Mededeling

Collapse
No announcement yet.

Windows spyware alert - log

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • Windows spyware alert - log

    Sinds kort krijg ik diverse pop=upmeldingen als: windows spyware alert of spyware detected. Er openen ook diverse websites en on de windowsbalk knippert een rood rondje met een wit kruisje er in.

    Dit is mijn log:
    Logfile of HijackThis v1.99.1
    Scan saved at 5:50:57 PM, on 12/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\explorer.exe
    C:\Downloads\Software\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: BDEX System - {F47B34BF-B7DE-4BEB-B6E5-0FE04F0C90E3} - C:\WINDOWS\domnftwost.dll
    O3 - Toolbar: The emlkdvo - {114B82D9-FBBF-4CED-8DDC-B42DCF85E18E} - C:\WINDOWS\emlkdvo.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: alxvdvm - {9959BA41-14EF-4C44-B64C-16A66694CDE4} - C:\WINDOWS\alxvdvm.dll
    O21 - SSODL: bvtqfvx - {4221CA77-CEEC-4B24-87F7-56E325D1EB9C} - C:\WINDOWS\bvtqfvx.dll
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    Op het bureaublad staan tevens steeds drie programma's: Spyware protection, privacy detector en error cleaner. Na het handmatig verwijderen komen ze steeds terug op bureaublad.

    Wie kan mij helpen? Heel erg bedankt.

    Edit: enkele bijwerkingen zijn dat mijn CPU constant vol staat, door explorer.exe. Er draaien ook processen mee als SpySweeper.exe die ik niet kan stoppen omdat het een systeemproces is. Ander probleem is dat internet traag wordt (inladen van de pagina's).
    Last edited by daang25; 28-12-07, 21:46. Reden: Extra probleeminformatie

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Comment


    • #3
      RVAXO log:
      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\emlkdvo.dll
      C:\WINDOWS\bvtqfvx.dll
      C:\WINDOWS\alxvdvm.dll
      C:\WINDOWS\fvkwdrt.exe

      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...
      ----------------RVAXO.exe first run-------------

      Files found:


      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      Nieuw HJACKTHIS log:
      Logfile of HijackThis v1.99.1
      Scan saved at 8:17:00 PM, on 12/28/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Downloads\Software\HijackThis(1).exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
      O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
      O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
      O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
      O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

        Comment


        • #5
          Combofix log:
          ComboFix 07-12-29.5 - oso 2007-12-29 10:08:24.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.47 [GMT -3:00]
          Running from: C:\Documents and Settings\oso\Desktop\ComboFix.exe
          * Created a new restore point
          .

          ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
          .

