Vraag & Antwoord

Beveiliging & privacy

Google resultaten besmet hijack this.

12 antwoorden
  • Bij een zoekopdracht in Google lijken de resultaten op het eerste gezicht normaal. Echter de links die onder de eerste 5 tot 10 resultaten staan kloppen niet en linken door naar ongewenste sites. Bijvoorbeeld aircanadaman.com of find.com. enz. Het maakt niet uit of ik dit in IE, Firefox of Chrome doe, steeds krijg ik besmette resultaten. Ik heb gescand met Ad-Aware Spybot S&D en Microsoft Windows Malicious Software Removal Tool. Geen resultaat. Nu heb ik een Hijack This scan gedaan. Zou iemand me kunnen helpen met de resultaten? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:45, on 18/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: UvA - Informatiseringscentrum CISCO VPN Client.lnk = C:\Program Files\Cisco Systems\vpngui.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TOONDE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.djindexes.com/mdsidx/images/search.gif O24 - Desktop Component 2: (no name) - http://europa.eu/abc/history/images/bg_content.jpg -- End of file - 10251 bytes
  • Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:32bdc4d5c4]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe" O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86} - (no file) O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TOONDE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.djindexes.com/mdsidx/images/search.gif O24 - Desktop Component 1: (no name) - http://www.djindexes.com/mdsidx/images/search.gif[/b:32bdc4d5c4] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:32bdc4d5c4]@ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt FOR %%g in ( C:\Program Files\VirRL2009\VirRL2009.exe") DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) START NOTEPAD.EXE log.txt[/b:32bdc4d5c4] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op del.bat en post de inhoud van de logfile die opent. Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:32bdc4d5c4][color=red:32bdc4d5c4]MalwareBytes' Anti-Malware[/color:32bdc4d5c4][/b:32bdc4d5c4][/url] en sla het op je bureaublad op. Dubbelklik op [b:32bdc4d5c4]mbam-setup.exe[/b:32bdc4d5c4] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:32bdc4d5c4] [*:32bdc4d5c4]Update MalwareBytes' Anti-Malware [*:32bdc4d5c4]Start MalwareBytes' Anti-Malware [/list:u:32bdc4d5c4]Klik daarna op "[b:32bdc4d5c4]Voltooien[/b:32bdc4d5c4]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:32bdc4d5c4] [*:32bdc4d5c4]Zodra het programma gestart is, ga dan naar het tabblad "[b:32bdc4d5c4]Instellingen[/b:32bdc4d5c4]". [*:32bdc4d5c4]Vink hier aan: "[b:32bdc4d5c4]Sluit Internet Explorer tijdens verwijdering van malware[/b:32bdc4d5c4]". [*:32bdc4d5c4]Ga daarna naar het tabblad "[b:32bdc4d5c4]Scanner[/b:32bdc4d5c4]", kies hier voor "[b:32bdc4d5c4]Snelle Scan[/b:32bdc4d5c4]". [*:32bdc4d5c4]Druk vervolgens op "[b:32bdc4d5c4]Scannen[/b:32bdc4d5c4]" om de scan te starten. [*:32bdc4d5c4]Het scannen kan een tijdje duren, dus wees geduldig. [*:32bdc4d5c4]Wanneer de scan voltooid is, klik op [b:32bdc4d5c4]OK[/b:32bdc4d5c4], daarna "[b:32bdc4d5c4]Bekijk Resultaten[/b:32bdc4d5c4]" om de resultaten te zien. [*:32bdc4d5c4]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:32bdc4d5c4]Verwijder geselecteerde[/b:32bdc4d5c4]". [*:32bdc4d5c4]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:32bdc4d5c4]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:32bdc4d5c4]Logs[/b:32bdc4d5c4]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis
