Mededeling

Collapse
No announcement yet.

Search-Daily

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Search-Daily

    Sinds enige tijd is mijn pc erg traag met opstarten. Ook doet hij er erg lang over om naar een site te gaan en als ik via google iets zoek komt hij uit op Search-Daily. Ik hitman pro 2 geprobeerd maar die geeft niks aan.
    Via ComboFix kreeg ik het volgende:
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{897C9557-1CFA-4910-AADF-B8DE11F4B340}]
    2004-08-04 13:00 84992 --a------ C:\WINDOWS\system32\dpnetv.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22]
    "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
    "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2007-06-21 11:26]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-05-11 23:15]
    "SoundMan"="SOUNDMAN.EXE" [2005-04-14 19:01 C:\WINDOWS\SOUNDMAN.EXE]
    "NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2005-06-09 10:50]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 22:23]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 22:23]
    "SiSPower"="Rundll32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
    "Control Center"="C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe" [2005-06-15 14:50]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 15:55]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-17 21:28]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
    "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 19:24]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-19 11:17]
    "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 13:00]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    C:\Documents and Settings\Steven Oosterhoff\Menu Start\Programma's\Opstarten\
    OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
    ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2007-04-17 15:36:45]
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-04-17 15:38:44]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ecunkasg]
    comctl32a.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R0 oxrwhckt;oxrwhckt;C:\WINDOWS\system32\drivers\ytcblbbt.dat
    R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-10-27 19:38]
    R2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2003-08-19 19:28]
    R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
    R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-06-16 22:57]
    S2 nabsssgl;IP Traffic Filter Helper;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
    S3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 10:48]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    nabsssgl

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8c04d2f-79a9-11dc-b6c0-0015f2a0d4cd}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-18 21:16:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\Program Files\Eset\pr_imon.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\Eset\pr_imon.dll
    .
    Voltooingstijd: 2007-12-18 21:20:03 - machine was rebooted
    .
    2007-12-13 09:23:00 --- E O F ---
    Labels: Geen
    • Citaat
  • #2
    Halve logjes posten betekent meestal ook halve hulp krijgen

    Download de bijlage: CFScript.txt

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de Combofix.txt volledig in je volgende antwoord.

    Post ook een logje van Hijackthis en vertel ook of er nog problemen zijn.
    Bijgevoegde Bestanden
    • Citaat

    Comment

    • #3
      Hieronder de log. Na het lezen van meerdere topics hier moet ik er bij vermelden dat ik ook melding Windows Security Alert had gezien. Is dit probleem ook verholpen ?


      ComboFix 07-12-19.3 - Steven Oosterhoff 2007-12-19 10:45:06.2 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.464 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Steven Oosterhoff\Bureaublad\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Steven Oosterhoff\Bureaublad\cfscript.txt
      * Nieuw herstelpunt werd aangemaakt

      FILE
      C:\WINDOWS\system32\dpnetv.dll
      C:\WINDOWS\system32\drivers\ytcblbbt.dat
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\~.exe
      C:\WINDOWS\system32\dpnetv.dll
      C:\WINDOWS\system32\drivers\ytcblbbt.dat

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_NABSSSGL
      -------\LEGACY_OXRWHCKT
      -------\nabsssgl
      -------\oxrwhckt


      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))
      .

