Vraag & Antwoord

Beveiliging & privacy

Trojan Vundo :(

Anoniem
pimvandenderen
12 antwoorden
  • Ik ben geloof ik de zoveelste die telkens de melding krijgt van norton dat het trojan vundo op zijn computer is gevonden.
    Ik ben niet zo goed met computers :oops:
    Hoe kom ik hiervan af?
    Groetjes
    Jeannette
  • Hoi Jeannette,

    Download Combofix naar je Bureaublad.
    [list:f6fe100e23]
    Dubbelklik [b:f6fe100e23]Combofix.exe[/b:f6fe100e23]
    Volg de instructies, aanvaard de disclaimer door "[b:f6fe100e23]1[/b:f6fe100e23]" te typen en te bevestigen via "[b:f6fe100e23]Enter[/b:f6fe100e23]".
    Tijdens het runnen van de fix, [b:f6fe100e23]NIET[/b:f6fe100e23] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:f6fe100e23]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:f6fe100e23]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:f6fe100e23]

    [b:f6fe100e23]Note:[/b:f6fe100e23] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

    Een hijackthis log kan je maken op onderstaande manier:
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358

    Succes!

    Pim
  • hijack kreeg ik dit:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:51:04, on 2-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Block Checker\block-checker.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rayan-jawhar.babyhomepage.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.nl/center
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - (no file)
    O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {4DF3C52E-7CA9-439B-877D-B85E02F4AAA3} - C:\Documents and Settings\Tber\Local Settings\Application Data\microsoft\internet explorer\5inav.dat (file missing)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vynqvzku.dll
    O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - C:\Program Files\Surfairy\SurfairyHlp.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C4716B29-2610-48FC-ACB2-B0E064B6AFB4} - C:\WINDOWS\system32\vtutt.dll
    O2 - BHO: (no name) - {F928F6B8-DCEE-8160-39A2-517C8B573D33} - C:\WINDOWS\Doedargp.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vynqvzku.dll
    O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [dcc6f852] rundll32.exe "C:\WINDOWS\system32\xixvoxld.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
    O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe
    O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
    O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
    O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe
    O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=www.packardbell.nl/center
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnfotokalender.nl/quickshop/calendar/ImageUploader4.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp11.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4341/mcfscan.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E4F0C.dat
    O20 - Winlogon Notify: vynqvzku - C:\WINDOWS\SYSTEM32\vynqvzku.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe


    End of file - 10604 bytes


    En combofix zei dit:

    ComboFix 07-11-30.7 - Tber 2007-11-30 12:54:00.1 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Tber\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .
    ComboFix kreeg te maken met een onherstelbare fout!! Gelieve dit bestand - %g te uploaden - C:\ComboFix_error.dat
    naar : http://www.bleepingcomputer.com/submit-malware.php?channel=4

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Fonts'

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    ——-\LEGACY_DOMAINSERVICE
    ——-\DomainService


    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))
    .

