Vraag & Antwoord

Beveiliging & privacy

Trojan-Clicker!

Anoniem
None
20 antwoorden
  • Hoi,

    er is een trojan-clicker in m'n systeem gekomen en ik kan 'm niet weg krijgen. Het gaat om de volgende: Trojan-Clicker.Win32.Delf.Hi en m'n scanner geeft aan dat 'ie bij dit bestandje hoort: system32\ejmaejm.dll.

    Wie kan me helpen?

    Logfile of HijackThis v1.99.1
    Scan saved at 18:03:13, on 24-4-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\mbvigaaa.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    [b:5cee4a9f3d]O2 - BHO: (no name) - {D052FF6A-BD16-4298-B8B3-2A7C1BCD9B4F} - c:\windows\system32\ejmaejm.dll[/b:5cee4a9f3d]
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160351498952
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
    O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\ejmaejm.dll
    O20 - Winlogon Notify: xmm13g - xmm13g.dll (file missing)
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adusicidtab - Unknown owner - (no file)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • momentje ik vind wel wat maar ik weet nog niet precies wat het is.
    Jij denkt aan Delf maar ik denk aan haxdoor.
  • Kun je eens volgende bestand :[list:e25b8c4275] C:\WINDOWS\System32\[b:e25b8c4275]mbvigaaa.exe [/b:e25b8c4275][/list:u:e25b8c4275] uploaden naar :
    [b:e25b8c4275]
    http://www.bleepingcomputer.com/submit-malware.php?channel=9[/b:e25b8c4275]

    Hoe ? : [list:e25b8c4275]1. In het eerste venstertje (Link to topic where this file was requested:) kopieer en plak je deze link :
    [list:e25b8c4275][b:e25b8c4275] http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1199819#1199819 [/b:e25b8c4275][/list:u:e25b8c4275]
    2. In het tweede venstertje (Browse to the file you want to submit: ) kopieer en plak (Ctrl-V) je dit :[list:e25b8c4275][b:e25b8c4275]C:\ mbvigaaa.exe [/b:e25b8c4275][/list:u:e25b8c4275]
    3. Klik op de [b:e25b8c4275]Send file[/b:e25b8c4275] knop[/list:u:e25b8c4275]

    [b:e25b8c4275]Als dat is gelukt aub doorgaan met deze fix aub.[/b:e25b8c4275]


    Download haxfix.exe.
    Plaats het op je bureaublad.
    Sluit alle andere programma's en sluit alle open vensters.
    Dubbelklik op [b:e25b8c4275]haxfix.exe[/b:e25b8c4275]. Het programma wordt nu geinstalleerd in C:\Program Files\HaxFix.
    Plaats een vinkje om een snelkoppeling op het bureaublad te maken.
    Plaats daarna ook een vinkje om het programma op te starten.

    Een rood dos-venster wordt nu geopend.
    Selecteer nu optie [b:e25b8c4275]1. Make logfile[/b:e25b8c4275] door een 1 in te typen met een Enter.
    HaxFix zal de computer scannen. Als het programma klaar is wordt een logfile in een notepad geplaatst.
    Kopieer de inhoud en post dit.

    (Deel 2 nadat het logfile is gepost)
    Dubbelklik op de snelkoppeling [b:e25b8c4275]HaxFix[/b:e25b8c4275] die op het bureaublad staat.

    Selecteer optie 2. [b:e25b8c4275]Run auto fix[/b:e25b8c4275].
    Als er een infectie is gevonden zal er een boodschap verschijnen om alle andere toepassingen af te sluiten. Doe dit want de computer moet worden herstart. Geef nu [b:e25b8c4275]Enter[/b:e25b8c4275] en de computer zal opnieuw starten.

    Als de computer opnieuw gestart is verschijnt er een notepad venster.

    Post de inhoud van dit venster samen met een nieuwe Hijackthislog.( [b:e25b8c4275]Straks)><<<<<<<[/b:e25b8c4275]


    Eerst nog deze doen aub. [b:e25b8c4275]<<<<<<<<<<<<<<<<<[/b:e25b8c4275]

    Download win32delfkil.exe.
    Plaats het op je bureaublad.
    Sluit alle open vensters want de computer zal herstarten.
    Dubbelklik op win32delfkil.exe om het tooltje te starten.
    Na reboot opent er een kladblokbestand.
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Hoi, ik moest even mezelf als nieuwe gebruiker aanmelden, want op een of andere manier kon ik niet meer inloggen. maar bij deze..

