Vraag & Antwoord

Beveiliging & privacy

PC heel langzaam geworden

9 antwoorden
  • Wie wil even naar dit hijackthis logje kijken? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:44:57, on 5-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\oodag.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Softwin\BitDefender8\bdswitch.exe C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hitman Pro\srhelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Nikon\NkView4\NkVwMon.exe C:\Program Files\Casema SnelHelp\bin\mpbtn.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Documents and Settings\Marcel\Application Data\U3\0000160EF17079C7\LaunchPad.exe H:\ATF-cleaner\ATF-Cleaner.exe H:\totalcmd\TOTALCMD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://klant.casema.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zonnet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblnzfk.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchTool\nsh17.dll O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [{8B-BB-B7-7E-ZN}] C:\windows\system32\dwdsregt.exe CHA001 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\asysljiz.exe CHA001 O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe O4 - HKLM\..\RunServices: [Realplayer One] realplay.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TA_Start.lnk = ? O4 - Startup: Think-Adz.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://www.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/co...oScopeLite.cab O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 10686 bytes Al vast bedankt!
  • Volg [color=blue:f184eb6680][url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze[/url][/color:f184eb6680] instructies om [b:f184eb6680]ComboFix[/b:f184eb6680] te downloaden: [list:f184eb6680] Voer de instructies op de BleepingComputer pagina uit, [i:f184eb6680]inclusief het installeren van de XP Recovery Console[/i:f184eb6680] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:f184eb6680]download Combofix opnieuw.[/b:f184eb6680] Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! [list:f184eb6680] Dubbelklik op [b:f184eb6680]Combofix.exe[/b:f184eb6680] Tijdens het runnen van de fix, [b:f184eb6680]NIET[/b:f184eb6680] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:f184eb6680]Combofix.txt[/b:f184eb6680] openen. [/list:u:f184eb6680] [i:f184eb6680]Plaats deze log in je volgende post, samen met een vers HijackThis logje.[/i:f184eb6680][/list:u:f184eb6680] Succes! Pim
  • ComboFix 08-03-06.4 - Marcel 2008-03-07 8:33:57.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.303 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Marcel\Bureaublad\combofix.exe * Nieuw herstelpunt werd aangemaakt [color=red:66ba908586][b:66ba908586]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:66ba908586][/color:66ba908586] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Diana\Menu Start\Programma's\Opstarten\TA_Start.lnk C:\Documents and Settings\Marcel\err.log C:\WINDOWS\system32\dwdsregt.exe C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\winpfz32.sys C:\WINDOWS\system32\zxdnt3d.cfg . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))) . 2008-03-05 12:11 . 2008-03-05 12:11 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\TuneUp Software 2008-03-05 12:11 . 2008-03-05 12:11 306,432 --a------ C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe 2008-03-05 12:11 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\SYSTEM32\uxtuneup.dll 2008-03-05 12:10 . 2008-03-05 12:11 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-03-05 12:10 . 2008-03-05 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-05 12:03 . 2008-03-05 12:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-05 11:49 . 2008-03-05 11:49 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\U3 2008-03-05 11:44 . 2008-03-05 11:44 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\PC Suite 2008-03-05 09:52 . 2008-03-05 09:52 <DIR> dr-h----- C:\Documents and Settings\Marcel\Onlangs geopend 2008-03-05 09:44 . 2008-03-05 09:44 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-05 09:44 . 2008-03-05 09:44 <DIR> d-------- C:\Program Files\CCleaner 2008-03-05 09:43 . 2008-03-05 12:38 2,318 --a------ C:\WINDOWS\WINCMD.INI 2008-03-05 09:41 . 2008-03-05 09:52 <DIR> d-------- C:\Documents and Settings\Marcel\Application Data\U3 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-05 10:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-05 10:37 --------- d-----w C:\Program Files\Java 2008-03-05 08:53 --------- d-----w C:\Program Files\Microsoft AntiSpyware 2008-03-05 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-05 08:50 --------- d-----w C:\Program Files\Hitman Pro 2008-03-05 08:42 49 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb41.dat 2008-03-05 08:42 381 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb1942.dat 2008-03-05 08:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 22:55 14 ----a-w C:\Documents and Settings\Marcel\getfile.dat 2008-02-24 18:27 0 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb8461.dat 2008-02-23 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-02-23 13:04 --------- d-----w C:\Program Files\Google 2008-02-03 19:08 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-01-20 22:15 --------- d-----w C:\Program Files\MP3 Player Utilities 3.79 2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll 2007-02-23 13:25 20,480 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb4827.dat 2007-01-02 23:23 9,216 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb8467.dat 2007-01-02 23:23 0 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb6334.dat 2007-01-02 23:20 0 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb5436.dat 2006-09-25 19:46 27,904 ----a-w C:\Documents and Settings\Marcel\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}] 2007-01-03 00:24 417792 --a------ C:\WINDOWS\system32\tcblnzfk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "Start WingMan Profiler"="" [] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "NVIDIA Video drivers"="video_32sD.exe" [] "Microsoft media services"="winmplayer.exe" [] "Realplayer One"="realplay.