Mededeling

Collapse
No announcement yet.

Hopeloos situatie: datacle.dll

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Hopeloos situatie: datacle.dll

    Ik kan de spyware datacle.dll maar niet verwijderen, heb echt alles maar echt alles geprobeerd. Maar ik weet... dat Nucia's magie me nooit heeft laten zakken, sinds ik hier voor het eerst registreerd bent. Maar ik weet ook, dat deze een nieuwe soort spyware is (22 december voor het eerst gedetecteerd), dus ik hoop dat nucia admins wat achter de hand hebben.

    ps. Prettige feestdagen


    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Rising\Rav\CCenter.exe
    D:\WINDOWS\System32\svchost.exe
    D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Rising\Rav\RavTask.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Rising\Rav\Ravmon.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {CC831F25-CBB9-48F2-BD9C-1360C0913235} - D:\WINDOWS\system32\datacle.dll
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
    O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe

    --
    End of file - 3417 bytes
    Labels: Geen
    • Citaat
  • #2
    Hallo Evilan,

    Kun je eens D:\WINDOWS\system32\datacle.dll uploaden naar :

    http://www.bleepingcomputer.com/subm....php?channel=9

    Hoe ? :
    • 1. In het eerste venstertje (Link to topic where this file was requested kopieer en plak je deze link :
      2. In het tweede venstertje (Browse to the file you want to submit kopieer en plak je dit :
      • D:\WINDOWS\system32\datacle.dll


      3. Klik op de Send file knop


    1. * Clean de Cache and Cookies in IE:
    • Sluit Internet Explorer.
    • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    • Klik de Cookies verwijderen knop
    • Klik op de Bestanden verwijderen knop ernaast
    • Vink aan: Ook alle off line items verwijderen, klik OK
    * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
    • Go to Extra > Opties.
    • Klik Privacy in het menu.
    • Klik op de knop wissen (Geschiedenis, Cookies, Cache).
    • Klik OK om het venster opnieuw te sluiten.
    * Clean andere Temporary files + Prullenbak
    • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
    • Laat het je systeem scannen op bestanden die moeten verwijderd worden
    • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    • Klik daarna op OK.

    2. Run HijackThis nog een keer en plaats een vinkje bij de volgende items, indien nog aanwezig:
    • O2 - BHO: (no name) - {CC831F25-CBB9-48F2-BD9C-1360C0913235} - D:\WINDOWS\system32\datacle.dll
    Sluit alle open vensters zodat je nog enkel HijackThis hebt open staan. Klik daarna op Fix checked en sluit HijackThis af.

    3. Download Combofix naar je Bureaublad.
    • Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

      Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
      Plaats deze log in je volgende post, samen met een vers HijackThis logje.

    Groeten,
    Thor
    Wat er ook gebeurt, doe alsof het de bedoeling is ...
    ---------------------------------------------

    Preventie: Spywareblaster.
    Online scans: Kaspersky Online--Bitdefender--Verdacht bestandje? Kontroleer het hier.
    Antispyware-scans: Adaware SE--Spybot Search&Destroy--Installeer deze scanners NIET !!
    • Citaat

    Comment

    • #3
      k ik heb alles gedaan wat je vroeg. Die datacle.dll file staat er nog.

      Me hijackthis log:

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 19:52:26, on 26-12-2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      D:\WINDOWS\System32\smss.exe
      D:\WINDOWS\system32\winlogon.exe
      D:\WINDOWS\system32\services.exe
      D:\WINDOWS\system32\lsass.exe
      D:\WINDOWS\system32\svchost.exe
      D:\WINDOWS\System32\svchost.exe
      D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      D:\WINDOWS\Explorer.EXE
      D:\WINDOWS\system32\spoolsv.exe
      D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      D:\WINDOWS\system32\PnkBstrA.exe
      D:\WINDOWS\system32\wuauclt.exe
      D:\Program Files\Internet Explorer\iexplore.exe
      D:\WINDOWS\system32\ctfmon.exe
      D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Bureaublad\HiJackThis_v2.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: (no name) - {CC831F25-CBB9-48F2-BD9C-1360C0913235} - D:\WINDOWS\system32\datacle.dll
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

      Combofixlog:

      ComboFix 07-12-21.4 - Administrator 2007-12-26 19:42:49.4 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.703 [GMT 1:00]
      Gestart vanuit: D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Bureaublad\ComboFix.exe
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
      .

