Mededeling

Collapse
No announcement yet.

Essa voce precisa VER

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Essa voce precisa VER

    Volgens mij heb ik de "Essa voce precisa VER" Trojan. Zouden jullie mij aub kunnen helpen dit hele nare ding te verwijderen? Dank!

    Hijack this log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:51:16, on 24-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CRW\shwicon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Jaski\Bureaublad\Martin\HiJackThis_v2.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 2451 bytes
    Labels: Geen
    • Citaat
  • #2
    Volgens mij heb ik mijn hijack this log niet correct copy+paste gedaan. Daarom hieronder een correcte/volledige.

    Dank voor de hulp (en prettige feestdagen)!


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:05:47, on 25-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CRW\shwicon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jaski\Bureaublad\Martin\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ShowIcon_Apacer_CRW Series Driver v1.17r016] "C:\Program Files\CRW\shwicon.exe" -t"Apacer\CRW Series Driver v1.17r016"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165306231703
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 8799 bytes
    • Citaat

    Comment

    • #3
      Gezien de stappen die de anderen met hetzelfde probleem moesten volgen, heb ik het volgende gedaan:

      1 ComboFix gedraaid, zie log hieronder
      2 Hijack this gedraaid (v202) en log ook hieronder

      Dank voor de hulp

      ComboFix 07-12-21.4 - Jaski 2007-12-25 12:33:12.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.133 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Jaski\Bureaublad\Martin\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .
      The following files were disabled during the run:
      C:\WINDOWS\system32\guard32.dll


      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Jaski\Application Data\macromedia\Flash Player\#SharedObjects\G76VBGD3\iforex.com
      C:\Documents and Settings\Jaski\Application Data\macromedia\Flash Player\#SharedObjects\G76VBGD3\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\Jaski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\Jaski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\WINDOWS\system32\Packet.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))
      .

      2007-12-25 12:28 . 2007-12-25 12:28 <DIR> d-------- C:\Documents and Settings\Jaski\Application Data\Talkback
      2007-12-25 12:28 . 2007-12-25 12:28 0 --a------ C:\WINDOWS\nsreg.dat
      2007-12-25 12:21 . 2007-12-25 12:21 <DIR> d-------- C:\Downloads
      2007-12-25 12:19 . 2007-12-25 12:25 <DIR> d-------- C:\Program Files\Free Download Manager
      2007-12-25 12:18 . 2007-12-25 12:18 <DIR> d-------- C:\WINDOWS\LastGood
      2007-12-25 09:28 . 2007-12-25 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2007-12-25 09:27 . 2007-12-25 09:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2007-12-24 18:41 . 2007-12-24 18:41 <DIR> d-------- C:\Program Files\COMODO
      2007-12-24 18:41 . 2007-12-24 18:41 <DIR> d-------- C:\Documents and Settings\Jaski\Application Data\Comodo
      2007-12-24 18:41 . 2007-12-24 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
      2007-12-24 18:41 . 2007-12-24 18:41 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
      2007-12-24 18:41 . 2007-12-24 18:41 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
      2007-12-24 18:41 . 2007-12-24 18:41 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
      2007-12-24 18:39 . 2007-12-24 18:39 <DIR> d-------- C:\Program Files\Avira
      2007-12-24 18:39 . 2007-12-24 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2007-12-24 17:02 . 2007-12-24 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-25 08:29 --------- d-----w C:\Program Files\Lavasoft
      2007-12-24 23:24 --------- d-----w C:\Documents and Settings\Jaski\Application Data\Skype
      2007-12-24 17:32 --------- d-----w C:\Program Files\Symantec AntiVirus
      2007-12-24 17:32 --------- d-----w C:\Program Files\Symantec
      2007-12-24 17:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2007-12-24 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2007-12-24 16:03 --------- d-----w C:\Program Files\Google
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-09-04 19:33 87,608 ----a-w C:\Documents and Settings\Jaski\Application Data\ezpinst.exe
      2007-09-04 19:33 47,360 ----a-w C:\Documents and Settings\Jaski\Application Data\pcouffin.sys
      2007-03-01 09:37 19,000 ----a-w C:\Documents and Settings\Jaski\Application Data\GDIPFONTCACHEV1.DAT
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 22:58]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-11 12:20]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
      "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
      "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
      "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24]
      "ShowIcon_Apacer_CRW Series Driver v1.17r016"="C:\Program Files\CRW\shwicon.exe" [2003-01-08 23:05]
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 17:19]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 17:57]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 17:51]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-24 18:43]
      "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-24 18:41]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03]
      "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]
      "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 05:53]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