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] "NVIDIA Video drivers"="video_32sD.exe" [] "NAV Auto Protect"="spoole32.exe" [] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 12:33:22 581693] DriveSelect.lnk - C:\Program Files\321Studios\Xpress\DriveSelect.exe [2003-05-05 20:19:37 217088] NkVwMon.exe.lnk - C:\Program Files\Nikon\NkView4\NkVwMon.exe [2002-09-21 21:11:18 114688] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 08:23] R2 U3sHlpDr;U3sHlpDr;C:\WINDOWS\System32\Drivers\U3sHlpDr.sys [2004-10-10 20:56] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03] S2 FILESpy;FILESpy;C:C:\Program Files\Softwin\BitDefender8\filespy.sys [] S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 08:23] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-05 12:11] S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map "2008-03-05 11:11:18 C:\WINDOWS\Tasks\Easy Onderhoud.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2007-09-07 17:40:21 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-07 08:35:47 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-07 8:36:40 ComboFix-quarantined-files.txt 2008-03-07 07:36:25 . 2008-02-20 21:14:46 --- E O F ---
  • Tijdens het installeren van de recovery console ging er iets mis en dat heb ik dus nog niet voor elkaar. Hier nog een verse log van HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:45:34, on 7-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Nikon\NkView4\NkVwMon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zonnet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblnzfk.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe O4 - HKLM\..\RunServices: [Realplayer One] realplay.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://www.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7476 bytes
  • Ik zie al wat er fout ging, en de recovery console staat er nu op denk ik. Er werd gevraagd om het volgende te plaatsen: WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • Inmiddels heeft ESET nod32 de volgende infecties verwijderd: C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dwdsregt.exe.vir - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1] C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP35\A0019502.exe - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1] C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe » NSIS » ý€ - Win32/Adware.SmartShopper application - was a part of the deleted object C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe » NSIS » SearchTool.dll - Win32/Adware.SmartShopper application - was a part of the deleted object C:\WINDOWS\18-979cccfcc7622e89302a49c23b6fa37a.exe » NSIS » br_rt.dll - probably a variant of Win32/Adware.Agent application - was a part of the deleted object C:\WINDOWS\19-13830fd1a8a5137f57332f003822f774.exe - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1] C:\WINDOWS\mirar_distro_876088.exe - probably a variant of Win32/Adware.Agent application - cleaned by deleting - quarantined [1] C:\WINDOWS\sideb.exe - Win32/Adware.EliteBar application - cleaned by deleting - quarantined [1] C:\WINDOWS\SoftwareDistribution\EventCache\{952C51D1-730A-46DE-935D-8B2110D9072A}.bin - error opening [4] C:\WINDOWS\SYSTEM32\asysljiz.exe - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1] C:\WINDOWS\SYSTEM32\npdsregq.exe - a variant of Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1] C:\WINDOWS\SYSTEM32\qwinqoea.exe - Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1] C:\WINDOWS\SYSTEM32\qwinqoeb.exe - Win32/Adware.ZenoSearch application - cleaned by deleting - quarantined [1] C:\WINDOWS\SYSTEM32\SearchTool\nsh17.dll - Win32/Adware.SmartShopper application - cleaned by deleting - quarantined [1] C:\WINDOWS\SYSTEM32\SearchTool\SearchTool.dll - Win32/Adware.SmartShopper application - cleaned by deleting - quarantined [1] C:\WINDOWS\SYSTEM32\SmartShopper\SmartShopper0.dll - Win32/Adware.SmartShopper application - cleaned by deleting - quarantined [1] Number of scanned objects: 128549 Number of threats found: 15 Time of completion: 14:31:10 Total scanning time: 4029 sec (01:07:09)
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:4cc4335296] Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "NVIDIA Video drivers"=- "Microsoft media services"=- "Realplayer One"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "NVIDIA Video drivers"=- "NAV Auto Protect"=- Driver:: FILESpy [/b:4cc4335296] Sla dit op op je Bureaublad als [b:4cc4335296]CFScript.txt[/b:4cc4335296] Sleep [b:4cc4335296]CFScript.txt[/b:4cc4335296] in [b:4cc4335296]ComboFix.exe[/b:4cc4335296] zoals getoond in onderstaand voorbeeld : [img:4cc4335296]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:4cc4335296] Dit zal [b:4cc4335296]ComboFix[/b:4cc4335296] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:4cc4335296]Combofix.txt[/b:4cc4335296] in je volgende antwoord samen met een nieuw HijackThislogje. Nog problemen?