    [quote:3c48b8f00a]Download win32delfkil.exe.
    Plaats het op je bureaublad.
    Sluit alle open vensters want de computer zal herstarten.
    Dubbelklik op win32delfkil.exe om het tooltje te starten.
    Na reboot opent er een kladblokbestand.
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.[/quote:3c48b8f00a]

    WIN32DELFKIL LOGFILE - by Marckie


    version 3.125
    di 24-04-2007 18:57:39,74
    running from: "C:\Documents and Settings\Rik Steverink\Bureaublad"


    — File(s) found in Windows directory —

    — File(s) found in system32 folder —

    — Services —

    — Export SharedTaskScheduler key —
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"


    — Notify key —


    — rebooting the computer —


    — File(s) found in Windows directory —

    — File(s) found in system32 folder —

    — Services —

    — Export SharedTaskSchedulerkey —
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"



    — Notify key —

    Finished!
  • [quote:58d653d7a4]Download haxfix.exe.
    Plaats het op je bureaublad.
    Sluit alle andere programma's en sluit alle open vensters.
    Dubbelklik op haxfix.exe. Het programma wordt nu geinstalleerd in C:\Program Files\HaxFix.
    Plaats een vinkje om een snelkoppeling op het bureaublad te maken.
    Plaats daarna ook een vinkje om het programma op te starten.

    Een rood dos-venster wordt nu geopend.
    Selecteer nu optie 1. Make logfile door een 1 in te typen met een Enter.
    HaxFix zal de computer scannen. Als het programma klaar is wordt een logfile in een notepad geplaatst.
    Kopieer de inhoud en post dit. [/quote:58d653d7a4]

    HAXFIX logfile - by Marckie

    version 4.39
    di 24-04-2007 19:02:12,28

    — Checking for Haxdoor —

    checking for a3d files
    a3d files not found

    checking for matching notify keys
    matching notify keys found
    xmm13g

    checking for matching services
    matching services found
    Aspi32
    xmm13g
    mmx19g

    checking for matching safeboot services
    matching safeboot services found
    xmm13g.sys
    mmx19g.sys

    checking for other Haxdoor-files
    no other Haxdoor-files found


    — Checking for Goldun —


    checking for SSODL keys
    no ssodl keys found

    checking for notify keys
    no notify keys found

    checking for services
    no services found

    checking for other Goldun-files
    no other Goldun-files found

    checking iexplore.exe
    iexplore.exe is not infected


    Finished!
  • en de haxfix heb je die ook gedaan, want zoals ik al verwacht had vind delf niks.
  • [quote:2ab8a694e0]Selecteer optie 2. Run auto fix.
    Als er een infectie is gevonden zal er een boodschap verschijnen om alle andere toepassingen af te sluiten. Doe dit want de computer moet worden herstart. Geef nu Enter en de computer zal opnieuw starten.

    Als de computer opnieuw gestart is verschijnt er een notepad venster.

    Post de inhoud van dit venster samen met een nieuwe Hijackthislog.( [/quote:2ab8a694e0]

    HAXFIX logfile - by Marckie

    version 4.39
    di 24-04-2007 19:07:35,96

    — Auto Haxdoorfix —


    searching for files:


    searching for services….
    service xmm13g found
    [SWSC] DeleteService SUCCESS
    service mmx19g found
    [SWSC] DeleteService SUCCESS


    — Goldunfix —


    searching for files:


    checking iexplore.exe
    iexplore.exe is not infected

    searching for SSODLkeys:
    no SSODLkeys found

    searching for notifykeys:
    no notifykeys found

    searching for services:
    no services found


    …..rebooting the computer…..