    2007-11-30 13:35 . 2007-11-30 13:35 9,723 –a—— C:\ComboFix_error.dat
    2007-11-30 12:00 . 2007-11-30 12:00 <DIR> d——– C:\Program Files\Enigma Software Group
    2007-11-30 07:43 . 2007-11-30 13:59 105,003 —hs—- C:\WINDOWS\system32\ttutv.ini2
    2007-11-29 20:11 . 2007-11-29 20:11 77,888 –a—— C:\WINDOWS\system32\lomhgjnj.dll
    2007-11-29 20:05 . 2007-11-29 20:05 784,965 —hs—- C:\WINDOWS\system32\dlxovxix.ini
    2007-11-29 20:02 . 2007-11-29 20:02 10,816 ——— C:\WINDOWS\system32\__c00E4F0C.dat
    2007-11-29 19:57 . 2007-11-29 19:57 71,232 –a—— C:\WINDOWS\system32\bnfltwmb.exe
    2007-11-28 16:56 . 2007-11-28 16:56 71,232 –a—— C:\WINDOWS\system32\urtkhojy.exe
    2007-11-28 16:29 . 2007-11-28 16:29 <DIR> d——– C:\Program Files\SymNetDrv
    2007-11-28 16:16 . 2007-11-29 19:57 784,905 —hs—- C:\WINDOWS\system32\hrnvewvv.ini
    2007-11-28 16:12 . 2007-11-28 16:12 81,984 –a—— C:\WINDOWS\system32\llyyhtfx.dll
    2007-11-28 16:09 . 2007-11-28 16:09 <DIR> d——– C:\Program Files\WinAble
    2007-11-28 16:09 . 2007-11-28 16:09 <DIR> d——– C:\Program Files\Temporary
    2007-11-28 16:05 . 2007-11-28 16:05 71,232 –a—— C:\WINDOWS\system32\sfgemvlt.exe
    2007-11-28 16:05 . 2007-11-28 16:05 36,864 –a—— C:\WINDOWS\system32\awtusqp.dll
    2007-11-27 23:46 . 2007-11-27 23:46 71,232 –a—— C:\WINDOWS\system32\frohsnqv.exe
    2007-11-27 23:29 . 2007-11-28 16:04 784,665 —hs—- C:\WINDOWS\system32\wfvcltpr.ini
    2007-11-27 23:22 . 2007-11-30 11:48 <DIR> d——– C:\Program Files\Norton Internet Security
    2007-11-27 23:22 . 2007-11-27 23:22 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-11-27 23:20 . 2006-09-15 22:52 124,016 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-11-27 23:20 . 2006-09-15 22:52 91,904 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-11-27 23:17 . 2007-11-27 23:17 71,232 –a—— C:\WINDOWS\system32\nioyspma.exe
    2007-11-27 23:07 . 2007-11-27 23:07 71,232 –a—— C:\WINDOWS\system32\bckibyhx.exe
    2007-11-27 22:50 . 2007-11-27 23:15 784,485 —hs—- C:\WINDOWS\system32\gnuhdope.ini
    2007-11-27 22:44 . 2007-11-27 22:44 71,232 –a—— C:\WINDOWS\system32\rhuraohh.exe
    2007-11-27 22:00 . 2007-11-27 22:42 784,305 —hs—- C:\WINDOWS\system32\rqqfnkoj.ini
    2007-11-27 21:58 . 2007-11-27 21:58 71,232 –a—— C:\WINDOWS\system32\efjpkbhy.exe
    2007-11-25 17:10 . 2007-11-25 17:10 775,952 —hs—- C:\WINDOWS\system32\qqmxrimt.ini
    2007-11-25 17:09 . 2007-11-25 17:09 79,936 –a—— C:\WINDOWS\system32\lueevako.dll
    2007-11-25 17:00 . 2007-11-25 17:00 71,232 –a—— C:\WINDOWS\system32\hmouhdaw.exe
    2007-11-25 16:47 . 2007-11-25 17:10 775,892 —hs—- C:\WINDOWS\system32\fiositpo.ini
    2007-11-25 16:45 . 2007-11-25 16:45 79,936 –a—— C:\WINDOWS\system32\fxpicitt.dll
    2007-11-25 16:41 . 2007-11-25 16:41 71,232 –a—— C:\WINDOWS\system32\euhttjpd.exe
    2007-11-21 15:51 . 2007-11-29 19:34 143 –a—— C:\WINDOWS\system32\mcrh.tmp
    2007-11-17 12:01 . 2007-11-17 12:02 676,624 —hs—- C:\WINDOWS\system32\gidnxniq.ini
    2007-11-17 11:55 . 2007-11-17 11:55 71,232 –a—— C:\WINDOWS\system32\pymhbtpl.exe
    2007-11-17 04:53 . 2007-11-17 11:55 676,564 —hs—- C:\WINDOWS\system32\wvyicqfn.ini
    2007-11-17 04:41 . 2007-11-17 04:41 71,232 –a—— C:\WINDOWS\system32\wqfhjsrc.exe
    2007-11-16 14:49 . 2007-11-17 04:41 678,629 —hs—- C:\WINDOWS\system32\kdpekiki.ini
    2007-11-16 14:44 . 2007-11-16 14:44 71,232 –a—— C:\WINDOWS\system32\pcveopqi.exe
    2007-11-16 13:58 . 2007-11-16 14:50 676,249 —hs—- C:\WINDOWS\system32\ittqgnjs.ini
    2007-11-16 13:52 . 2007-11-16 13:52 71,232 –a—— C:\WINDOWS\system32\hksmxwvr.exe
    2007-11-16 13:33 . 2007-11-16 13:58 676,129 —hs—- C:\WINDOWS\system32\huxmwrpq.ini
    2007-11-16 13:23 . 2007-11-16 13:23 71,232 –a—— C:\WINDOWS\system32\idrebwmk.exe
    2007-11-16 11:59 . 2007-11-16 13:23 676,009 —hs—- C:\WINDOWS\system32\vjipbfqf.ini