  • Oke, bovenstaande gedaan en na een herstart kwam de log: ComboFix 08-03-06.4 - Marcel 2008-03-08 14:57:43.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.196 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Marcel\Bureaublad\combofix.exe Command switches used :: C:\Documents and Settings\Marcel\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))) . 2008-03-07 13:23 . 2008-03-08 15:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-07 13:23 . 2008-03-08 14:59 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-07 13:23 . 2008-03-07 13:23 268 --ah----- C:\sqmdata01.sqm 2008-03-07 13:23 . 2008-03-07 13:23 244 --ah----- C:\sqmnoopt01.sqm 2008-03-07 11:01 . 2008-03-07 11:01 268 --ah----- C:\sqmdata00.sqm 2008-03-07 11:01 . 2008-03-07 11:01 244 --ah----- C:\sqmnoopt00.sqm 2008-03-07 11:00 . 2008-03-07 11:00 <DIR> d-------- C:\Program Files\ESET 2008-03-07 11:00 . 2008-03-07 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-07 10:54 . 2004-09-29 12:07 113,538 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\mdusb.out 2008-03-07 10:54 . 2004-09-29 12:07 83,552 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\m4301A.sys 2008-03-05 12:11 . 2008-03-05 12:11 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\TuneUp Software 2008-03-05 12:11 . 2008-03-05 12:11 306,432 --a------ C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe 2008-03-05 12:11 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\SYSTEM32\uxtuneup.dll 2008-03-05 12:10 . 2008-03-05 12:11 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-03-05 12:10 . 2008-03-05 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-05 12:03 . 2008-03-05 12:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-05 11:49 . 2008-03-05 11:49 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\U3 2008-03-05 11:44 . 2008-03-05 11:44 <DIR> d-------- C:\Documents and Settings\Diana\Application Data\PC Suite 2008-03-05 09:52 . 2008-03-08 14:56 <DIR> dr-h----- C:\Documents and Settings\Marcel\Onlangs geopend 2008-03-05 09:44 . 2008-03-05 09:44 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-05 09:44 . 2008-03-05 09:44 <DIR> d-------- C:\Program Files\CCleaner 2008-03-05 09:43 . 2008-03-07 13:15 2,241 --a------ C:\WINDOWS\WINCMD.INI 2008-03-05 09:41 . 2008-03-05 09:52 <DIR> d-------- C:\Documents and Settings\Marcel\Application Data\U3 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 14:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-07 14:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-03-05 10:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-05 10:37 --------- d-----w C:\Program Files\Java 2008-03-05 08:53 --------- d-----w C:\Program Files\Microsoft AntiSpyware 2008-03-05 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-05 08:50 --------- d-----w C:\Program Files\Hitman Pro 2008-03-05 08:42 49 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb41.dat 2008-03-05 08:42 381 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb1942.dat 2008-03-05 08:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 22:55 14 ----a-w C:\Documents and Settings\Marcel\getfile.dat 2008-02-24 18:27 0 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb8461.dat 2008-02-23 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-02-23 13:04 --------- d-----w C:\Program Files\Google 2008-02-03 19:08 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-01-20 22:15 --------- d-----w C:\Program Files\MP3 Player Utilities 3.79 2007-02-23 13:25 20,480 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb4827.dat 2007-01-02 23:23 9,216 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb8467.dat 2007-01-02 23:23 0 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb6334.dat 2007-01-02 23:20 0 ----a-w C:\Documents and Settings\Marcel\Application Data\internaldb5436.dat 2006-09-25 19:46 27,904 ----a-w C:\Documents and Settings\Marcel\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-03-07_ 8.36.11,12 ))))))))))))))))))))))))))))))))))))))))) . + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-03-07 10:01:29 10,134 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe + 2008-03-07 10:01:29 136,448 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe + 2007-12-21 07:19:54 39,944 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys + 2007-12-21 07:20:14 30,216 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys + 2007-12-21 07:21:56 33,800 