  • Beste Othuroyo, bedankt voor je supersnelle reactie. Helaas geeft Google nog steeds besmette resultaten. Hier zijn de logs: log del.bat: Deleting files Malwarebytes' Anti-Malware 1.33 Database versie: 1665 Windows 5.1.2600 Service Pack 3 18/01/2009 13:22:34 mbam-log-2009-01-18 (13-22-24).txt Scan type: Snelle Scan Objecten gescand: 56582 Verstreken tijd: 7 minute(s), 33 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 4 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be1a344f-9ff5-4024-949b-52205e6db2d0} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a81ebfd7-0fa3-41ec-b60d-6dae78b4d31a} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> No action taken. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\Documents and Settings\Toon de Gee\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. C:\Documents and Settings\Toon de Gee\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. C:\Documents and Settings\Toon de Gee\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. C:\Documents and Settings\Toon de Gee\My Documents\My Documents.url (Trojan.Zlob) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:27:34, on 18/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: UvA - Informatiseringscentrum CISCO VPN Client.lnk = C:\Program Files\Cisco Systems\vpngui.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O24 - Desktop Component 2: (no name) - http://europa.eu/abc/history/images/bg_content.jpg -- End of file - 9735 bytes
  • Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:95c329c49a]O24 - Desktop Component 2: (no name) - http://europa.eu/abc/history/images/bg_content.jpg[/b:95c329c49a] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Zou je alles wat gevonden is door MBAM ook willen verwijderen en de volledige del.bat nog een keer uitvoeren en dan de [b:95c329c49a]volledige[/b:95c329c49a] inhoud ervan hier posten.
  • Heb het hijack this resultaat gefixt. De resultaten van MBAM had ik voor mijn vorige post al laten verwijderen. Ik heb nu een nieuwe scan met mbam gedaan en nu vindt hij niets. De log.txt bij del.bat is nog steeds: deleting files. Meer kan ik er niet van maken. Heb de handeling nog eens over gedaan zoals je in jouw eerste post uitlegde maar helaas verandert er niets.
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je Bureaublad. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Klik op OK in het "NirCmd" venstertje. Klik na afloop terug op Ja om het scannen op malware te starten. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen plaats die in je volgende post.
  • Combofix gedaan. Ik kreeg een leeg buroblad na afloop terwijl het scannen echt afgelopen was. Opnieuw opgestart en... [b:0dd8fd2ea5]alle resultaten in Google zijn schoon. Heel erg bedankt! [/b:0dd8fd2ea5] Hier de log: ComboFix 09-01-17.04 - Toon de Gee 2009-01-18 15:41:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.588 [GMT 1:00] Running from: c:\documents and settings\Toon de Gee\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\update.exe c:\windows\IE4 Error Log.txt c:\windows\system32\wdmaud.sys . ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d-------- c:\documents and settings\Toon de Gee\Application Data\Malwarebytes 2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-18 13:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-18 13:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-17 17:18 . 2009-01-17 17:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-17 16:26 . 2009-01-17 17:05 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-17 16:26 . 2009-01-17 17:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-17 14:09 . 2009-01-17 15:46 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-01-17 12:55 . 2009-01-17 12:55 0 --a------ c:\windows\nsreg.dat 2009-01-14 16:39 . 2009-01-17 17:19 <DIR> d-------- c:\program files\Lavasoft 2009-01-14 16:39 . 2009-01-17 17:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-13 19:25 . 2009-01-13 19:25 <DIR> d-------- c:\program files\Windows Defender 2009-01-11 23:40 . 2009-01-12 14:57 4 --a------ C:\WebData.csv 2009-01-10 15:08 . 2009-01-10 15:08 98,951 --a------ C:\ms.htm 2009-01-09 11:36 . 