    2007-11-16 11:48 . 2007-11-14 20:43 104,891 –ahs—- C:\WINDOWS\system32\ttutv.ini
    2007-11-14 19:51 . 2007-11-14 19:59 104,891 —hs—- C:\WINDOWS\system32\ttutv.tmp
    2007-11-14 18:29 . 2007-11-16 11:52 675,889 —hs—- C:\WINDOWS\system32\hibjuptw.ini
    2007-11-14 18:26 . 2007-11-14 18:26 79,424 –a—— C:\WINDOWS\system32\bscishiu.dll
    2007-11-14 18:20 . 2007-11-14 18:20 71,232 –a—— C:\WINDOWS\system32\iarewkdp.exe
    2007-11-13 15:40 . 2007-11-14 18:15 671,642 —hs—- C:\WINDOWS\system32\dsxoukna.ini
    2007-11-13 15:35 . 2007-11-13 15:35 71,232 –a—— C:\WINDOWS\system32\fsophoxn.exe
    2007-11-12 13:46 . 2007-11-13 15:34 669,383 —hs—- C:\WINDOWS\system32\avduedjl.ini
    2007-11-12 13:41 . 2007-11-12 13:41 71,232 –a—— C:\WINDOWS\system32\eshublfb.exe
    2007-11-12 13:38 . 2007-11-12 13:38 145,984 ——— C:\WINDOWS\system32\vynqvzku.dll
    2007-11-12 13:38 . 2007-11-30 13:55 20,810 —hs—- C:\WINDOWS\system32\vynqvzku.dllbox
    2007-11-12 13:37 . 2007-11-30 07:27 105,806 —hs—- C:\WINDOWS\system32\ttutv.bak2
    2007-11-12 13:24 . 2007-11-12 13:24 317,536 ——— C:\WINDOWS\system32\vtutt.dll
    2007-11-11 09:23 . 2007-11-11 09:23 147,456 –a—— C:\WINDOWS\system32\vbzip10.dll
    2007-11-11 09:22 . 2007-11-11 09:22 172,038 –a—— C:\winlogon.exe
    2007-10-25 16:24 . 2007-10-25 14:24 53,760 –a—— C:\WINDOWS\b122.exe
    2007-10-10 13:01 . 2007-07-09 14:11 584,192 ——— C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-30 12:22 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-11-29 19:13 ——— d—–w C:\Program Files\Symantec
    2007-11-29 19:01 113,233 —-a-w C:\WINDOWS\Fonts\a.zip
    2007-11-27 22:32 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-17 11:17 ——— d—–w C:\Documents and Settings\Tber\Application Data\Symantec
    2007-11-14 19:36 ——— d—–w C:\Program Files\LimeWire
    2007-11-11 08:28 ——— d—–w C:\Program Files\Java
    2007-11-11 08:23 278,542 —-a-w C:\WINDOWS\Fonts\Setup.exe
    2007-11-01 16:24 ——— d—–w C:\Program Files\Lexmark X1100 Series
    2007-10-25 16:57 8,501,760 ——w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-09-07 08:16 63,012 —-a-w C:\Documents and Settings\Tber\Application Data\mdb.bin
    2007-08-22 13:19 96,768 —-a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 13:19 662,016 ——w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 13:19 616,960 ——w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 13:19 55,808 —-a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 13:19 532,480 —-a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 13:19 474,624 ——w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 13:19 449,024 ——w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 13:19 39,424 ——w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 13:19 357,888 ——w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 13:19 3,079,168 ——w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 13:19 251,392 ——w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 13:19 205,312 ——w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 13:19 16,384 —-a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 13:19 151,552 —-a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 13:19 146,432 —-a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 13:19 1,494,528 ——w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 13:19 1,057,280 —-a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 13:19 1,022,976 ——w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:30 18,432 —-a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:18 683,520 ——w C:\WINDOWS\system32\dllcache\inetcomm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0428FFC7-1931-45b7-95CB-3CBB919777E1}]
    C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DF3C52E-7CA9-439B-877D-B85E02F4AAA3}]
    C:\Documents and Settings\Tber\Local Settings\Application Data\microsoft\internet explorer\5inav.dat