    searching for ssodlkeys

    not needed


    searching for notifykeys

    notifykey xmm13g not found


    searching for services

    service xmm13g not found
    service mmx19g not found


    searching for safeboot services

    safeboot service xmm13g.sys not found
    safeboot service mmx19g.sys not found


    searching for files

    xmm13g.dll exists
    deleting xmm13g.dll
    xmm13g.dll has been deleted

    mmx19g.sys exists
    deleting mmx19g.sys
    mmx19g.sys has been deleted


    checking for other files

    wa114.ini exists
    deleting wa114.ini
    wa114.ini has been deleted


    checking for a3d files

    no a3d files found


    Finished

    ——————————————————————-

    Logfile of HijackThis v1.99.1
    Scan saved at 19:12:06, on 24-4-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\mbvigaaa.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {D052FF6A-BD16-4298-B8B3-2A7C1BCD9B4F} - c:\windows\system32\ejmaejm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
    O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\ejmaejm.dll
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adusicidtab - Unknown owner - (no file)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • [quote:709b7b1f22]Selecteer optie 2. Run auto fix.
    Als er een infectie is gevonden zal er een boodschap verschijnen om alle andere toepassingen af te sluiten. Doe dit want de computer moet worden herstart. Geef nu Enter en de computer zal opnieuw starten.

    Als de computer opnieuw gestart is verschijnt er een notepad venster.

    Post de inhoud van dit venster samen met een nieuwe Hijackthislog.( [/quote:709b7b1f22]

    HAXFIX logfile - by Marckie

    version 4.39
    di 24-04-2007 19:07:35,96

    — Auto Haxdoorfix —


    searching for files:


    searching for services….
    service xmm13g found
    [SWSC] DeleteService SUCCESS
    service mmx19g found
    [SWSC] DeleteService SUCCESS


    — Goldunfix —


    searching for files:


    checking iexplore.exe
    iexplore.exe is not infected

    searching for SSODLkeys:
    no SSODLkeys found

    searching for notifykeys:
    no notifykeys found

    searching for services:
    no services found


    …..rebooting the computer…..


    searching for ssodlkeys

    not needed


    searching for notifykeys

    notifykey xmm13g not found


    searching for services

    service xmm13g not found
    service mmx19g not found


    searching for safeboot services

    safeboot service xmm13g.sys not found
    safeboot service mmx19g.sys not found


    searching for files

    xmm13g.dll exists
    deleting xmm13g.dll
    xmm13g.dll has been deleted

    mmx19g.sys exists
    deleting mmx19g.sys
    mmx19g.sys has been deleted


    checking for other files

    wa114.ini exists
    deleting wa114.ini
    wa114.ini has been deleted


    checking for a3d files

    no a3d files found


    Finished

    ——————————————————————-

    Logfile of HijackThis v1.99.1
    Scan saved at 19:12:06, on 24-4-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\mbvigaaa.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {D052FF6A-BD16-4298-B8B3-2A7C1BCD9B4F} - c:\windows\system32\ejmaejm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
    O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\ejmaejm.dll
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adusicidtab - Unknown owner - (no file)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • [quote:b8c438b1f9]Selecteer optie 2. Run auto fix.
    Als er een infectie is gevonden zal er een boodschap verschijnen om alle andere toepassingen af te sluiten. Doe dit want de computer moet worden herstart. Geef nu Enter en de computer zal opnieuw starten.

    Als de computer opnieuw gestart is verschijnt er een notepad venster.

    Post de inhoud van dit venster samen met een nieuwe Hijackthislog.( [/quote:b8c438b1f9]

    HAXFIX logfile - by Marckie

    version 4.39
    di 24-04-2007 19:07:35,96

    — Auto Haxdoorfix —


    searching for files:


    searching for services….
    service xmm13g found
    [SWSC] DeleteService SUCCESS
    service mmx19g found
    [SWSC] DeleteService SUCCESS


    — Goldunfix —


    searching for files:


    checking iexplore.exe
    iexplore.exe is not infected

    searching for SSODLkeys:
    no SSODLkeys found

    searching for notifykeys:
    no notifykeys found

    searching for services:
    no services found


    …..rebooting the computer…..