      2007-12-26 01:34 . 2007-12-26 01:34 192 --a------ D:\WINDOWS\system32\mssqttm.dll
      2007-12-25 18:25 . 2007-12-25 18:31 17,837,731 --a------ D:\WINDOWS\system32\virpe.def
      2007-12-25 18:25 . 2007-12-25 18:31 3,214,541 --a------ D:\WINDOWS\system32\virinfo.def
      2007-12-25 18:25 . 2007-12-25 18:31 1,271,130 --a------ D:\WINDOWS\system32\virnorm.def
      2007-12-25 18:25 . 2007-12-25 18:23 13,364 --a------ D:\WINDOWS\system32\drivers\basetdi.sys
      2007-12-25 18:25 . 2007-12-25 18:31 366 --a------ D:\WINDOWS\system32\BsMain.ini
      2007-12-25 18:25 . 2007-12-25 18:25 132 -r-hsc--- D:\rising.ini
      2007-12-25 18:24 . 2007-12-25 18:24 <DIR> d-------- D:\Program Files\Rising
      2007-12-25 18:23 . 2007-12-25 18:23 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Rising
      2007-12-25 18:23 . 2007-12-25 18:31 64 --a------ D:\WINDOWS\Rav.ini
      2007-12-25 18:02 . 2007-12-25 18:22 81,984 --a------ D:\WINDOWS\system32\bdod.bin
      2007-12-25 17:19 . 2007-12-26 19:28 <DIR> dr-h-c--- D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Onlangs geopend
      2007-12-25 17:00 . 2007-12-25 17:00 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
      2007-12-25 17:00 . 2007-12-25 17:01 <DIR> d----c--- D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\PrevxCSI
      2007-12-23 23:27 . 2007-12-23 23:27 54,156 --ah----- D:\WINDOWS\QTFont.qfn
      2007-12-23 23:27 . 2007-12-23 23:27 1,409 --a------ D:\WINDOWS\QTFont.for
      2007-12-22 15:50 . 2007-12-22 15:50 <DIR> d----c--- D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\Uniblue
      2007-12-21 21:32 . 2007-12-04 14:04 837,496 --a--c--- D:\WINDOWS\system32\aswBoot.exe
      2007-12-21 21:32 . 2004-01-09 10:13 380,928 --a--c--- D:\WINDOWS\system32\actskin4.ocx
      2007-12-21 21:32 . 2007-12-04 13:54 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
      2007-12-21 21:32 . 2007-12-04 15:55 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
      2007-12-21 21:32 . 2007-12-04 15:56 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
      2007-12-21 21:32 . 2007-12-04 15:51 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
      2007-12-21 21:32 . 2007-12-04 15:49 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
      2007-12-21 21:32 . 2007-12-04 15:53 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
      2007-12-21 17:24 . 2007-12-23 12:54 310 --a------ D:\WINDOWS\maketorrent.ini
      2007-12-21 17:22 . 2007-12-21 17:22 <DIR> d-------- D:\Program Files\Maketorrent 2
      2007-12-17 10:18 . 2007-12-17 10:19 <DIR> d-------- D:\Program Files\Wireshark
      2007-12-16 22:30 . 2007-12-22 02:30 <DIR> d----c--- D:\Gravity
      2007-12-16 22:26 . 2007-12-16 22:55 65,536 --a------ D:\WINDOWS\IFinst27.exe
      2007-12-16 00:30 . 19,456 D:\WINDOWS\system32\drivers\aiqhfpxd.dat
      2007-12-16 00:28 . 2004-08-04 09:03 84,992 --a--c--- D:\WINDOWS\system32\datacle.dll
      2007-12-09 12:14 . 2007-12-09 12:14 <DIR> d-------- D:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Xfire
      2007-12-07 21:08 . 2007-12-07 21:08 <DIR> d----c--- D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\GetRightToGo
      2007-12-07 21:01 . 2007-12-07 21:01 319 --a------ D:\WINDOWS\game.ini
      2007-12-05 00:53 . 2007-12-05 00:54 <DIR> d-------- D:\Republic
      2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ D:\WINDOWS\system32\divx_xx0c.dll
      2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ D:\WINDOWS\system32\divx_xx07.dll
      2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ D:\WINDOWS\system32\divx_xx11.dll
      2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ D:\WINDOWS\system32\DivX.dll
      2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ D:\WINDOWS\system32\divxdec.ax
      2007-12-03 10:47 . 2007-12-03 10:50 <DIR> d-------- D:\Program Files\SmartFTP Client 2.5 Setup Files
      2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ D:\WINDOWS\system32\qt-dx331.dll
      2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ D:\WINDOWS\system32\libdivx.dll
      2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ D:\WINDOWS\system32\DivXsm.exe
      2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ D:\WINDOWS\system32\ssldivx.dll
      2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ D:\WINDOWS\system32\divxsm.tlb
      2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ D:\WINDOWS\system32\dtu100.dll
      2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ D:\WINDOWS\system32\dpl100.dll
      2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ D:\WINDOWS\system32\dtu100.dll.manifest
      2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ D:\WINDOWS\system32\dpl100.dll.manifest
      2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ D:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ D:\WINDOWS\system32\dpuGUI11.dll
      2007-11-28 22:53 . 2007-11-28 22:53 352,401 --a------ D:\WINDOWS\system32\DivXMedia.ax
      2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ D:\WINDOWS\system32\dpus11.dll
      2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ D:\WINDOWS\system32\dpu11.dll
      2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ D:\WINDOWS\system32\dpu10.dll
      2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ D:\WINDOWS\system32\dpv11.dll
      2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ D:\WINDOWS\system32\dpuGUI10.dll
      2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll
      2007-11-26 12:38 . 2007-11-26 12:38 <DIR> d----c--- D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\Leadertech