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
    C:\Program Files\RXToolBar\sfcont.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{905F19D4-DD1A-4EF4-B471-441530B3E666}]
    2007-11-12 13:24 317536 ——— C:\WINDOWS\system32\vtutt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-12 13:38 145984 ——— C:\WINDOWS\system32\vynqvzku.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2}]
    2002-05-03 13:27 81920 –a–c— C:\Program Files\Surfairy\SurfairyHlp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F928F6B8-DCEE-8160-39A2-517C8B573D33}]
    C:\WINDOWS\Doedargp.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vynqvzku.dll [2007-11-12 13:38 145984]

    [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2004-03-03 16:26]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [2005-08-10 17:46]
    "EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43]
    "ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 18:51]
    "Desksite CMA"="C:\Program Files\desksite\bin\cma.exe" []
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-03-03 16:25]
    "BullsEye Network"="C:\Program Files\BullsEye Network\bin\bargains.exe" []
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41]
    "SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-05 16:09]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-28 16:29]
    "dcc6f852"="C:\WINDOWS\system32\xixvoxld.dll" []

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vynqvzku]
    vynqvzku.dll 2007-11-12 13:38 145984 C:\WINDOWS\system32\vynqvzku.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\WINDOWS\system32\__c00E4F0C.dat
    "LoadAppInit_DLLs"=1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutt.dll

    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
    R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    R3 CVIAAUD;NEC VIA 3D Environmental Audio;C:\WINDOWS\system32\drivers\cviaaud.sys
    R3 CVIAHALA;CVIAHALA;C:\WINDOWS\system32\drivers\cviahal.sys
    S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-28 15:15:53 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Tber.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
    "2007-11-30 11:24:04 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-30 13:57:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-11-30 14:13:27 - machine was rebooted
    .
    — E O F —


    Ik snap hier echt helemaaaal niets van :)
    Het heeft lang geduurd voordat het lukte..
    HELLLP :)
  • iemand!?!?! :cry:
  • Rustig aan Jeannette!

