Mededeling

Collapse
No announcement yet.

Spyware Detection Alart probleem

Collapse
X
Collapse
  •  
  • Page of 2
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 template Volgende
  • #1

    Spyware Detection Alart probleem

    Hej,
    Ik heb ff een vraagje over Spyware.
    Toen ik gisteravond de pc opstarte kreeg ik rechtsonder iets nieuws er tussen. Dat nieuwe icoontje gaf dt aan: Security warning: your computer may be infected with harmful or unwanted software!
    Toen ik op dat icoontje klikte kwam er een pop-up van spyware detection alarm:



    De link:http://img177.imageshack.us/my.php?image=naamloosij9.png


    (Je ziet het icoontje rechtsonder, het groene bolletje met een rood uitroepteken ervoor)

    Naar aanleiding daarvan denk ik dat het grote troep is want als je verder gaat geeft windows aan dat het niet veilig is en krijg je allemaal pop-ups voor downloads.
    Hoe krijg ik dit programmatje eraf?
    Het staat niet bij software en bij Program Files kon ik het ook niet vinden:S
    Labels: Geen
    • Citaat
  • #2
    Ik denk dat je best een hijackthislog maakt en deze post, zodat we kunnen zien door wat dit veroorzaakt wordt.
    • Citaat

    Comment

    • #3
      Toen heb ik ook nog HijackThis gedaan via een Engelse Site en op analyze this geklikt. Ik kreeg toen deze site:
      http://hjt-data.trend-braintree.com/hjt/analyzethis/index.php?report=5209892
      Alleen ik weet niet waar de resultaten staan:S
      • Citaat

      Comment

      • #4
        Download HijackThis.
        Sla het bestand op. Dubbelklik op HJTInstall.exe om de installatie te starten.
        Na de installatie start het programma. Klik op de knop "scan".
        Wanneer de hijackthisscan klaar is, verandert de knop 'Scan' in een knop 'Save logfile'.
        Klik hierop en sla de logfile op als hijackthis.log.
        Hijackthis.log zal openen. Post de inhoud van deze logfile in je volgende bericht.
        • Citaat

        Comment

        • #5
          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 16:02:59, on 31-12-2007
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\system32\inetsrv\inetinfo.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\WINDOWS\system32\hkcmd.exe
          C:\WINDOWS\system32\igfxpers.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\PROGRA~1\AGROVI~1\Ibms\CMVTaak.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\QuickTime\QTTask.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\FinePixViewerS\QuickDCF2.exe
          C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
          C:\Program Files\WiFiConnector\NintendoWFCReg.exe
          C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\hpoipm07.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
          C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\system32\NOTEPAD.EXE

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\wvuvwwt.dll
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
          O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfinderusa.dll
          O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
          O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
          O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
          O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
          O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
          O4 - HKLM\..\Run: [Agrovision taakplanner] C:\PROGRA~1\AGROVI~1\Ibms\CMVTaak.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvew.dll,startup
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Exif Launcher S.lnk = ?
          O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
          O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPokerNet\RunPF.exe (file missing)
          O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPokerNet\RunPF.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
          O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
          O20 - Winlogon Notify: wvuvwwt - C:\WINDOWS\SYSTEM32\wvuvwwt.dll
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

          --
          End of file - 9431 bytes
          • Citaat

          Comment

          • #6
            Sluit alle open vensters.
            Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

            O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\wvuvwwt.dll
            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
            O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfinderusa.dll
            O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
            O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvew.dll,startup
            O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
            O20 - Winlogon Notify: wvuvwwt - C:\WINDOWS\SYSTEM32\wvuvwwt.dll

            Klik daarna op "Fix checked" en sluit HijackThis af.
            Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
            Plaats het op je bureaublad.
            Dubbelklik er op om het programma te starten.
            In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
            Volg de instructies op het scherm.
            Als het tooltje klaar is, opent er een logfile (combofix.txt).
            Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
            • Citaat

            Comment

            • #7
              ComboFix 07-12-31.4 - Elda 2007-12-31 16:15:31.1 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.576 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Elda\Bureaublad\ComboFix.exe
              * Nieuw herstelpunt werd aangemaakt
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Program Files\Helper
              C:\Program Files\Helper\superfinderusa.dll
              C:\WINDOWS\system32\Cache
              C:\WINDOWS\system32\wvuvwwt.dll

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
              .