      R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-24 18:41]
      R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-24 18:41]

      *Newly Created Service* - AAWSERVICE
      *Newly Created Service* - CATCHME
      *Newly Created Service* - CMDAGENT
      *Newly Created Service* - CMDGUARD
      *Newly Created Service* - CMDHLP
      *Newly Created Service* - INSPECT
      *Newly Created Service* - PROCEXP90
      *Newly Created Service* - SSMDRV
      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-09-20 08:04:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2007-12-24 18:09:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-25 12:34:44
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\guard32.dll

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
      -> C:\WINDOWS\system32\guard32.dll
      .
      Voltooingstijd: 2007-12-25 12:35:14
      .
      2007-12-21 09:02:30 --- E O F ---




      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:37:19, on 25-12-2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Program Files\COMODO\Firewall\cmdagent.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\CRW\shwicon.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\COMODO\Firewall\cfp.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ShowIcon_Apacer_CRW Series Driver v1.17r016] "C:\Program Files\CRW\shwicon.exe" -t"Apacer\CRW Series Driver v1.17r016"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165306231703
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

      --
      End of file - 8471 bytes
      • Citaat

      Comment

      • #4
        Hallo Gaviaal,

        Je logje vertoont niet direkt speciale dingen.

        1. * Clean de Cache and Cookies in IE:
        • Sluit Internet Explorer.
        • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
        • Klik de Cookies verwijderen knop
        • Klik op de Bestanden verwijderen knop ernaast
        • Vink aan: Ook alle off line items verwijderen, klik OK
        * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
        • Go to Extra > Opties.
        • Klik Privacy in het menu.
        • Klik op de knop wissen (Geschiedenis, Cookies, Cache).
        • Klik OK om het venster opnieuw te sluiten.
        * Clean andere Temporary files + Prullenbak
        • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
        • Laat het je systeem scannen op bestanden die moeten verwijderd worden
        • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
        • Klik daarna op OK.

        2. Download Dr.Web CureIt naar je Bureaublad:
        • Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
        • Indien een popup verschijnt met het voorstel tot kopen/50% korting,
          mag je deze sluiten met het kruisje.
        • Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
          klik op de Selecteer alles knop onderaan, en vervolgens op de knop Verwijderen. Dit is enkel een korte scan.
        • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
        • Druk op F9 en kies daarna voor Acties en stel daar het volgende in onder Malware :
          • Adware: Verplaats
            Dialers: Verplaats
            Jokes: Rapportage
            Riskware: Rapportage
            Hacktools: Verplaats
            Haal dan het vinkje weg bij "Prompt bij actie".
          Druk dan op OK.
        • Druk op F9 en kies daarna voor Scan en verwijder het vinkje bij Heuristische analyse en klik op OK.
        • Eenmaal de korte scan is beeïndigd, selecteer je Volledige scan.
        • Klik daarna de groene pijl rechts om de scan te starten.
        • Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is.
        • Nadat de scan gedaan is, in het menu bovenaan, klik Bestand en kies Rapportage lijst opslaan. Bewaar het op je Bureaublad.
        • Sluit daarna Dr.Web Cureit.
        • Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
        • Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

        3. Download Combofix naar je Bureaublad.
        • Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

          OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
          • Dubbelklik op Combofix.exe
            Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
            Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

          Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
          Plaats deze log in je volgende post, samen met het logje van Dr. Web.

        Groeten,
        Thor
        Wat er ook gebeurt, doe alsof het de bedoeling is ...
        ---------------------------------------------

        Preventie: Spywareblaster.
        Online scans: Kaspersky Online--Bitdefender--Verdacht bestandje? Kontroleer het hier.
        Antispyware-scans: Adaware SE--Spybot Search&Destroy--Installeer deze scanners NIET !!
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X