      2007-12-13 10:18 . 2007-12-13 10:20 1,393 --a------ C:\WINDOWS\imsins.BAK
      2007-12-10 18:09 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2007-12-10 18:09 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2007-12-10 18:09 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2007-12-10 18:09 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2007-12-10 18:08 . 2007-12-10 21:41 <DIR> d-------- C:\Program Files\Spyware Doctor
      2007-12-10 18:08 . 2007-12-10 18:08 <DIR> d-------- C:\Documents and Settings\Steven Oosterhoff\Application Data\PC Tools
      2007-12-10 18:08 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
      2007-12-10 18:08 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
      2007-12-10 18:08 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
      2007-12-10 18:08 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
      2007-12-10 18:07 . 2007-12-10 18:07 <DIR> d-------- C:\Program Files\Webroot
      2007-12-10 18:07 . 2007-12-10 18:07 <DIR> d-------- C:\Documents and Settings\Steven Oosterhoff\Application Data\Webroot
      2007-12-10 18:07 . 2007-12-10 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
      2007-12-10 18:07 . 2007-12-10 18:07 164 --a------ C:\install.dat
      2007-12-10 18:04 . 2007-12-10 18:16 <DIR> d-------- C:\Program Files\SpywareBlaster
      2007-12-10 18:04 . 2007-12-10 18:04 <DIR> d-------- C:\Program Files\Lavasoft
      2007-12-10 13:45 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2007-12-10 13:42 . 2007-12-10 17:59 <DIR> d-------- C:\Temp
      2007-12-10 13:42 . 2007-12-10 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2007-12-10 02:58 . 2007-12-10 02:58 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
      2007-12-10 02:58 . 2007-12-10 02:58 741,632 --a------ C:\WINDOWS\system32\stehorib.dat
      2007-12-10 02:58 . 2007-12-10 02:58 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
      2007-12-10 02:58 . 2007-12-10 02:58 119,552 --a------ C:\WINDOWS\system32\pzacuqoi.dat
      2007-12-10 02:58 . 2007-12-10 02:58 42,240 --a------ C:\WINDOWS\system32\sxvtbsni.dat
      2007-12-10 02:58 . 2007-12-10 02:58 36,096 --a------ C:\WINDOWS\system32\kfmrfdqo.dat
      2007-12-10 02:58 . 2007-12-10 02:58 35,072 --a------ C:\WINDOWS\system32\ouhoiqjt.dat
      2007-12-10 02:47 . 2006-08-25 16:51 84,992 --a------ C:\WINDOWS\system32\comctl32a.dll.bak
      2007-12-10 02:46 . 2007-12-10 02:52 <DIR> d-------- C:\WINDOWS\system32\AppCert

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-16 16:22 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\ICQ
      2007-12-16 16:21 --------- d-----w C:\Program Files\ICQ6
      2007-12-13 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2007-12-10 20:43 --------- d-----w C:\Program Files\Hitman Pro
      2007-12-10 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2007-12-10 17:23 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\Lavasoft
      2007-12-10 16:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-10 01:01 --------- d-----w C:\Program Files\PokerStars
      2007-11-20 16:40 --------- d-----w C:\Program Files\LimeWire
      2007-11-15 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
      2007-11-15 23:28 --------- d-----w C:\Program Files\Winamp
      2007-11-15 14:52 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\Talkback
      2007-11-15 14:48 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\Thunderbird
      2007-11-14 23:04 --------- d-----w C:\Program Files\TechSmith
      2007-11-14 22:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2007-11-14 20:47 --------- d-----w C:\Program Files\Microsoft Works
      2007-11-14 20:46 --------- d-----w C:\Program Files\MSBuild
      2007-11-14 19:33 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-10-30 19:14 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\VoipBuster
      2007-10-27 16:09 --------- d-----w C:\Program Files\VoipBuster.com
      2007-10-24 09:28 --------- d-----w C:\Program Files\Java
      .

      ((((((((((((((((((((((((((((( [email protected]_21.17.50.62 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{108D3AE0-8944-4226-83A9-E5687D9220A7}]
      c:\windows\system32\comctl32a.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
      "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22]
      "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
      "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2007-06-21 11:26]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-05-11 23:15]
      "SoundMan"="SOUNDMAN.EXE" [2005-04-14 19:01 C:\WINDOWS\SOUNDMAN.EXE]
      "NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2005-06-09 10:50]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 22:23]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 22:23]
      "SiSPower"="Rundll32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
      "Control Center"="C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe" [2005-06-15 14:50]
      "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 15:55]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-17 21:28]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
      "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 19:24]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-19 11:17]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

      C:\Documents and Settings\Steven Oosterhoff\Menu Start\Programma's\Opstarten\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
      ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2007-04-17 15:36:45]
      Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-04-17 15:38:44]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
      @=""

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
      @=""

      R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-10-27 19:38]
      R2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2003-08-19 19:28]
      R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
      R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-06-16 22:57]
      S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
      S3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 10:48]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      nabsssgl

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8c04d2f-79a9-11dc-b6c0-0015f2a0d4cd}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-19 10:52:09
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
      -> C:\Program Files\Eset\pr_imon.dll

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\Program Files\Eset\pr_imon.dll
      .
      Voltooingstijd: 2007-12-19 10:54:07 - machine was rebooted
      C:\ComboFix2.txt ... 2007-12-18 21:20
      .
      2007-12-13 09:23:00 --- E O F ---
      • Citaat

      Comment

      • #4
        Open CFScript.txt en verwijder alles dat in dit bestandje staat.