2009-01-09 11:36 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 10:29 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 10:07 --------- d-----w c:\program files\Cisco Systems 2009-01-10 10:32 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-01-09 10:36 --------- d-----w c:\program files\Java 2008-12-27 13:43 --------- d-----w c:\program files\Google 2008-12-13 06:40 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys 2008-12-11 10:40 --------- d-----w c:\program files\McAfee 2008-11-19 09:59 --------- d-----w c:\documents and settings\Toon de Gee\Application Data\AdobeUM 2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2007-08-16 18:10 167,936 ----a-w c:\program files\axcws32.dll 2007-08-16 18:10 1,236,992 ----a-w c:\program files\adsloc32.dll 2007-08-16 18:10 1,003,568 ----a-w c:\program files\ace32.dll 2007-05-29 14:12 2,810,368 ----a-w c:\program files\C@shflowApp.exe 2007-05-02 08:43 1,230 ----a-w c:\program files\BTDownload.ini 2007-02-28 12:01 209 ----a-w c:\program files\adslocal.cfg 2006-09-12 06:10 28,348 ----a-w c:\program files\extend.chr 2006-09-12 06:10 24,128 ----a-w c:\program files\ansi.chr 2006-07-03 14:30 537,740 ----a-w c:\program files\Handleiding.pdf 2006-06-28 16:30 852,992 ----a-w c:\program files\C@shflow.exe 2005-09-07 07:58 836 ----a-w c:\documents and settings\Toon de Gee\Application Data\ViewerApp.dat 2004-05-07 14:28 195 ----a-w c:\program files\wizard.htm 2004-02-16 15:29 176 ----a-w c:\program files\www.bankingtools.nl.url 2001-12-17 05:00 311,296 ----a-w c:\program files\SDENSX60.DLL 2001-12-17 05:00 307,200 ----a-w c:\program files\SDECDX60.dll 2001-12-17 05:00 278,528 ----a-w c:\program files\SDENTX60.DLL 2001-12-17 05:00 200,704 ----a-w c:\program files\SDE60.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-11 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200] "Google Update"="c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-17 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\SYSTEM32\CTHELPER.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] UvA - Informatiseringscentrum CISCO VPN Client.lnk - c:\program files\Cisco Systems\vpngui.exe [2007-02-06 1528880] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-04-01 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= wdmaud.sys [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Outlook Express\\MSIMN.EXE"= "c:\\Program Files\\VoipBuster\\VoipBuster.exe"= "c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\C@shflowApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 206096] R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] . Contents of the 'Scheduled Tasks' folder 2008-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3036141038-2246288971-3422156299-1005.job - c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-17 12:42] 2008-10-08 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-10-08 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2009-01-18 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.nl/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\Toon de Gee\Application Data\Mozilla\Firefox\Profiles\zdolzcew.default\ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 15:44:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-18 15:47:26 ComboFix-quarantined-files.txt 2009-01-18 14:47:13 Pre-Run: 129,694,298,112 bytes free Post-Run: 129,713,377,280 bytes free 160 --- E O F --- 2009-01-16 11:18:00
  • Ga naar Virustotal.com Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren..." opzoeken!): [b:6ee2167fc2]C:\WebData.csv[/b:6ee2167fc2] Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie Heb jij deze bestanden zelf aangemaakt? c:\program files\www.bankingtools.nl.url c:\program files\wizard.htm Open een kladblokbestand. Kopieer de onderstaande code, en plak deze in het kladblokbestand. [color=blue:6ee2167fc2][b:6ee2167fc2]File:: c:\windows\nsreg.dat [/b:6ee2167fc2][/color:6ee2167fc2] Sla het kladblokbestand op als CFScript.txt Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder: [img:6ee2167fc2]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:6ee2167fc2] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