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-26 16:10 --------- dc----w D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\uTorrent
      2007-12-26 00:41 --------- d-----w D:\Program Files\mIRC
      2007-12-25 17:23 98,816 ------w D:\WINDOWS\system32\rsbspst.dll
      2007-12-25 17:23 58,368 ------w D:\WINDOWS\system32\rsbsvir.dll
      2007-12-25 17:23 52,224 ------w D:\WINDOWS\system32\rsbslib.dll
      2007-12-25 17:23 46,080 ------w D:\WINDOWS\system32\rsbspstx.dll
      2007-12-25 17:23 3,442 ------w D:\WINDOWS\system32\drivers\RsNTGdi.sys
      2007-12-25 17:23 26,624 ------w D:\WINDOWS\system32\rsbsvm.dll
      2007-12-25 17:23 220,807 ------w D:\WINDOWS\system32\bsmain.exe
      2007-12-25 17:23 126,464 ------w D:\WINDOWS\system32\rsbsscn.dll
      2007-12-25 17:23 120,320 ------w D:\WINDOWS\system32\rsbseng.dll
      2007-12-25 17:23 11,776 ------w D:\WINDOWS\system32\rsbscom.dll
      2007-12-25 17:23 106,496 ------w D:\WINDOWS\system32\RavExt.dll
      2007-12-22 02:08 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
      2007-12-21 20:29 --------- d-----w D:\Program Files\AVSMedia
      2007-12-20 22:20 --------- d-----w D:\Program Files\Steam
      2007-12-17 09:19 --------- d-----w D:\Program Files\WinPcap
      2007-12-16 20:09 --------- d--h--w D:\Program Files\InstallShield Installation Information
      2007-12-14 00:24 --------- dc----w D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\Xfire
      2007-12-12 14:51 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys
      2007-12-12 14:50 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe
      2007-12-11 12:06 --------- d-s---w D:\Program Files\Xfire
      2007-12-09 01:40 --------- d-----w D:\Program Files\DivX
      2007-12-07 20:03 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe
      2007-12-07 20:01 22,328 -c--a-w D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\PnkBstrK.sys
      2007-12-07 19:47 --------- d-----w D:\Program Files\Activision
      2007-12-03 09:50 --------- d-----w D:\Program Files\SmartFTP Client
      2007-12-02 17:17 --------- d-----w D:\Program Files\Ventrilo
      2007-12-02 17:17 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
      2007-11-29 18:18 --------- d-----w D:\Program Files\EA Games
      2007-11-25 01:42 --------- d-----w D:\Program Files\Common Files\AVSMedia
      2007-11-25 01:35 --------- d-----w D:\Program Files\Cliprex DVD Player Professional
      2007-11-23 19:48 --------- d-----w D:\Program Files\Teletekstbrowser
      2007-11-22 11:15 --------- d-----w D:\Program Files\LimeWire
      2007-11-21 22:47 378,370 ----a-w D:\WINDOWS\M2N40802.zip
      2007-11-21 18:47 --------- dc----w D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\MSN6
      2007-11-21 18:47 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
      2007-11-21 09:49 --------- d-----w D:\Program Files\Netropa
      2007-11-17 17:02 --------- dc----w D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\InstallShield
      2007-11-17 17:02 --------- d-----w D:\Program Files\Realtek
      2007-11-17 16:48 --------- d-----w D:\Program Files\hp deskjet 3420 series
      2007-11-17 16:35 --------- d-----w D:\Program Files\HP
      2007-11-17 16:29 --------- d-----w D:\Program Files\Realtek AC97
      2007-11-17 16:17 --------- d-----w D:\Program Files\NVIDIA Corporation
      2007-11-17 15:40 --------- d-----w D:\Program Files\Asus
      2007-11-16 07:18 --------- d-----w D:\Program Files\DIFX
      2007-11-13 18:09 --------- d-----w D:\Program Files\SystemRequirementsLab
      2007-11-13 16:20 --------- d-----w D:\Program Files\Common Files\Blizzard Entertainment
      2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-12 20:22 --------- d-----w D:\Program Files\Common Files\Macromedia