              2007-12-31 16:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
              2007-12-31 15:36 . 2007-12-31 15:36 <DIR> d-------- C:\Program Files\Trend Micro
              2007-12-30 19:27 . 2007-12-30 22:46 104,448 --a------ C:\WINDOWS\system32\drvvew.dll
              2007-12-30 19:26 . 2007-12-30 19:26 24,576 --a------ C:\WINDOWS\system32\winrkq32.dll
              2007-12-30 19:00 . 2007-12-30 19:49 617 --a------ C:\WINDOWS\eReg.dat
              2007-12-10 16:54 . 2007-12-10 16:55 <DIR> d-------- C:\Program Files\FinePixViewerS
              2007-12-10 16:54 . 2007-12-10 16:54 <DIR> d-------- C:\Documents and Settings\Elda\Application Data\InstallShield
              2007-12-10 16:54 . 2007-12-10 16:59 <DIR> d-------- C:\Documents and Settings\Elda\Application Data\FUJIFILM
              2007-12-02 14:52 . 2007-12-02 14:52 <DIR> d-------- C:\Program Files\WiFiConnector
              2007-11-25 19:44 . 2007-11-25 19:44 244 --ah----- C:\sqmnoopt08.sqm
              2007-11-25 19:44 . 2007-11-25 19:44 232 --ah----- C:\sqmdata08.sqm
              2007-11-25 19:33 . 2007-11-25 19:33 244 --ah----- C:\sqmnoopt07.sqm
              2007-11-25 19:33 . 2007-11-25 19:33 232 --ah----- C:\sqmdata07.sqm
              2007-11-25 12:40 . 2007-11-25 12:40 244 --ah----- C:\sqmnoopt06.sqm
              2007-11-25 12:40 . 2007-11-25 12:40 232 --ah----- C:\sqmdata06.sqm
              2007-11-12 14:38 . 2007-11-12 14:38 <DIR> d-------- C:\Program Files\EPN werkboek-i
              2007-11-11 12:06 . 2007-11-11 12:06 244 --ah----- C:\sqmnoopt05.sqm
              2007-11-11 12:06 . 2007-11-11 12:06 232 --ah----- C:\sqmdata05.sqm
              2007-11-11 11:27 . 2007-11-11 11:27 244 --ah----- C:\sqmnoopt04.sqm
              2007-11-11 11:27 . 2007-11-11 11:27 232 --ah----- C:\sqmdata04.sqm
              2007-11-10 10:11 . 2007-11-11 11:14 2,341 --a------ C:\GEGEVENS.DAT
              2007-11-10 10:05 . 1993-05-11 23:00 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
              2007-11-10 10:05 . 1996-06-28 16:00 180,832 --a------ C:\WINDOWS\system\IMGFX400.DLL
              2007-11-10 10:05 . 1996-06-15 16:00 72,368 --a------ C:\WINDOWS\system\FXTLS400.DLL
              2007-11-10 10:05 . 1994-07-05 00:10 64,432 --a------ C:\WINDOWS\system\THREED.VBX
              2007-11-10 10:05 . 1996-06-06 16:00 63,840 --a------ C:\WINDOWS\system\FXIMG400.VBX
              2007-11-10 10:05 . 1993-11-18 22:00 54,272 --a------ C:\WINDOWS\system\MCIWNDX.VBX
              2007-11-10 10:05 . 2000-07-27 16:00 43,343 --a------ C:\WINDOWS\APPSETUP.EXE
              2007-11-10 10:05 . 1993-04-28 00:00 30,288 --a------ C:\WINDOWS\system\MSMASKED.VBX
              2007-11-10 10:05 . 1993-04-27 23:00 15,840 --a------ C:\WINDOWS\system\PICCLIP.VBX
              2007-11-10 10:03 . 2007-11-10 10:03 <DIR> d-------- C:\D1_CDROM

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2007-12-31 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
              2007-12-31 14:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
              2007-12-30 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2007-12-30 17:51 --------- d-----w C:\Program Files\Common Files\InstallShield
              2007-12-02 13:50 162,816 ----a-w C:\WINDOWS\system32\drivers\rt25usbap.sys
              2007-11-22 12:37 --------- d-----w C:\Program Files\Norton Internet Security
              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
              2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
              2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
              2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
              2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
              2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
              2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
              2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
              2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
              2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
              2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
              2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
              2007-10-19 18:15 17,096 ----a-w C:\Program Files\PartyGamingNet.RPT
              2007-10-03 20:27 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
              2007-03-25 11:55 471 ----a-w C:\Program Files\INSTALL.LOG
              2007-02-11 20:15 323 ----a-w C:\Program Files\announce.txt
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
              "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
              "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 12:11 98304]
              "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 12:13 114688]
              "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 12:10 94208]
              "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
              "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
              "Agrovision taakplanner"="C:\PROGRA~1\AGROVI~1\Ibms\CMVTaak.exe" [2007-08-10 15:10 2433024]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
              "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
              "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
              "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
              Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-12-10 16:55:16]
              HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00]
              Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-12-02 14:52:38]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32]
              winrkq32.dll 2007-12-30 19:26 24576 C:\WINDOWS\system32\winrkq32.dll