  • plakken naar virustotal ging niet dus heb ik toch "browse" moeten gebruiken. Wizard zegt me niets. Banking Tools is de uitgever van cashflow manager, software die ik gebruik. Zelf maak ik over het algemeen niets aan in "program files". Dat moet die software er zelf dus ingezet hebben. Virustotal: File WebData.csv received on 01.18.2009 16:56:31 (CET) Current status: finished Result: 0/37 (0%) Compact Print results Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.0.0.73 2009.01.18 - AhnLab-V3 2009.1.15.0 2009.01.17 - AntiVir 7.9.0.57 2009.01.18 - Authentium 5.1.0.4 2009.01.17 - Avast 4.8.1281.0 2009.01.16 - AVG 8.0.0.229 2009.01.18 - BitDefender 7.2 2009.01.18 - CAT-QuickHeal 10.00 2009.01.17 - ClamAV 0.94.1 2009.01.18 - Comodo 935 2009.01.18 - DrWeb 4.44.0.09170 2009.01.18 - eSafe 7.0.17.0 2009.01.18 - eTrust-Vet 31.6.6312 2009.01.17 - F-Prot 4.4.4.56 2009.01.17 - F-Secure 8.0.14470.0 2009.01.18 - Fortinet 3.117.0.0 2009.01.15 - GData 19 2009.01.18 - Ikarus T3.1.1.45.0 2009.01.18 - K7AntiVirus 7.10.594 2009.01.17 - Kaspersky 7.0.0.125 2009.01.18 - McAfee+Artemis 5498 2009.01.17 - Microsoft 1.4205 2009.01.18 - NOD32 3774 2009.01.17 - Norman 5.93.01 2009.01.16 - nProtect 2009.1.8.0 2009.01.16 - Panda 9.5.1.2 2009.01.18 - Prevx1 V2 2009.01.18 - Rising 21.12.62.00 2009.01.18 - SecureWeb-Gateway 6.7.6 2009.01.18 - Sophos 4.37.0 2009.01.18 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.01.18 - TheHacker 6.3.1.5.222 2009.01.17 - TrendMicro 8.700.0.1004 2009.01.16 - VBA32 3.12.8.10 2009.01.17 - ViRobot 2009.1.17.1563 2009.01.17 - VirusBuster 4.5.11.0 2009.01.18 - Additional information File size: 4 bytes MD5...: 0ae9bcd0c0b0aa5aab99d84beca26ce8 SHA1..: 95ae2add76d30dc377e774ec0d5abc17a7832865 SHA256: 91a4e2f100227487a802ac040b85700f03520b347fbfe4c23b7bf2d97b43d9fa SHA512: 2e5bce2521d799135a10bb14cc127a0f794d8cdd2bcd97ed90a7f2d4279f72ab af45a58daf7635472b3d845db21f13f03708fc40f89b1963c8344a89df2b3bd0 ssdeep: 3:yn:yn PEiD..: - TrID..: File type identification Unknown! PEInfo: - [b:ceda7c6bda]ComboFix[/b:ceda7c6bda] 09-01-17.04 - Toon de Gee 2009-01-18 17:08:46.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.631 [GMT 1:00] Running from: c:\documents and settings\Toon de Gee\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Toon de Gee\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\nsreg.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\nsreg.dat . ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d-------- c:\documents and settings\Toon de Gee\Application Data\Malwarebytes 2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-18 13:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-18 13:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-17 17:18 . 2009-01-17 17:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-17 16:26 . 2009-01-17 17:05 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-17 16:26 . 2009-01-17 17:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-17 14:09 . 2009-01-17 15:46 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-01-14 16:39 . 2009-01-17 17:19 <DIR> d-------- c:\program files\Lavasoft 2009-01-14 16:39 . 2009-01-17 17:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-13 19:25 . 2009-01-13 19:25 <DIR> d-------- c:\program files\Windows Defender 2009-01-11 23:40 . 2009-01-12 14:57 4 --a------ C:\WebData.csv 2009-01-10 15:08 . 2009-01-10 15:08 98,951 --a------ C:\ms.htm 2009-01-09 11:36 . 2009-01-09 11:36 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 10:29 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 10:07 --------- d-----w c:\program files\Cisco Systems 2009-01-10 10:32 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-01-09 10:36 --------- d-----w c:\program files\Java 2008-12-27 13:43 --------- d-----w c:\program files\Google 2008-12-13 06:40 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys 2008-12-11 10:40 --------- d-----w c:\program files\McAfee 2008-11-19 09:59 --------- d-----w c:\documents and settings\Toon de Gee\Application Data\AdobeUM 2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2007-08-16 18:10 167,936 ----a-w c:\program files\axcws32.dll 2007-08-16 18:10 1,236,992 ----a-w c:\program files\adsloc32.dll 2007-08-16 18:10 1,003,568 ----a-w c:\program files\ace32.dll 2007-05-29 14:12 2,810,368 ----a-w c:\program files\C@shflowApp.exe 2007-05-02 08:43 1,230 ----a-w c:\program files\BTDownload.ini 2007-02-28 12:01 209 ----a-w c:\program files\adslocal.cfg 2006-09-12 06:10 