05 09:41 . 2008-03-05 09:52 <DIR> d——– C:\Documents and Settings\Marcel\Application Data\U3

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-08 14:01 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-03-07 14:00 ——— d—–w C:\Program Files\Norton Security Scan
    2008-03-05 10:43 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-03-05 10:37 ——— d—–w C:\Program Files\Java
    2008-03-05 08:53 ——— d—–w C:\Program Files\Microsoft AntiSpyware
    2008-03-05 08:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-05 08:50 ——— d—–w C:\Program Files\Hitman Pro
    2008-03-05 08:42 49 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb41.dat
    2008-03-05 08:42 381 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb1942.dat
    2008-03-05 08:38 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-24 22:55 14 —-a-w C:\Documents and Settings\Marcel\getfile.dat
    2008-02-24 18:27 0 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb8461.dat
    2008-02-23 14:07 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-02-23 13:04 ——— d—–w C:\Program Files\Google
    2008-02-03 19:08 ——— d—–w C:\Program Files\Windows Live Toolbar
    2008-01-20 22:15 ——— d—–w C:\Program Files\MP3 Player Utilities 3.79
    2007-02-23 13:25 20,480 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb4827.dat
    2007-01-02 23:23 9,216 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb8467.dat
    2007-01-02 23:23 0 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb6334.dat
    2007-01-02 23:20 0 —-a-w C:\Documents and Settings\Marcel\Application Data\internaldb5436.dat
    2006-09-25 19:46 27,904 —-a-w C:\Documents and Settings\Marcel\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-07_ 8.36.11,12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2000-08-31 07:00:00 163,328 —-a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-03-07 10:01:29 10,134 —-a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe
    + 2008-03-07 10:01:29 136,448 —-a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe
    + 2007-12-21 07:19:54 39,944 —-a-w C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys
    + 2007-12-21 07:20:14 30,216 —-a-w C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys
    + 2007-12-21 07:21:56 33,800 —-a-w C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys
    - 2007-02-22 13:39:48 1,476,992 ——w C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    + 2007-10-11 13:12:48 1,468,968 —-a-w C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-08 15:05 77824]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 12:33:22 581693]
    DriveSelect.lnk - C:\Program Files\321Studios\Xpress\DriveSelect.exe [2003-05-05 20:19:37 217088]
    NkVwMon.exe.lnk - C:\Program Files\Nikon\NkView4\NkVwMon.exe [2002-09-21 21:11:18 114688]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 08:23]
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
    R2 U3sHlpDr;U3sHlpDr;C:\WINDOWS\System32\Drivers\U3sHlpDr.sys [2004-10-10 20:56]
    R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03]
    R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;C:\WINDOWS\system32\DRIVERS\m4301A.sys [2004-09-29 12:07]
    S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 08:23]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-05 12:11]
    S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde52d26-ea8f-11dc-9507-0008a1997ebc}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-05 11:11:18 C:\WINDOWS\Tasks\Easy Onderhoud.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    "2008-03-07 14:14:30 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-08 15:01:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-03-08 15:04:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-08 14:04:05
    ComboFix2.txt 2008-03-07 07:36:41
    .
    2008-02-20 21:14:46 — E O F —



    ——————



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:09:08, on 8-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Nikon\NkView4\NkVwMon.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zonnet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
    O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http:/
    edirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://www.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


    End of file - 7536 bytes


    ————————

    De PC is al heel veel sneller nu !
    Het is boeiend om te zien hoe Combofix e.e.a. weet te fixen.
    Bedankt voor de hulp !
  • Let wel op dat je volgende keer de instructies juist uitvoert, je hebt het tekstbestand nu opgeslagen als [b:8cd4de0e20]CFScript.txt.txt[/b:8cd4de0e20]. Toch lijkt het gewerkt te hebben :)

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:8cd4de0e20]combofix /u[/b:8cd4de0e20]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    De Java software op je computer is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
    Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
    Download [b:8cd4de0e20]Java Runtime Environment (JRE) 6u5[/color:8cd4de0e20][/b:8cd4de0e20].
    [list:8cd4de0e20][*:8cd4de0e20]Scroll omlaag naar : "[i:8cd4de0e20]Java Runtime Environment (JRE) 6u5[/i:8cd4de0e20]".
    [*:8cd4de0e20]Klik op de "[b:8cd4de0e20]Download[/b:8cd4de0e20]" knop aan de rechterkant.
    [*:8cd4de0e20]In het uitklapmenu rechts naast [b:8cd4de0e20]Platform[/b:8cd4de0e20], selecteer [b:8cd4de0e20]Windows[/b:8cd4de0e20][/color:8cd4de0e20]
    [*:8cd4de0e20]Vink aan: "[i:8cd4de0e20]I agree to the Java SE Runtime Environment 6 License Agreement[/i:8cd4de0e20]", en klik op [b:8cd4de0e20]Continue[/b:8cd4de0e20].
    [*:8cd4de0e20]De pagina zal herladen.
    [*:8cd4de0e20]Klik op de [b:8cd4de0e20]jre-6u5-windows-i586-p.exe[/b:8cd4de0e20] link ONDER [b:8cd4de0e20]Windows Offline Installation[/b:8cd4de0e20] en bewaar het naar je Bureaublad.
    [*:8cd4de0e20]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:8cd4de0e20]Ga dan naar [b:8cd4de0e20]Start[/b:8cd4de0e20] > [b:8cd4de0e20]Configuratiescherm[/b:8cd4de0e20] > [b:8cd4de0e20]Software[/b:8cd4de0e20] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:8cd4de0e20]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:8cd4de0e20]Klik dan op [b:8cd4de0e20]Verwijderen[/b:8cd4de0e20] of op de [b:8cd4de0e20]Wijzig/Verwijder[/b:8cd4de0e20] knop.
    [*:8cd4de0e20]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:8cd4de0e20]Na het verwijderen van alle oudere versies, [b:8cd4de0e20]herstart[/b:8cd4de0e20] je pc.
    [*:8cd4de0e20]Dubbelklik vervolgens op [b:8cd4de0e20]jre-6u5-windows-i586-p.exe[/b:8cd4de0e20] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:8cd4de0e20]

    Nog problemen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.