              R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2006-12-19 14:53]
              R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-03-02 13:00]

              *Newly Created Service* - COMHOST
              .
              **************************************************************************

              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2007-12-31 16:20:59
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------

              PROCESS: C:\WINDOWS\system32\winlogon.exe
              -> C:\WINDOWS\system32\winrkq32.dll
              .
              Voltooingstijd: 2007-12-31 16:23:59 - machine was rebooted
              C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 15:23:55
              .
              2007-12-12 22:14:36 --- E O F ---


              Owja, Norton geeft een probleem aan over de Phishing bescherming. Moet ik die weer in orde maken?
              • Citaat

              Comment

              • #8
                Het programmatje staat er rechtsonder niet meer tussen.
                • Citaat

                Comment

                • #9
                  Oorspronkelijk geplaatst door Marckie Bekijk Berichten
                  ... samen met een nieuwe hijackthislog.
                  ??
                  • Citaat

                  Comment

                  • #10
                    Sorry:
                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 16:41:19, on 31-12-2007
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\RTHDCPL.EXE
                    C:\WINDOWS\system32\hkcmd.exe
                    C:\WINDOWS\system32\igfxpers.exe
                    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                    C:\PROGRA~1\AGROVI~1\Ibms\CMVTaak.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\Program Files\QuickTime\QTTask.exe
                    C:\Program Files\iTunes\iTunesHelper.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    C:\WINDOWS\system32\inetsrv\inetinfo.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\FinePixViewerS\QuickDCF2.exe
                    C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
                    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
                    C:\Program Files\iPod\bin\iPodService.exe
                    C:\WINDOWS\system32\hpoipm07.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
                    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
                    C:\WINDOWS\system32\notepad.exe
                    C:\Program Files\Outerinfo\OuterinfoUpdate.exe
                    C:\WINDOWS\system32\wbem\wmiapsrv.exe
                    C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    C:\Program Files\MSN Messenger\msnmsgr.exe
                    C:\Program Files\MSN Messenger\usnsvc.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                    C:\WINDOWS\system32\NOTEPAD.EXE

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
                    O4 - HKLM\..\Run: [Agrovision taakplanner] C:\PROGRA~1\AGROVI~1\Ibms\CMVTaak.exe
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtuc.dll,startup
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
                    O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: Exif Launcher S.lnk = ?
                    O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
                    O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPokerNet\RunPF.exe (file missing)
                    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPokerNet\RunPF.exe (file missing)
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                    O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
                    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
                    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

                    --
                    End of file - 9166 bytes
                    • Citaat

                    Comment

                    • #11
                      Sluit alle open vensters.
                      Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

                      O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtuc.dll,startup
                      O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
                      O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"

                      Klik daarna op "Fix checked" en sluit HijackThis af.

                      Open een kladblokbestand.
                      Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                      Sla het kladblokbestand op als CFScript.txt
                      Code:
                      File::
C:\WINDOWS\system32\drvvew.dll
C:\WINDOWS\system32\winrkq32.dll
C:\WINDOWS\system32\drvtuc.dll

Folder::
C:\Program Files\Outerinfo

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32]
                      Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                      ComboFix zal opnieuw starten.
                      Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                      Post de inhoud van de logfile.

                      Start HijackThis opnieuw, maak een nieuwe log en post deze.
                      • Citaat

                      Comment

                      • #12
                        Bedankt,
                        Ik moet nu gaan dus dat doe ik morgen wel
                        • Citaat

                        Comment

                        • #13
                          Dit bestand was er wel:
                          O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtuc.dll,startup

                          En deze stonden niet in de lijst:S:
                          O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
                          O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"

                          Ik heb de eerste toen aangevinked en fix checked gedaan, wat moet ik nu doen?
                          • Citaat

                          Comment

                          • #14
                            De rest van de instructies uitvoeren.
                            • Citaat

                            Comment

                            • #15
                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .

                              C:\WINDOWS\system32\drvtuc.dll
                              C:\WINDOWS\system32\drvvew.dll
                              C:\WINDOWS\system32\winrkq32.dll

                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))
                              .