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys - 2007-02-22 13:39:48 1,476,992 ------w C:\WINDOWS\SYSTEM32\LegitCheckControl.dll + 2007-10-11 13:12:48 1,468,968 ----a-w C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-08 15:05 77824] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 12:33:22 581693] DriveSelect.lnk - C:\Program Files\321Studios\Xpress\DriveSelect.exe [2003-05-05 20:19:37 217088] NkVwMon.exe.lnk - C:\Program Files\Nikon\NkView4\NkVwMon.exe [2002-09-21 21:11:18 114688] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 08:23] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21] R2 U3sHlpDr;U3sHlpDr;C:\WINDOWS\System32\Drivers\U3sHlpDr.sys [2004-10-10 20:56] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03] R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;C:\WINDOWS\system32\DRIVERS\m4301A.sys [2004-09-29 12:07] S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 08:23] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-05 12:11] S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde52d26-ea8f-11dc-9507-0008a1997ebc}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map "2008-03-05 11:11:18 C:\WINDOWS\Tasks\Easy Onderhoud.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-03-07 14:14:30 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-08 15:01:57 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe . ************************************************************************** . Voltooingstijd: 2008-03-08 15:04:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-08 14:04:05 ComboFix2.txt 2008-03-07 07:36:41 . 2008-02-20 21:14:46 --- E O F --- ------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:09:08, on 8-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Nikon\NkView4\NkVwMon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\explorer.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zonnet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://www.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7536 bytes ------------------------ De PC is al heel veel sneller nu ! Het is boeiend om te zien hoe Combofix e.e.a. weet te fixen. Bedankt voor de hulp !
  • Let wel op dat je volgende keer de instructies juist uitvoert, je hebt het tekstbestand nu opgeslagen als [b:8cd4de0e20]CFScript.txt.txt[/b:8cd4de0e20]. Toch lijkt het gewerkt te hebben :) Deinstalleer Combofix: Ga naar start --> uitvoeren en typ daar: [b:8cd4de0e20]combofix /u[/b:8cd4de0e20] Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt. De Java software op je computer is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren. Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren: Download [url=http://java.sun.com/javase/downloads/index.jsp][b:8cd4de0e20][color=blue:8cd4de0e20]Java Runtime Environment (JRE) 6u5[/color:8cd4de0e20][/b:8cd4de0e20][/url]. [list:8cd4de0e20][*:8cd4de0e20]Scroll omlaag naar : "[i:8cd4de0e20]Java Runtime Environment (JRE) 6u5[/i:8cd4de0e20]". [*:8cd4de0e20]Klik op de "[b:8cd4de0e20]Download[/b:8cd4de0e20]" knop aan de rechterkant. [*:8cd4de0e20]In het uitklapmenu rechts naast [b:8cd4de0e20]Platform[/b:8cd4de0e20], selecteer [color=blue:8cd4de0e20][b:8cd4de0e20]Windows[/b:8cd4de0e20][/color:8cd4de0e20] [*:8cd4de0e20]Vink aan: "[i:8cd4de0e20]I agree to the Java SE Runtime Environment 6 License Agreement[/i:8cd4de0e20]", en klik op [b:8cd4de0e20]Continue[/b:8cd4de0e20]. [*:8cd4de0e20]De pagina zal herladen. [*:8cd4de0e20]Klik op de [b:8cd4de0e20]jre-6u5-windows-i586-p.exe[/b:8cd4de0e20] link ONDER [b:8cd4de0e20]Windows Offline Installation[/b:8cd4de0e20] en bewaar het naar je Bureaublad. [*:8cd4de0e20]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:8cd4de0e20]Ga dan naar [b:8cd4de0e20]Start[/b:8cd4de0e20] > [b:8cd4de0e20]Configuratiescherm[/b:8cd4de0e20] > [b:8cd4de0e20]Software[/b:8cd4de0e20] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:8cd4de0e20]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:8cd4de0e20]Klik dan op [b:8cd4de0e20]Verwijderen[/b:8cd4de0e20] of op de [b:8cd4de0e20]Wijzig/Verwijder[/b:8cd4de0e20] knop. [*:8cd4de0e20]Herhaal dit tot alle oudere versies verdwenen zijn. [*:8cd4de0e20]Na het verwijderen van alle oudere versies, [b:8cd4de0e20]herstart[/b:8cd4de0e20] je pc. [*:8cd4de0e20]Dubbelklik vervolgens op [b:8cd4de0e20]jre-6u5-windows-i586-p.exe[/b:8cd4de0e20] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:8cd4de0e20] Nog problemen?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.