      2007-11-12 20:19 --------- d-----w D:\Program Files\Macromedia
      2007-11-12 20:15 --------- d-----w D:\Program Files\QuArK 6.5.0 Beta 3.0
      2007-11-12 05:51 1,089,536 ----a-w D:\WINDOWS\system32\nvcuda.dll
      2007-11-09 22:36 --------- d-----w D:\Program Files\The All-Seeing Eye
      2007-11-09 16:03 2,195,584 ----a-w D:\WINDOWS\system32\kernel1.exe
      2007-11-04 23:13 --------- dc----w D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\teamspeak2
      2007-10-30 15:29 --------- d---a-w D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
      2007-10-30 08:27 --------- d-----w D:\Program Files\Microsoft.NET
      2007-10-29 22:45 1,291,776 ----a-w D:\WINDOWS\system32\quartz.dll
      2007-10-28 17:24 --------- dc----w D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Application Data\Ventrilo
      2007-10-27 11:46 21,840 ----a-w D:\WINDOWS\system32\SIntfNT.dll
      2007-10-27 11:46 17,212 ----a-w D:\WINDOWS\system32\SIntf32.dll
      2007-10-27 11:46 12,067 ----a-w D:\WINDOWS\system32\SIntf16.dll
      2007-10-25 08:28 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll
      2007-10-22 02:39 267,272 ----a-w D:\WINDOWS\system32\xactengine2_10.dll
      2007-10-22 02:37 17,928 ----a-w D:\WINDOWS\system32\X3DAudio1_2.dll
      2007-10-12 14:14 3,734,536 ----a-w D:\WINDOWS\system32\d3dx9_36.dll
      2007-10-12 14:14 1,374,232 ----a-w D:\WINDOWS\system32\D3DCompiler_36.dll
      2007-10-08 17:15 164,352 ----a-w D:\WINDOWS\system32\SpoonUninstall.exe
      2007-10-04 16:52 749,568 ----a-w D:\WINDOWS\system32\swfgen.dll
      2007-10-04 16:14 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
      2007-10-04 16:14 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
      2007-10-04 16:14 8,491,008 ----a-w D:\WINDOWS\system32\nvcpl.dll
      2007-10-04 16:14 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
      2007-10-04 16:14 6,750,208 ----a-w D:\WINDOWS\system32\nvoglnt.dll
      2007-10-04 16:14 6,344,704 ----a-w D:\WINDOWS\system32\nvdisps.dll
      2007-10-04 16:14 5,783,424 ----a-w D:\WINDOWS\system32\nv4_disp.dll
      2007-10-04 16:14 5,509,120 ----a-w D:\WINDOWS\system32\nvdispsr.dll
      2007-10-04 16:14 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
      2007-10-04 16:14 458,752 ----a-w D:\WINDOWS\system32\nvmccssr.dll
      2007-10-04 16:14 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
      2007-10-04 16:14 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
      2007-10-04 16:14 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
      2007-10-04 16:14 364,544 ----a-w D:\WINDOWS\system32\nvapi.dll
      2007-10-04 16:14 36,864 ----a-w D:\WINDOWS\system32\nvcodins.dll
      2007-10-04 16:14 36,864 ----a-w D:\WINDOWS\system32\nvcod.dll
      2007-10-04 16:14 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
      2007-10-04 16:14 335,872 ----a-w D:\WINDOWS\system32\nvwrses.dll
      2007-10-04 16:14 335,872 ----a-w D:\WINDOWS\system32\nvwrsel.dll
      2007-10-04 16:14 327,680 ----a-w D:\WINDOWS\system32\nvwrsfr.dll
      2007-10-04 16:14 327,680 ----a-w D:\WINDOWS\system32\nvwrsesm.dll
      2007-10-04 16:14 327,680 ----a-w D:\WINDOWS\system32\nvrshe.dll
      2007-10-04 16:14 327,680 ----a-w D:\WINDOWS\system32\nvrsar.dll
      2007-10-04 16:14 323,584 ----a-w D:\WINDOWS\system32\nvwrspt.dll
      2007-10-04 16:14 323,584 ----a-w D:\WINDOWS\system32\nvwrsit.dll
      2007-10-04 16:14 319,488 ----a-w D:\WINDOWS\system32\nvwrsptb.dll
      2007-10-04 16:14 319,488 ----a-w D:\WINDOWS\system32\nvwrsnl.dll
      2007-10-04 16:14 315,392 ----a-w D:\WINDOWS\system32\nvwrsru.dll
      2007-10-04 16:14 315,392 ----a-w D:\WINDOWS\system32\nvwrshu.dll
      2007-10-04 16:14 311,296 ----a-w D:\WINDOWS\system32\nvwrsde.dll
      .