                              2007-12-31 16:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                              2007-12-31 15:36 . 2007-12-31 15:36 <DIR> d-------- C:\Program Files\Trend Micro
                              2007-12-30 19:00 . 2007-12-30 19:49 617 --a------ C:\WINDOWS\eReg.dat
                              2007-12-10 16:54 . 2007-12-10 16:55 <DIR> d-------- C:\Program Files\FinePixViewerS
                              2007-12-10 16:54 . 2007-12-10 16:54 <DIR> d-------- C:\Documents and Settings\Elda\Application Data\InstallShield
                              2007-12-10 16:54 . 2007-12-10 16:59 <DIR> d-------- C:\Documents and Settings\Elda\Application Data\FUJIFILM
                              2007-12-02 14:52 . 2007-12-02 14:52 <DIR> d-------- C:\Program Files\WiFiConnector

                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2008-01-01 20:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                              2008-01-01 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                              2007-12-30 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
                              2007-12-30 17:51 --------- d-----w C:\Program Files\Common Files\InstallShield
                              2007-12-02 13:50 162,816 ----a-w C:\WINDOWS\system32\drivers\rt25usbap.sys
                              2007-11-22 12:37 --------- d-----w C:\Program Files\Norton Internet Security
                              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                              2007-11-12 13:38 --------- d-----w C:\Program Files\EPN werkboek-i
                              2007-11-11 10:14 2,341 ----a-w C:\GEGEVENS.DAT
                              2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
                              2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
                              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                              2007-10-19 18:15 17,096 ----a-w C:\Program Files\PartyGamingNet.RPT
                              2007-10-03 20:27 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                              2007-03-25 11:55 471 ----a-w C:\Program Files\INSTALL.LOG
                              2007-02-11 20:15 323 ----a-w C:\Program Files\announce.txt
                              .

                              ((((((((((((((((((((((((((((( [email protected]_16.23.46.96 )))))))))))))))))))))))))))))))))))))))))
                              .
                              - 2007-12-31 15:20:50 225,170 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
                              + 2008-01-01 12:24:19 225,174 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
                              .
                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              REGEDIT4
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
                              "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
                              "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 12:11 98304]
                              "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 12:13 114688]
                              "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 12:10 94208]
                              "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
                              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
                              "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
                              "Agrovision taakplanner"="C:\PROGRA~1\AGROVI~1\Ibms\CMVTaak.exe" [2007-08-10 15:10 2433024]
                              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
                              "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
                              "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
                              "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]

                              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

                              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                              Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
                              Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-12-10 16:55:16]
                              HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00]
                              Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-12-02 14:52:38]

                              R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2006-12-19 14:53]
                              R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-03-02 13:00]

                              *Newly Created Service* - COMHOST
                              .
                              **************************************************************************

                              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2008-01-01 21:50:19
                              Windows 5.1.2600 Service Pack 2 NTFS

                              scannen van verborgen processen ...

                              scannen van verborgen autostart items ...

                              scannen van verborgen bestanden ...

                              Scan succesvol afgerond
                              verborgen bestanden: 0

                              **************************************************************************
                              .
                              --------------------- DLLs Loaded Under Running Processes ---------------------

                              PROCESS: C:\WINDOWS\system32\winlogon.exe
                              -> C:\WINDOWS\system32\winrkq32.dll
                              .
                              Voltooingstijd: 2008-01-01 21:50:38
                              C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 20:50:36
                              C:\qoobox\ComboFix2.txt 2007-12-31 15:23:59
                              .
                              2007-12-12 22:14:36 --- E O F ---

                              HijackThis log:

                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 21:52:05, on 1-1-2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                              C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              C:\WINDOWS\system32\inetsrv\inetinfo.exe
                              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\RTHDCPL.EXE
                              C:\WINDOWS\system32\hkcmd.exe
                              C:\WINDOWS\system32\igfxpers.exe
                              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                              C:\PROGRA~1\AGROVI~1\Ibms\CMVTaak.exe
                              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                              C:\Program Files\QuickTime\QTTask.exe
                              C:\Program Files\iTunes\iTunesHelper.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\FinePixViewerS\QuickDCF2.exe
                              C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
                              C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
                              C:\WINDOWS\system32\hpoipm07.exe
                              C:\Program Files\iPod\bin\iPodService.exe
                              C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                              C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
                              C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
                              C:\Program Files\MSN Messenger\msnmsgr.exe
                              C:\Program Files\MSN Messenger\usnsvc.exe
                              C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                              C:\Program Files\Internet Explorer\IEXPLORE.EXE
                              C:\WINDOWS\explorer.exe
                              C:\WINDOWS\system32\notepad.exe
                              C:\Program Files\internet explorer\iexplore.exe
                              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                              O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                              O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                              O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                              O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                              O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                              O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
                              O4 - HKLM\..\Run: [Agrovision taakplanner] C:\PROGRA~1\AGROVI~1\Ibms\CMVTaak.exe
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                              O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                              O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                              O4 - Global Startup: Exif Launcher S.lnk = ?
                              O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
                              O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPokerNet\RunPF.exe (file missing)
                              O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPokerNet\RunPF.exe (file missing)
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                              O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
                              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                              O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                              O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                              O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                              O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

                              --
                              End of file - 8896 bytes
                              • Citaat

                              Comment

                              Vorige 1 2 template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X