Mededeling

Collapse
No announcement yet.

essa voce precisa Ver

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    essa voce precisa Ver

    Volgens mij heb ik dit virus. Kan iemand mij vertellen hoe ik hier vanaf kom.
    Hier is mijn logfile

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:14:43, on 25-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\D-fotos Bestelsoftware\Agent.exe
    C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
    C:\sj655\hpupdate.exe
    C:\WINDOWS\Media\LTaskup.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\WINDOWS\system32\sistray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\D-fotos Bestelsoftware\Agent.exe"
    O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [HP Update 4200C] C:\sj655\hpupdate.exe 4200C+
    O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122297481887
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171440445515
    O17 - HKLM\System\CCS\Services\Tcpip\..\{149CBEE6-C5CB-447D-B77C-7CDB566B6BE3}: Domain = marianne.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{149CBEE6-C5CB-447D-B77C-7CDB566B6BE3}: Domain = marianne.local
    O17 - HKLM\System\CS2\Services\Tcpip\..\{149CBEE6-C5CB-447D-B77C-7CDB566B6BE3}: Domain = marianne.local
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    --
    End of file - 6457 bytes
    Labels: Geen
    • Citaat
  • #2
    Dat virus heb je inderdaad MAH.

    Doe dit:
    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe

    Klik daarna op "Fix checked" en sluit HijackThis af.


    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
    • Citaat

    Comment

    • #3
      Oorspronkelijk geplaatst door Marckie Bekijk Berichten
      Dat virus heb je inderdaad MAH.

      Doe dit:
      Sluit alle open vensters.
      Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe

      Klik daarna op "Fix checked" en sluit HijackThis af.


      Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
      Plaats het op je bureaublad.
      Dubbelklik er op om het programma te starten.
      In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
      Volg de instructies op het scherm.
      Als het tooltje klaar is, opent er een logfile (combofix.txt).
      Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
      Beste Marckie, Ik heb gedaan wat je hebt aangegeven. Ik hoop dat alles nu in orde is. Hartstikke bedankt alvast,
      MAH


      ComboFix 07-12-21.4 - Eigenaar 2007-12-26 9:28:59.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.171 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
      .

      2007-12-25 11:00 . 2007-12-25 11:00 <DIR> d-------- C:\Program Files\Trend Micro
      2007-12-25 10:52 . 2007-12-26 09:06 103 --a------ C:\start.bat
      2007-12-21 11:12 . 2007-12-26 09:06 454 --a------ C:\Documents and Settings\Eigenaar\Emails.dat
      2007-12-21 09:06 . 2007-12-21 09:06 10 --a------ C:\Documents and Settings\Eigenaar\user.dat
      2007-12-21 08:43 . 2007-12-21 08:43 3 --a------ C:\WINDOWS\lnk_dados_2.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-24 16:13 611,328 ----a-w C:\WINDOWS\Media\LTaskup.exe
      2007-12-21 10:43 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
      2007-12-07 16:18 --------- d-----w C:\Program Files\D-fotos Bestelsoftware
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15]
      "SoundMan"="SOUNDMAN.EXE" [2004-07-27 10:01 C:\WINDOWS\SOUNDMAN.EXE]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 08:44]
      "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 11:34]
      "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 15:39]
      "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 13:30]
      "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 09:55]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
      "ExtraFilmHemmaAgent"="C:\Program Files\D-fotos Bestelsoftware\Agent.exe" [2005-05-27 14:59]
      "eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 21:36]
      "HP Update 4200C"="C:\sj655\hpupdate.exe" [2002-02-14 14:53]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 07:46]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-05 13:42:04]
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
      eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2007-02-15 08:44:45]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
      Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-07-25 13:19:59]

      R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys [2001-03-30 15:58]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05552eea-6107-11dc-9018-0011d876dd65}]
      \Shell\AutoRun\command - H:\InstallTomTomHOME.exe

      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-26 09:32:30
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSPort]
      "ImagePath"="\??\C:\WINDOWS\SiSPort.sys"
      .
      Voltooingstijd: 2007-12-26 9:32:59 - machine was rebooted
      .
      2007-12-12 09:28:07 --- E O F ---