      ((((((((((((((((((((((((((((( [email protected]_17.25.56,32 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2007-12-25 17:01:10 22,486 ----a-r D:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\register_icon.exe
      - 2001-09-07 12:00:00 112,128 ----a-w D:\WINDOWS\system32\mapi32.dll
      + 2004-03-31 12:28:00 131,072 ----a-w D:\WINDOWS\system32\mapi32.dll
      - 2002-01-05 15:48:16 974,848 ----a-w D:\WINDOWS\system32\mfc70.dll
      + 2002-01-05 02:48:16 974,848 ----a-w D:\WINDOWS\system32\mfc70.dll
      + 2002-01-05 02:36:38 964,608 ----a-w D:\WINDOWS\system32\mfc70u.dll
      - 2004-02-20 12:41:00 1,047,552 ----a-w D:\WINDOWS\system32\mfc71u.dll
      + 2003-03-18 20:12:12 1,047,552 ----a-w D:\WINDOWS\system32\mfc71u.dll
      + 2002-01-05 02:38:38 54,784 ----a-w D:\WINDOWS\system32\msvci70.dll
      - 2002-01-05 14:40:18 487,424 ----a-w D:\WINDOWS\system32\msvcp70.dll
      + 2002-01-05 02:40:20 487,424 ----a-w D:\WINDOWS\system32\msvcp70.dll
      - 2007-07-21 15:32:02 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
      + 2003-03-18 19:14:52 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
      - 2002-01-05 02:37:26 344,064 ----a-w D:\WINDOWS\system32\msvcr70.dll
      + 2002-01-05 01:37:28 344,064 ----a-w D:\WINDOWS\system32\msvcr70.dll
      - 2007-07-21 15:32:02 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll
      + 2003-02-21 03:42:22 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll
      + 2007-12-26 11:00:02 16,384 ----atw D:\WINDOWS\TEMP\Perflib_Perfdata_574.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC831F25-CBB9-48F2-BD9C-1360C0913235}]
      2004-08-04 09:03 84992 --a--c--- D:\WINDOWS\system32\datacle.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Sm artFTP Drop]
      @={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