    1. Ga naar start –> configuratiescherm –> software en verwijder daar, indien aanwezig:
    [b:eea91b478b]RXToolBar
    Winable
    [/b:eea91b478b]

    2. Start Hijackthis, kies voor [i:eea91b478b]'Do a system scan only'[/i:eea91b478b] en vink onderstaande regels aan, indien nog aanwezig:
    [b:eea91b478b]
    O2 - BHO: (no name) - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - (no file)
    O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
    O2 - BHO: (no name) - {4DF3C52E-7CA9-439B-877D-B85E02F4AAA3} - C:\Documents and Settings\Tber\Local Settings\Application Data\microsoft\internet explorer\5inav.dat (file missing)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vynqvzku.dll
    O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - C:\Program Files\Surfairy\SurfairyHlp.dll
    O2 - BHO: (no name) - {C4716B29-2610-48FC-ACB2-B0E064B6AFB4} - C:\WINDOWS\system32\vtutt.dll
    O2 - BHO: (no name) - {F928F6B8-DCEE-8160-39A2-517C8B573D33} - C:\WINDOWS\Doedargp.dll (file missing)
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vynqvzku.dll
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [dcc6f852] rundll32.exe "C:\WINDOWS\system32\xixvoxld.dll",b
    O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
    O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe
    O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
    O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
    O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe
    O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
    O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E4F0C.dat
    O20 - Winlogon Notify: vynqvzku - C:\WINDOWS\SYSTEM32\vynqvzku.dll
    [/b:eea91b478b]

    Sluit nu [u:eea91b478b]alle[/u:eea91b478b] openstaande vensters, behalve Hijackthis en klik op [b:eea91b478b]Fix Checked[/b:eea91b478b].

    3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:eea91b478b]
    File::
    C:\WINDOWS\system32\ttutv.ini2
    C:\WINDOWS\system32\lomhgjnj.dll
    C:\WINDOWS\system32\dlxovxix.ini
    C:\WINDOWS\system32\__c00E4F0C.dat
    C:\WINDOWS\system32\bnfltwmb.exe
    C:\WINDOWS\system32\urtkhojy.exe
    C:\WINDOWS\system32\hrnvewvv.ini
    C:\WINDOWS\system32\llyyhtfx.dll
    C:\WINDOWS\system32\sfgemvlt.exe
    C:\WINDOWS\system32\awtusqp.dll
    C:\WINDOWS\system32\frohsnqv.exe
    C:\WINDOWS\system32\wfvcltpr.ini
    C:\WINDOWS\system32\nioyspma.exe
    C:\WINDOWS\system32\bckibyhx.exe
    C:\WINDOWS\system32\gnuhdope.ini
    C:\WINDOWS\system32\rhuraohh.exe
    C:\WINDOWS\system32\rqqfnkoj.ini
    C:\WINDOWS\system32\efjpkbhy.exe
    C:\WINDOWS\system32\qqmxrimt.ini
    C:\WINDOWS\system32\lueevako.dll
    C:\WINDOWS\system32\hmouhdaw.exe
    C:\WINDOWS\system32\fiositpo.ini
    C:\WINDOWS\system32\fxpicitt.dll
    C:\WINDOWS\system32\euhttjpd.exe
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\gidnxniq.ini
    C:\WINDOWS\system32\pymhbtpl.exe
    C:\WINDOWS\system32\wvyicqfn.ini
    C:\WINDOWS\system32\wqfhjsrc.exe
    C:\WINDOWS\system32\kdpekiki.ini
    C:\WINDOWS\system32\pcveopqi.exe
    C:\WINDOWS\system32\ittqgnjs.ini
    C:\WINDOWS\system32\hksmxwvr.exe
    C:\WINDOWS\system32\huxmwrpq.ini
    C:\WINDOWS\system32\idrebwmk.exe
    C:\WINDOWS\system32\vjipbfqf.ini
    C:\WINDOWS\system32\ttutv.ini
    C:\WINDOWS\system32\ttutv.tmp
    C:\WINDOWS\system32\hibjuptw.ini
    C:\WINDOWS\system32\bscishiu.dll
    C:\WINDOWS\system32\iarewkdp.exe
    C:\WINDOWS\system32\dsxoukna.ini
    C:\WINDOWS\system32\fsophoxn.exe
    C:\WINDOWS\system32\avduedjl.ini
    C:\WINDOWS\system32\eshublfb.exe
    C:\WINDOWS\system32\vynqvzku.dll
    C:\WINDOWS\system32\vynqvzku.dllbox
    C:\WINDOWS\system32\ttutv.bak2
    C:\WINDOWS\system32\vtutt.dll
    C:\winlogon.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\Fonts\a.zip
    C:\WINDOWS\Fonts\Setup.exe