          2007-12-28 20:53 . 2007-12-28 21:08 <DIR> d-------- C:\New Folder
          2007-12-28 17:36 . 2007-12-28 17:36 <DIR> d-------- C:\Documents and Settings\oso\Application Data\PC Tools
          2007-12-28 17:36 . 2007-12-28 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
          2007-12-28 17:35 . 2007-12-28 17:35 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
          2007-12-28 17:35 . 2007-12-28 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
          2007-12-28 17:34 . 2007-12-28 17:34 <DIR> d-------- C:\Program Files\Customer
          2007-12-28 17:34 . 2007-12-28 17:34 <DIR> d-------- C:\Program Files\Common Files\Skype
          2007-12-28 17:34 . 2007-12-28 17:34 <DIR> d-------- C:\Documents and Settings\oso\Application Data\InstallShield
          2007-12-28 17:34 . 2007-12-28 17:35 <DIR> d-------- C:\Documents and Settings\oso\Application Data\Easy Thumbnails
          2007-12-28 17:34 . 2007-12-28 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
          2007-12-28 17:34 . 2007-12-28 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
          2007-12-28 17:18 . 2007-12-28 17:17 274,432 --a------ C:\WINDOWS\system32\imon(2)(2).dll
          2007-12-28 17:13 . 2007-12-28 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2007-12-28 06:46 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2007-12-28 06:46 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2007-12-28 06:46 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2007-12-28 06:46 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2007-12-28 06:43 . 2007-12-28 17:36 <DIR> d-------- C:\Program Files\Spyware Doctor
          2007-12-28 06:43 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
          2007-12-28 06:42 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
          2007-12-28 06:42 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
          2007-12-28 06:42 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
          2007-12-28 06:42 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
          2007-12-28 06:41 . 2007-12-28 17:36 <DIR> d-------- C:\Program Files\Webroot
          2007-12-28 06:41 . 2007-12-28 06:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
          2007-12-28 06:33 . 2007-12-28 06:33 164 --a------ C:\install.dat
          2007-12-28 06:32 . 2007-12-28 17:36 <DIR> d-------- C:\Documents and Settings\oso\Application Data\Webroot
          2007-12-27 23:29 . 2007-12-28 17:36 <DIR> d-------- C:\Program Files\SpywareBlaster
          2007-12-27 18:25 . 2007-12-28 17:35 <DIR> d-------- C:\Program Files\FileZilla Client
          2007-12-27 18:25 . 2007-12-28 20:35 <DIR> d-------- C:\Documents and Settings\oso\Application Data\FileZilla
          2007-12-27 17:37 . 2007-12-27 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
          2007-12-26 14:50 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
          2007-12-26 14:50 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
          2007-12-26 14:50 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
          2007-12-26 14:50 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
          2007-12-26 14:50 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
          2007-12-26 14:50 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
          2007-12-26 14:50 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
          2007-12-26 14:50 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
          2007-12-26 12:49 . 2007-12-28 17:35 <DIR> d-------- C:\Program Files\Winamp
          2007-12-26 12:49 . 2007-12-28 17:12 <DIR> d-------- C:\Documents and Settings\oso\Application Data\Winamp
          2007-12-26 12:31 . 2007-12-26 12:31 <DIR> d-------- C:\Downloads
          2007-12-26 12:15 . 2007-12-28 17:35 <DIR> d-------- C:\Program Files\Free Download Manager
          2007-12-26 12:15 . 2007-12-29 10:09 <DIR> d-------- C:\Documents and Settings\oso\Application Data\Free Download Manager
          2007-12-26 11:53 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
          2007-12-26 11:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
          2007-12-26 11:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
          2007-12-26 11:53 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
          2007-12-26 11:51 . 2007-12-28 17:35 <DIR> d---s---- C:\Documents and Settings\oso\UserData
          2007-12-25 21:52 . 2007-12-28 20:34 48 --a------ C:\WINDOWS\.prj
          2007-12-25 21:43 . 2007-12-28 17:35 <DIR> d-------- C:\Program Files\PageBreeze
          2007-12-25 21:43 . 2005-01-24 12:39 503,808 --a------ C:\WINDOWS\system32\ChilkatFTPx.dll
          2007-12-25 21:32 . 2007-12-28 17:35 <DIR> d-------- C:\Program Files\galleryFX
          2007-12-25 21:32 . 2007-12-27 21:35 51 --a------ C:\WINDOWS\Gallery.ini
          2007-12-25 21:09 . 2007-12-25 21:09 <DIR> d-------- C:\WINDOWS\OvtCam
          2007-12-25 21:09 . 2005-03-15 17:04 161,792 --------- C:\WINDOWS\system32\drivers\ov530vid.sys
          2007-12-25 21:09 . 2004-08-05 17:34 61,440 --------- C:\WINDOWS\ov530dib.dll
          2007-12-25 21:09 . 2005-09-30 09:42 40,960 --------- C:\WINDOWS\system32\ov530ext.dll
          2007-12-25 21:09 . 2004-11-09 00:37 25,177 --------- C:\WINDOWS\system32\drivers\ov530cmd.sys
          2007-12-25 21:09 . 2005-09-30 09:56 18,972 --------- C:\WINDOWS\system32\ov530ext.ax
          2007-12-25 21:09 . 2004-07-20 01:50 16,440 --------- C:\WINDOWS\system32\ov530usd.dll
          2007-12-25 20:57 . 2007-12-29 09:59 <DIR> d-------- C:\Documents and Settings\oso\Application Data\skypePM
          2007-12-25 20:57 . 2007-12-25 20:57 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
          2007-12-25 20:56 . 2007-12-29 10:11 <DIR> d-------- C:\Documents and Settings\oso\Application Data\Skype
          2007-12-25 20:54 . 2007-12-28 17:34 <DIR> d-------- C:\Program Files\Easy Thumbnails
          2007-12-25 20:54 . 2007-12-28 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
          2007-12-24 23:22 . 2007-12-28 17:22 <DIR> d-------- C:\temp\usb
          2007-12-24 23:22 . 2007-12-28 06:33 <DIR> d-------- C:\temp
          2007-12-24 23:22 . 2005-12-21 17:44 299,904 --a------ C:\WINDOWS\system32\drivers\MRVW225.sys
          2007-12-24 23:22 . 2006-05-16 11:58 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
          2007-12-23 19:48 . 2007-12-27 21:00 69 --a------ C:\WINDOWS\NeroDigital.ini
          2007-12-20 21:05 . 2007-12-20 21:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
          2007-12-20 21:05 . 2007-12-20 21:03 299,392 --a------ C:\WINDOWS\system32\imon.dll
          2007-12-20 21:05 . 2007-12-20 21:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
          2007-12-20 20:56 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
          2007-12-20 20:56 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
          2007-12-20 20:53 . 2007-12-21 15:21 <DIR> d-------- C:\WINDOWS\system32\NtmsData