      [HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
      2007-11-29 11:27 472376 --a------ D:\Program Files\SmartFTP Client\sfShellTools.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
      "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
      "MSConfig"="D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 09:03]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= D:\WINDOWS\system32\RavExt.dll [2007-12-25 18:23 106496]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "UIHost"="LogonUI.EXE"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Administrator.IRSHAAD-L2QX6LB^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
      path=D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
      backup=D:\WINDOWS\pss\Adobe Gamma.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      2006-10-23 00:48 40048 --a------ D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
      2007-12-04 14:00 79224 --a--c--- D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      2004-08-04 09:03 15360 --a------ D:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
      D:\Program Files\DAEMON Tools\daemon.exe -lang 1033

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
      2003-05-14 07:35 188416 --a------ D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      D:\WINDOWS\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
      2007-01-08 21:17 52256 --a------ D:\Program Files\CyberLink\PowerDVD\Language\Language.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      D:\Program Files\MSN Messenger\msnmsgr.exe /background

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
      2002-03-17 07:39 151552 --a------ D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
      rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
      2005-12-21 11:52 270336 --a------ D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      nwiz.exe /install

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
      2007-04-09 13:23 200704 --a------ D:\Program Files\PowerISO\PWRISOVM.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      D:\Program Files\QuickTime\qttask.exe -atboottime

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavTask]
      D:\Program Files\Rising\Rav\RavTask.exe -system

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
      d:\windows\system32\rlvknlg.exe -boot

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      2007-01-08 21:26 68640 --------- D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
      SOUNDMAN.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
      D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      2007-07-12 03:00 132496 --a------ D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
      D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      D:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "WMPNetworkSvc"=3 (0x3)
      "NVSvc"=2 (0x2)
      "Adobe LM Service"=3 (0x3)
      "usnjsvc"=3 (0x3)
      "ATKKeyboardService"=2 (0x2)
      "RichVideo"=2 (0x2)
      "avast! Web Scanner"=3 (0x3)
      "avast! Mail Scanner"=3 (0x3)
      "avast! Antivirus"=2 (0x2)
      "aswUpdSv"=2 (0x2)
      "GO-Global Server License Manager"=3 (0x3)
      "GO-Global Application Publishing Service"=2 (0x2)
      "Macromedia Licensing Service"=3 (0x3)
      "ose"=3 (0x3)
      "nSvcLog"=2 (0x2)
      "ForcewareWebInterface"=2 (0x2)
      "ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
      "nhksrv"=2 (0x2)
      "nSvcIp"=2 (0x2)
      "rpcapd"=3 (0x3)
      "RsRavMon"=2 (0x2)
      "RsCCenter"=2 (0x2)

      R0 bntyicsd;bntyicsd;D:\WINDOWS\system32\drivers\aiqhfpxd.dat
      R0 RsNTGDI;RsNTGDI;D:\WINDOWS\system32\Drivers\RsNTGdi.sys [2007-12-25 18:23]
      R1 msikbd2k;Multimedia Keyboard Filter Driver;D:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
      R2 BaseTDI;Basetdi;D:\WINDOWS\system32\drivers\basetdi.sys [2007-12-25 18:23]
      R2 ExpScaner;ExpScaner;D:\PROGRAM FILES\RISING\RAV\ExpScan.sys [2007-12-25 18:23]
      R2 HookCont;HookCont;D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys [2007-12-25 18:23]
      R2 HookReg;HookReg;D:\PROGRAM FILES\RISING\RAV\HookReg.sys [2007-12-25 18:23]
      R2 HookSys;HookSys;D:\PROGRAM FILES\RISING\RAV\HookSys.sys [2007-12-25 18:23]
      R2 MEMSCAN;MEMSCAN;D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys [2007-12-25 18:23]
      R2 RSPPSYS;RSPPSYS;D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys [2007-12-25 18:23]
      R2 UxTuneUp;TuneUp Thema-uitbreiding;D:\WINDOWS\System32\svchost.exe -k netsvcs
      R4 RsCCenter;Rising Process Communication Center;"D:\Program Files\Rising\Rav\CCenter.exe" [2007-12-25 18:23]
      R4 RsRavMon;Rising RealTime Monitor;"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe" [2007-12-25 18:23]
      S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-06-29 01:01]
      S3 UsbSagCom;Mobile Device Full USB Driver;D:\WINDOWS\system32\DRIVERS\UsbSagCom.sys [2007-06-29 15:20]
      S4 nhksrv;Netropa NHK Server;D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-12-21 16:15:00 D:\WINDOWS\Tasks\1-Click Maintenance.job"
      - D:\TuneUp Utilities 2007\SystemOptimizer.exe
      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-26 19:45:17
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2007-12-26 19:46:04
      D:\ComboFix2.txt ... 2007-12-25 17:32
      D:\ComboFix3.txt ... 2007-12-25 17:26
      .
      2007-12-26 02:01:16 --- E O F ---
      • Citaat