    searching for ssodlkeys

    not needed


    searching for notifykeys

    notifykey xmm13g not found


    searching for services

    service xmm13g not found
    service mmx19g not found


    searching for safeboot services

    safeboot service xmm13g.sys not found
    safeboot service mmx19g.sys not found


    searching for files

    xmm13g.dll exists
    deleting xmm13g.dll
    xmm13g.dll has been deleted

    mmx19g.sys exists
    deleting mmx19g.sys
    mmx19g.sys has been deleted


    checking for other files

    wa114.ini exists
    deleting wa114.ini
    wa114.ini has been deleted


    checking for a3d files

    no a3d files found


    Finished

    ——————————————————————-

    Logfile of HijackThis v1.99.1
    Scan saved at 19:12:06, on 24-4-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\mbvigaaa.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {D052FF6A-BD16-4298-B8B3-2A7C1BCD9B4F} - c:\windows\system32\ejmaejm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
    O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\ejmaejm.dll
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adusicidtab - Unknown owner - (no file)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • Download [b:59bf2f28fe]Combofix[/b:59bf2f28fe] naar je Bureaublad.
    Dubbelklik [b:59bf2f28fe]Combofix.exe[/b:59bf2f28fe]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:59bf2f28fe]NIET[/b:59bf2f28fe] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:59bf2f28fe]combofix.txt[/b:59bf2f28fe] openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • en vergeet nog te vragen of je dat bestandje al gestuurd had naar bleepingcomputer????
  • ComboFix 07-04-24.5V - Running from: "C:\Documents and Settings\Rik Steverink\Bureaublad\"

    /wow section - STAGE #3

    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\ejmaejm.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\RIKSTE~1\BUREAU~1.\internet explorer.lnk
    C:\WINDOWS\system32\drivers\neurwdoq.sys
    C:\WINDOWS\system32\ejmaejm.dll


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\nm
    ——-\reaucigj
    ——-\LEGACY_REAUCIGJ
    ——-\LEGACY_SYSTEM


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 ))))))))))))))))))))))))))))))))))


    2007-04-24 19:02 8,234 –a—— C:\clean.bat
    2007-04-24 18:57 90,112 –a—— C:\WINDOWS\system32\regdacl.exe
    2007-04-24 18:57 53,248 –a—— C:\WINDOWS\system32\process.exe
    2007-04-24 18:57 4,096 –a—— C:\WINDOWS\system32\reboot.exe
    2007-04-24 18:57 278,902 –a—— C:\win32delfkil.exe
    2007-04-24 18:57 16,384 –a—— C:\WINDOWS\system32\restart.exe
    2007-04-24 18:57 <DIR> d——– C:\WINDOWS\system32\regdacl
    2007-04-24 18:57 <DIR> d——– C:\_backupD
    2007-04-24 17:23 <DIR> d——– C:\Program Files\Hijack This
    2007-04-24 16:53 83,536 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-04-24 16:53 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-04-24 16:53 59,984 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-04-24 16:53 52,304 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-04-24 16:53 39,248 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-04-24 16:53 26,064 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-04-24 16:53 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-04-24 15:18 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-04-24 15:18 <DIR> d——– C:\Program Files\Lavasoft
    2007-04-24 14:09 <DIR> d–hs—- C:\DOCUME~1\RIKSTE~1\Onlangs geopend
    2007-04-24 13:21 44,032 –a—— C:\WINDOWS\system32\rdysjale.dll
    2007-04-24 13:21 131,072 –a—— C:\WINDOWS\system32\tkndkvsz.dll
    2007-04-24 13:21 100,864 –a—— C:\WINDOWS\system32\llnjvmiu.dll
    2007-04-24 13:15 14,336 –a—— C:\WINDOWS\system32\mbvigaaa.exe
    2007-04-15 15:45 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
    2007-04-14 23:25 <DIR> d——– C:\Program Files\RadLight Company
    2007-04-14 23:25 <DIR> d——– C:\DOCUME~1\RIKSTE~1\APPLIC~1\RadLight Company
    2007-04-14 23:21 <DIR> d——– C:\Program Files\Webteh
    2007-04-14 23:21 <DIR> d——– C:\Program Files\Setup
    2007-04-14 23:21 <DIR> d——– C:\Program Files\BSplayer_WhenUSave_Installer
    2007-04-14 23:21 <DIR> d——– C:\DOCUME~1\RIKSTE~1\APPLIC~1\BSplayer Pro
    2007-04-14 23:21 <DIR> d——– C:\DOCUME~1\RIKSTE~1\APPLIC~1\BSplayer