        Plaats de volgende vetgedrukte tekst daar weer in:


        File::
        C:\WINDOWS\system32\libeay32.dll
        C:\WINDOWS\system32\stehorib.dat
        C:\WINDOWS\system32\libssl32.dll
        C:\WINDOWS\system32\pzacuqoi.dat
        C:\WINDOWS\system32\sxvtbsni.dat
        C:\WINDOWS\system32\kfmrfdqo.dat
        C:\WINDOWS\system32\ouhoiqjt.dat
        C:\WINDOWS\system32\comctl32a.dll.bak

        Folder::
        C:\WINDOWS\system32\AppCert

        Registry::
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{108D3AE0-8944-4226-83A9-E5687D9220A7}]


        Sla de wijzigingen in dit bestand op en sleep het opnieuw over Combofix.exe zoals je dat eerder deed.
        Post het nieuwe Combofix logje dat je krijgt
        • Citaat

        Comment

        • #5
          Dit keer hoefde mijn computer niet opnieuw op te starten. Kan dat kloppen ?


          ComboFix 07-12-19.3 - Steven Oosterhoff 2007-12-19 11:13:58.3 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.490 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Steven Oosterhoff\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Steven Oosterhoff\Bureaublad\cfscript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          C:\WINDOWS\system32\comctl32a.dll.bak
          C:\WINDOWS\system32\kfmrfdqo.dat
          C:\WINDOWS\system32\libeay32.dll
          C:\WINDOWS\system32\libssl32.dll
          C:\WINDOWS\system32\ouhoiqjt.dat
          C:\WINDOWS\system32\pzacuqoi.dat
          C:\WINDOWS\system32\stehorib.dat
          C:\WINDOWS\system32\sxvtbsni.dat
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\AppCert
          C:\WINDOWS\system32\AppCert\filter.drv
          C:\WINDOWS\system32\AppCert\options.dat
          C:\WINDOWS\system32\AppCert\prx93f.dll
          C:\WINDOWS\system32\AppCert\wnl32.dll
          C:\WINDOWS\system32\AppCert\wsil32.dll
          C:\WINDOWS\system32\comctl32a.dll.bak
          C:\WINDOWS\system32\kfmrfdqo.dat
          C:\WINDOWS\system32\libeay32.dll
          C:\WINDOWS\system32\libssl32.dll
          C:\WINDOWS\system32\ouhoiqjt.dat
          C:\WINDOWS\system32\pzacuqoi.dat
          C:\WINDOWS\system32\stehorib.dat
          C:\WINDOWS\system32\sxvtbsni.dat

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))
          .