      Comment

      • #4
        Hallo Evilan,

        Heb je nu tijdens het fixen nog Rising Antivirus geïnstalleerd ?

        Nog wat opruimen :

        Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
        • File::
          D:\WINDOWS\system32\mssqttm.dll
          D:\WINDOWS\system32\drivers\aiqhfpxd.dat
          D:\WINDOWS\system32\datacle.dll
          D:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\register_icon.exe
          Registry::
          [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC831F25-CBB9-48F2-BD9C-1360C0913235}]
          [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
          [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
        Sla dit op op je Bureaublad als CFScript.txt.

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een HijackThislogje.

        Ondervind je nog problemen ?

        Groeten,
        Thor
        Wat er ook gebeurt, doe alsof het de bedoeling is ...
        ---------------------------------------------

        Preventie: Spywareblaster.
        Online scans: Kaspersky Online--Bitdefender--Verdacht bestandje? Kontroleer het hier.
        Antispyware-scans: Adaware SE--Spybot Search&Destroy--Installeer deze scanners NIET !!
        • Citaat

        Comment

        • #5
          Nee was voordat ik met nucia begon, eerst probeerde ik die datacle.dll zelf weg te hale, en installeerde elke antivirus software die op deze lijst verscheen: http://www.virustotal.com/resultado.html?bdf281c6f5170fe975737fddb19fa96e

          Heb de antivirus-programma's een voor een licensed geinstalleerd en later weer verwijderd, omdat ze het wel scanne maar verwijderen doen ze niet, stelletje geldwolven. Moet nog die rising antivirus verwijderen. Die antivirus programma's zijn je geld gewoon weg niet waard.

          Maar deze site heeft me datacle.dll wel kunne verwijderen, en is nog gratis ook


          Boot mode: Normal

          Running processes:
          D:\WINDOWS\System32\smss.exe
          D:\WINDOWS\system32\winlogon.exe
          D:\WINDOWS\system32\services.exe
          D:\WINDOWS\system32\lsass.exe
          D:\WINDOWS\system32\svchost.exe
          D:\WINDOWS\System32\svchost.exe
          D:\WINDOWS\Explorer.EXE
          D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          D:\WINDOWS\system32\spoolsv.exe
          D:\WINDOWS\system32\PnkBstrA.exe
          D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          D:\WINDOWS\system32\ctfmon.exe
          D:\Program Files\Internet Explorer\iexplore.exe
          D:\Documents and Settings\Administrator.IRSHAAD-L2QX6LB\Bureaublad\HiJackThis_v2.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
          O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
          O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
          O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

          --
          End of file - 2520 bytes


          De log van die combofix heb ik niet, hij gaf wel aan dat die log er is, maar staat niet op me schijf. Maar toen ik weg ging tijdens die scan van combofix, liet die me computer later opnieuw starten, en daarna schermpje dat ik me log kan ophalen in D schijf. en dat is wel een goed teken he?

          Het probleem is verholpen.
          • Citaat

          Comment

          • #6
            Dat ziet er inderdaad terug prima uit, Evilan

            Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.
            Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U, en Enter.
            Dit verwijdert zowel ComboFix (en alles in die Quarantaine map), als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

            Lees om herhaling te voorkomen deze beveiligingstips nog eens door. (omvat ook beveiligingsprogramma's)

            Groeten,
            Thor
            Wat er ook gebeurt, doe alsof het de bedoeling is ...
            ---------------------------------------------

            Preventie: Spywareblaster.
            Online scans: Kaspersky Online--Bitdefender--Verdacht bestandje? Kontroleer het hier.
            Antispyware-scans: Adaware SE--Spybot Search&Destroy--Installeer deze scanners NIET !!
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X