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-24 19:11 77628 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-04-24 19:11 458570 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-04-24 16:51 ——– d——– C:\Program Files\hitman pro
    2007-04-24 15:19 ——– d——– C:\DOCUME~1\RIKSTE~1\APPLIC~1\lavasoft
    2007-04-15 15:44 ——– d——– C:\Program Files\ea games
    2007-03-25 19:27 74616 –a—— C:\WINDOWS\system32\gdipfontcachev1.dat
    2007-03-13 18:45 ——– d——– C:\Program Files\messengerplus! 3
    2007-03-12 13:06 ——– d——– C:\Program Files\corel
    2007-03-12 13:02 ——– d–h—– C:\Program Files\installshield installation information
    2007-03-01 00:27 ——– d——– C:\Program Files\filezilla
    2007-02-25 14:20 ——– d–h—– C:\DOCUME~1\RIKSTE~1\APPLIC~1\move networks


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
    "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "LWBMOUSE"="C:\\Program Files\\Omni\\OmniMouse Driver\\4.06\\MOUSE32A.EXE"
    "LWBKEYBOARD"="C:\\Program Files\\Omni\\Omni keyboard driver\\5.0\\KbdAp32A.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "aol"="\"D:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
    @=""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "mbvigaaa"="C:\\WINDOWS\\System32\\mbvigaaa.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "mbvigaaa"="C:\\WINDOWS\\System32\\mbvigaaa.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "FgQHWLXjBG"="{341C3C78-9EB6-96D2-9DF2-8A7063A4210E}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="C:\WINDOWS\System32\wmfhotfix.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\BTTray.lnk"
    "backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe "
    "item"="BTTray"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RunDll32 cmicnfg"
    "hkey"="HKLM"
    "command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DAP"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Launch Application 2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PcSync2"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PicasaMediaDetector"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RocketDock"
    "hkey"="HKCU"
    "command"="\"C:\\WINDOWS\\BricoPacks\\Crystal Clear\\RocketDock\\RocketDock.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Weather"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=dword:00000003

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    odzpqoil


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-04-24 20:01:50
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden services …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    ********************************************************************

    Completion time: 07-04-24 20:02:54 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 07-04-24 20:02




    ——————————————–

    Logfile of HijackThis v1.99.1
    Scan saved at 20:05:34, on 24-4-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    D:\Program Files\AOL\Active Virus Shield\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\mbvigaaa.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
    O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adusicidtab - Unknown owner - (no file)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



    —————————————————

    Ja heb het bestandje naar die bleepingcomputer gestuurd.
  • Mooi mooi, dan kunnen daar mee gaan werken.

    Nog even 1 ding en daarna gaan we verder.

    Wil je dit bestand eerst eens laten scannen bij Jotti:
    C:\WINDOWS\System32\[b:db1044d564]mbvigaaa.exe [/b:db1044d564] <<<<<<<<<<<<<<

    [i:db1044d564]Let op! Soms staan sommige mappen en/of bestanden verborgen, dus eerst even dit uitvoeren: Mijn documenten> extra > mapopties > tabblad Weergave > klik verborgen bestanden en mappen weergeven >OK: [/i:db1044d564]

    Jotti Virusscan http://virusscan.jotti.org/
    Bovenin staat “file to upload”.
    Ga via “bladeren” naar onderstaand bestand, laat het scannen door eerst op “openen” en daarna op “submit” te klikken. Kopieer het antwoord dat je krijgt in je volgende post.

    Als de server te druk is kun je het bestand ook hier laten scannen:
    Kaspersky filescanner http://www.kaspersky.com/scanforvirus
  • Is U daar nog????
  • Hallo ????
  • [quote:2c2fedf282="juisterr"]Hallo ????[/quote:2c2fedf282]
    Komt goed komt goed, zit nog niet eens 24 uur tussen zn laatste post :)
  • ja dat weet ik maar de infectie lijkt me van dien aard dat wachten met fixen niet goed is, straks kan ik misschien helemaal overnieuw beginnen :-?
    Er zit nog meer rommel in en dat moet er ook uit, en ik heb het idee dat de hoofdinfectie ook nog niet helemaal weg is.
  • Kijk, nu is er reden tot spoed…. de infectie is er nog en TS is foetsie… alle werk voor niets :cry:
  • Gebeurt vaker hoor, wellicht geloofde TS er niet meer in en heeft inmiddels een format gedaan :o
    Of zijn/haar toevlucht gezocht op een ander forum :-?

    Niets van aantrekken 8)
  • Klopt helaas maar al te goed Smeenk, toch had ik dit logje graag proberen af te maken.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.