          2007-12-13 10:18 . 2007-12-13 10:20 1,393 --a------ C:\WINDOWS\imsins.BAK
          2007-12-10 18:09 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2007-12-10 18:09 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2007-12-10 18:09 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2007-12-10 18:09 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2007-12-10 18:08 . 2007-12-10 21:41 <DIR> d-------- C:\Program Files\Spyware Doctor
          2007-12-10 18:08 . 2007-12-10 18:08 <DIR> d-------- C:\Documents and Settings\Steven Oosterhoff\Application Data\PC Tools
          2007-12-10 18:08 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
          2007-12-10 18:08 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
          2007-12-10 18:08 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
          2007-12-10 18:08 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
          2007-12-10 18:07 . 2007-12-10 18:07 <DIR> d-------- C:\Program Files\Webroot
          2007-12-10 18:07 . 2007-12-10 18:07 <DIR> d-------- C:\Documents and Settings\Steven Oosterhoff\Application Data\Webroot
          2007-12-10 18:07 . 2007-12-10 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
          2007-12-10 18:07 . 2007-12-10 18:07 164 --a------ C:\install.dat
          2007-12-10 18:04 . 2007-12-10 18:16 <DIR> d-------- C:\Program Files\SpywareBlaster
          2007-12-10 18:04 . 2007-12-10 18:04 <DIR> d-------- C:\Program Files\Lavasoft
          2007-12-10 13:45 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
          2007-12-10 13:42 . 2007-12-10 17:59 <DIR> d-------- C:\Temp
          2007-12-10 13:42 . 2007-12-10 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-16 16:22 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\ICQ
          2007-12-16 16:21 --------- d-----w C:\Program Files\ICQ6
          2007-12-13 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2007-12-10 20:43 --------- d-----w C:\Program Files\Hitman Pro
          2007-12-10 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-10 17:23 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\Lavasoft
          2007-12-10 16:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2007-12-10 01:01 --------- d-----w C:\Program Files\PokerStars
          2007-11-20 16:40 --------- d-----w C:\Program Files\LimeWire
          2007-11-15 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
          2007-11-15 23:28 --------- d-----w C:\Program Files\Winamp
          2007-11-15 14:52 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\Talkback
          2007-11-15 14:48 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\Thunderbird
          2007-11-14 23:04 --------- d-----w C:\Program Files\TechSmith
          2007-11-14 22:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2007-11-14 20:47 --------- d-----w C:\Program Files\Microsoft Works
          2007-11-14 20:46 --------- d-----w C:\Program Files\MSBuild
          2007-11-14 19:33 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
          2007-10-30 19:14 --------- d-----w C:\Documents and Settings\Steven Oosterhoff\Application Data\VoipBuster
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
          2007-10-27 16:09 --------- d-----w C:\Program Files\VoipBuster.com
          2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
          2007-10-24 09:28 --------- d-----w C:\Program Files\Java
          2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
          2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
          2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
          2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
          2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
          2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
          2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
          2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
          2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
          2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
          2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
          2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
          2007-10-10 23:53 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
          2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
          2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
          2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
          2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
          2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
          2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
          2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
          2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
          2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
          2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
          2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
          2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
          2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
          .

          ((((((((((((((((((((((((((((( [email protected]_21.17.50.62 )))))))))))))))))))))))))))))))))))))))))
          .
          + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
          "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22]
          "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
          "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2007-06-21 11:26]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-05-11 23:15]
          "SoundMan"="SOUNDMAN.EXE" [2005-04-14 19:01 C:\WINDOWS\SOUNDMAN.EXE]
          "NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2005-06-09 10:50]
          "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 22:23]
          "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 22:23]
          "SiSPower"="Rundll32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
          "Control Center"="C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe" [2005-06-15 14:50]
          "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 15:55]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-17 21:28]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
          "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 19:24]
          "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
          "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-19 11:17]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

          C:\Documents and Settings\Steven Oosterhoff\Menu Start\Programma's\Opstarten\
          OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
          ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2007-04-17 15:36:45]
          Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-04-17 15:38:44]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
          @=""

          R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-10-27 19:38]
          R2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2003-08-19 19:28]
          R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
          R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-06-16 22:57]
          S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
          S3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 10:48]

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
          nabsssgl

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8c04d2f-79a9-11dc-b6c0-0015f2a0d4cd}]
          \Shell\AutoRun\command - F:\LaunchU3.exe -a

          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-19 11:15:28
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          PROCESS: C:\WINDOWS\system32\winlogon.exe
          -> C:\WINDOWS\system32\AppCert\wsil32.dll

          PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
          -> C:\Program Files\Eset\pr_imon.dll
          .
          Voltooingstijd: 2007-12-19 11:16:09
          C:\ComboFix2.txt ... 2007-12-19 10:54
          C:\ComboFix3.txt ... 2007-12-18 21:20
          .
          2007-12-13 09:23:00 --- E O F ---
          • Citaat

          Comment

          • #6
            Oorspronkelijk geplaatst door StevenOosterhof
            Dit keer hoefde mijn computer niet opnieuw op te starten. Kan dat kloppen ?
            Dat kan, dat betekent dat deze bestanden restantjes waren en derhalve éénvoudig door Combofix verwijderd werden

            Verwijder de volgende map:
            C:\Qoobox\

            Maak dan je prullenbak leeg.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Ondervindt je nog enige problemen?
            • Citaat

            Comment

            • #7
              Nee alles is opgelost. Fantastisch. Eindelijk weer zorgeloos werken
              • Citaat

              Comment

              • #8
                Graag gedaan hoor
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X