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-28 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-28 20:35 --------- d-----w C:\Program Files\Hitman Pro
          2007-12-26 00:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-25 23:55 --------- d-----w C:\Program Files\Skype
          2007-12-25 02:22 --------- d-----w C:\Program Files\Common Files\InstallShield
          2007-12-21 00:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2007-12-20 23:19 --------- d-----w C:\Program Files\Common Files\Adobe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
          "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
          "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
          "AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 02:16 C:\WINDOWS\AGRSMMSG.exe]
          "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-18 04:57]
          "CallControl 4.5"="C:\Program Files\FaxTalk Communicator\FTCtrl32.exe" [2004-03-23 15:43]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
          "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
          "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-20 21:03]
          "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 12:16]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
          @=""

          R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2005-12-21 17:44]
          S3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]

          *Newly Created Service* - CATCHME
          *Newly Created Service* - PROCEXP90
          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-29 10:11:31
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          Completion time: 2007-12-29 10:12:54


          De problemen lijken overigens weg, al krijg ik nu waarschuwingen van mijn Windows firewall dat Het programma " Skype take a deep breath" en " Messenger" toegang willen tot internet. Lijkt mij ook wat vreemd, al heeft dit verder geen bijwerkingen.

          Comment


          • #6
            Windows Firewall kan je die twee bestanden veilig toegang laten geven hoor

            Je logje ziet er ook goed uit

            Doe dit nog:

            Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
            Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
            • Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post als laatste nog een nieuw logje van Hijackthis ter controle

            Comment


            • #7
              Log Hijackthis:
              Logfile of HijackThis v1.99.1
              Scan saved at 5:59:40 PM, on 1/2/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Eset\nod32krn.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
              C:\WINDOWS\system32\LVCOMSX.EXE
              C:\WINDOWS\AGRSMMSG.exe
              C:\Program Files\ltmoh\Ltmoh.exe
              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
              C:\Program Files\Eset\nod32kui.exe
              C:\Program Files\Winamp\winampa.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\MSN Messenger\MsnMsgr.Exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Skype\Phone\Skype.exe
              C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Skype\Plugin Manager\skypePM.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\MSN Messenger\usnsvc.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Downloads\Software\HijackThis(1).exe

              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
              O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
              O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
              O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
              O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
              O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
              O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
              O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
              O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
              O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
              O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
              O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
              O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
              O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
              O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
              O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
              O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
              O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

              Comment


              • #8
                Logje ziet er prima uit hoor

                Comment


                • #9
                  Oke dat is mooi. De problemen zijn ook weg.
                  Mag ik u hartelijk bedanken voor de hulp!

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X
                    😀
                    🥰
                    🤢
                    😎
                    😡
                    👍
                    👎