    Folder::
    C:\Program Files\WinAble
    C:\Program Files\RXToolBar

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0428FFC7-1931-45b7-95CB-3CBB919777E1}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DF3C52E-7CA9-439B-877D-B85E02F4AAA3}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{905F19D4-DD1A-4EF4-B471-441530B3E666}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F928F6B8-DCEE-8160-39A2-517C8B573D33}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dcc6f852"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vynqvzku]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
    00
    [/b:eea91b478b]
    Sla dit op op je Bureaublad als [b:eea91b478b]CFScript.txt[/b:eea91b478b]

    Sleep [b:eea91b478b]CFScript.txt[/b:eea91b478b] in [b:eea91b478b]ComboFix.exe[/b:eea91b478b] zoals getoond in onderstaand voorbeeld :

    [img:eea91b478b]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:eea91b478b]

    Dit zal [b:eea91b478b]ComboFix[/b:eea91b478b] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:eea91b478b]Combofix.txt[/b:eea91b478b] in je volgende antwoord samen met een nieuw HijackThislogje.
  • IK heb het gedaan
    Ik krijg nu de hele tijd de melding: de toepassing of DLL bestand c:\windows\system32\_c00E4F0C.dat is geen geldige windows kopie. Controleer dit op uw installatiediskette.
    En op mijn bureaublad is een zip file geplaatst genaamd catchme

    Nu krijg ik dit bij hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:33, on 2007-12-05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Block Checker\block-checker.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rayan-jawhar.babyhomepage.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.nl/center
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A8CA1AF9-0B11-4AF2-8AFF-D04A7F0753F9} - C:\WINDOWS\system32\vtutt.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vynqvzku.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vynqvzku.dll
    O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=www.packardbell.nl/center
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnfotokalender.nl/quickshop/calendar/ImageUploader4.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp11.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4341/mcfscan.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00E4F0C.dat
    O20 - Winlogon Notify: vynqvzku - C:\WINDOWS\SYSTEM32\vynqvzku.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe


    End of file - 8600 bytes
  • Kun je ook nog de inhoud van C:\Combofix.txt plaatsen?
    We zijn er nog niet :wink:
  • Zou ik daar een nieuwe van moeten hebben? van dat log van combofix? Ik heb namelijk alleen nog hetzelfde log van vorige keer!
  • Als het goed is, wanneer je CFscript in Combofix sleept, zou combofix na afloop een nieuw rapport moeten weergeven. In dit geval maakt het niet zoveel uit, doe het volgende even:

    Ga naar start –> uitvoeren en typ daar:
    [b:f06aa8fdc7]combofix /u[/b:f06aa8fdc7]

    Dit zal combofix verwijderen.

    Download Combofix daarna opnieuw via bovenstaande link en laat hem nog een keer draaien. Post na afloop het resultaat in je volgende bericht :wink:
  • Dat heb ik gedaan en nu als ik de computer opstart vragen ze om een wachtwoord. Ik heb geen account op de computer en heb geen flauw idee wat het wachtwoord is voor de account :cry:
    Ben nu op mijn werk. Wat nu?!
  • Probeer eens een standaart wachtwoord die je vaak gebruikt, je moet deze toch echt hebben ingesteld tijdens je windows installatie.

    Je kan ook proberen om geen wachtwoord in te vullen en alleen op enter te klikken. Anders eens proberen: [b:923fd93b45]admin[/b:923fd93b45] of [b:923fd93b45]administrator[/b:923fd93b45]

    Pim
  • Ondertussen is de computer weer helemaal de oude!
    Dank je wel!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.