28,348 ----a-w c:\program files\extend.chr 2006-09-12 06:10 24,128 ----a-w c:\program files\ansi.chr 2006-07-03 14:30 537,740 ----a-w c:\program files\Handleiding.pdf 2006-06-28 16:30 852,992 ----a-w c:\program files\C@shflow.exe 2005-09-07 07:58 836 ----a-w c:\documents and settings\Toon de Gee\Application Data\ViewerApp.dat 2004-05-07 14:28 195 ----a-w c:\program files\wizard.htm 2004-02-16 15:29 176 ----a-w c:\program files\www.bankingtools.nl.url 2001-12-17 05:00 311,296 ----a-w c:\program files\SDENSX60.DLL 2001-12-17 05:00 307,200 ----a-w c:\program files\SDECDX60.dll 2001-12-17 05:00 278,528 ----a-w c:\program files\SDENTX60.DLL 2001-12-17 05:00 200,704 ----a-w c:\program files\SDE60.DLL . ((((((((((((((((((((((((((((( snapshot@2009-01-18_15.45.56.75 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-18 10:41:15 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat + 2009-01-18 15:13:06 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat - 2009-01-18 10:41:15 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-18 15:13:06 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-01-18 10:41:15 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-01-18 15:13:06 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-01-18 14:57:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2f4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-11 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200] "Google Update"="c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-17 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\SYSTEM32\CTHELPER.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] UvA - Informatiseringscentrum CISCO VPN Client.lnk - c:\program files\Cisco Systems\vpngui.exe [2007-02-06 1528880] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-04-01 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= wdmaud.sys [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Outlook Express\\MSIMN.EXE"= "c:\\Program Files\\VoipBuster\\VoipBuster.exe"= "c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\C@shflowApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 206096] R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] . Contents of the 'Scheduled Tasks' folder 2008-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3036141038-2246288971-3422156299-1005.job - c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-17 12:42] 2008-10-08 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-10-08 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2009-01-18 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.nl/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\Toon de Gee\Application Data\Mozilla\Firefox\Profiles\zdolzcew.default\ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 17:11:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-18 17:13:45 ComboFix-quarantined-files.txt 2009-01-18 16:13:33 ComboFix2.txt 2009-01-18 14:47:27 Pre-Run: 129,706,795,008 bytes free Post-Run: 129,689,710,592 bytes free 170 --- E O F --- 2009-01-16 11:18:00
  • Hoe staat het met de problemen?
  • Probleem is opgelost. Nogmaals heel veel dank! Ik kan eindelijk weer normaal van Google gebruik maken. :D
  • Graag gedaan, Doe nog even dit: Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] [url=http://www.majorgeeks.com/ATF_Cleaner_d4949.html](mirror)[/url](gemaakt door Atribune) Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken. Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad Main, plaats je een vinkje bij Select All. Klik op de knop Empty Selected. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad Firefox, plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. (dit haalt het vinkje weer weg bij Firefox saved passwords) Klik op de knop Empty Selected. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad Opera, plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. Klik op de knop Empty Selected. Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.[/list]3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen. - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.