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 9:35:27, on 26-12-2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
      C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
      C:\Program Files\D-fotos Bestelsoftware\Agent.exe
      C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
      C:\sj655\hpupdate.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\eFax Messenger 4.2\J2GTray.exe
      C:\WINDOWS\system32\sistray.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\PROGRA~1\Iomega\System32\AppServices.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Iomega\AutoDisk\ADService.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
      O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
      O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\D-fotos Bestelsoftware\Agent.exe"
      O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
      O4 - HKLM\..\Run: [HP Update 4200C] C:\sj655\hpupdate.exe 4200C+
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122297481887
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171440445515
      O17 - HKLM\System\CCS\Services\Tcpip\..\{149CBEE6-C5CB-447D-B77C-7CDB566B6BE3}: Domain = marianne.local
      O17 - HKLM\System\CS1\Services\Tcpip\..\{149CBEE6-C5CB-447D-B77C-7CDB566B6BE3}: Domain = marianne.local
      O17 - HKLM\System\CS2\Services\Tcpip\..\{149CBEE6-C5CB-447D-B77C-7CDB566B6BE3}: Domain = marianne.local
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

      --
      End of file - 6230 bytes
      • Citaat

      Comment

      • #4
        De infectie is uitgeschakeld MAH, enkel de restantjes nog opruimen.

        Sluit alle open vensters.
        Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

        Klik daarna op "Fix checked" en sluit HijackThis af.

        Open een kladblokbestand.
        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
        Sla het kladblokbestand op als CFScript.txt
        Code:
        File::
C:\start.bat
C:\Documents and Settings\Eigenaar\Emails.dat
C:\Documents and Settings\Eigenaar\user.dat
C:\WINDOWS\lnk_dados_2.dll
C:\WINDOWS\Media\LTaskup.exe
        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

        ComboFix zal opnieuw starten.
        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
        Post de inhoud van de logfile.
        • Citaat

        Comment

        • #5
          Ik ben blij met je hulp.
          Hieronder de nieuwe file,
          MAH

          ComboFix 07-12-21.4 - Eigenaar 2007-12-26 17:13:49.2 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.166 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Eigenaar\Mijn



          documenten\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          C:\Documents and Settings\Eigenaar\Emails.dat
          C:\Documents and Settings\Eigenaar\user.dat
          C:\start.bat
          C:\WINDOWS\lnk_dados_2.dll
          C:\WINDOWS\Media\LTaskup.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\Eigenaar\Emails.dat
          C:\Documents and Settings\Eigenaar\user.dat
          C:\start.bat
          C:\WINDOWS\lnk_dados_2.dll
          C:\WINDOWS\Media\LTaskup.exe

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
          .

          2007-12-25 11:00 . 2007-12-25 11:00 <DIR> d-------- C:\Program Files\Trend Micro

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-26 09:45 --------- d-----w C:\Program Files\D-fotos Bestelsoftware
          2007-12-21 10:43 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15]
          "SoundMan"="SOUNDMAN.EXE" [2004-07-27 10:01 C:\WINDOWS\SOUNDMAN.EXE]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 08:44]
          "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 11:34]
          "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 15:39]
          "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 13:30]
          "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 09:55]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
          "ExtraFilmHemmaAgent"="C:\Program Files\D-fotos Bestelsoftware\Agent.exe" [2005-05-27 14:59]
          "eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 21:36]
          "HP Update 4200C"="C:\sj655\hpupdate.exe" [2002-02-14 14:53]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 07:46]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-05 13:42:04]
          Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
          eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2007-02-15 08:44:45]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
          Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-07-25 13:19:59]

          R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys [2001-03-30 15:58]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05552eea-6107-11dc-9018-0011d876dd65}]
          \Shell\AutoRun\command - H:\InstallTomTomHOME.exe

          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-26 17:15:16
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2007-12-26 17:15:40
          C:\ComboFix2.txt ... 2007-12-26 09:33
          .
          2007-12-12 09:28:07 --- E O F ---
          • Citaat

          Comment

          • #6
            Ziet er goed uit.
            Alle problemen zijn opgelost?
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X