Mededeling

Collapse
No announcement yet.

HELP MIJ hijackthis spyware

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    HELP MIJ hijackthis spyware

    hallo,
    ik heb al een aantal scans gedaan wat ze me vertelden bij helpmij.nl maar mn computer is nog steeds erg langzaam en ik krijg soms foutmeldingen van jdupdt.jpg..
    wil je me helpen met mn hijackthis logje?
    dankje!


    Logfile of HijackThis v1.99.1
    Scan saved at 23:53:13, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\program files\f-secure\common\fsmb32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\f-secure\common\fch32.exe
    c:\program files\f-secure\anti-virus\fsqh.exe
    c:\program files\f-secure\common\fameh32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\program files\f-secure\anti-virus\fsrw.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    c:\program files\f-secure\common\fih32.exe
    c:\program files\f-secure\anti-virus\fsav32.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    c:\windows\soundman.exe
    c:\program files\itunes\ituneshelper.exe
    c:\program files\java\jre1.6.0_03\bin\jusched.exe
    c:\program files\f-secure\common\fsm32.exe
    c:\windows\system32\ctfmon.exe
    c:\program files\superantispyware\superantispyware.exe
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    c:\program files\finepixviewer\quickdcf.exe
    c:\program files\f-secure\backweb\7681197\program\f-secure automatic update.exe
    c:\program files\winzip\wzqkpick.exe
    c:\program files\f-secure\fsgui\fsguidll.exe
    c:\program files\msn messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    c:\program files\internet explorer\iexplore.exe
    c:\back-up -- 06-07-06 1000pm\hjt\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RDebSink Class - {684D52F8-5870-4F35-8443-7E36B184935D} - C:\WINDOWS\system32\orca3.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NLogSink Class - {B3F79291-2D04-4c82-8F23-E126F239EACA} - C:\WINDOWS\system32\roca0.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CDriver] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [DDriver] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [alpha] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [gamma] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    Labels: Geen
    • Citaat
  • #2
    Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    O2 - BHO: RDebSink Class - {684D52F8-5870-4F35-8443-7E36B184935D} - C:\WINDOWS\system32\orca3.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: NLogSink Class - {B3F79291-2D04-4c82-8F23-E126F239EACA} - C:\WINDOWS\system32\roca0.dll
    O4 - HKCU\..\Run: [CDriver] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [DDriver] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [alpha] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [gamma] c:\Backup_Drivers\svchost.exe
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      het combofix logje!

      ComboFix 08-01-08.4 - Mark 2008-01-08 12:27:56.2 - NTFSx86

      Gestart vanuit: c:\documents and settings\mark\bureaublad\combofix.exe
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Suus\Menu Start\Programma's\Outerinfo
      C:\Documents and Settings\Suus\Menu Start\Programma's\Outerinfo\Terms.lnk
      C:\Documents and Settings\Suus\Menu Start\Programma's\Outerinfo\Uninstall.lnk
      C:\Program Files\Microsoft Security Adviser

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))
      .

      2008-01-08 12:24 . 2008-01-08 12:24 23,040 --a------ C:\WINDOWS\system32\ldupdt.jpg
      2008-01-07 22:53 . 2008-01-07 22:53 <DIR> d-------- C:\WINDOWS\system32\legoz
      2008-01-04 17:20 . 2008-01-04 17:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
      2008-01-04 17:20 . 2008-01-04 17:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-04 17:20 . 2008-01-04 17:20 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com
      2008-01-04 17:20 . 2008-01-04 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-01-04 16:51 . 2008-01-04 16:51 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\F-Secure
      2008-01-01 19:51 . 2008-01-01 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
      2008-01-01 19:51 . 2008-01-01 19:51 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
      2008-01-01 19:51 . 2005-06-21 16:32 70,224 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
      2008-01-01 19:51 . 2005-06-21 16:31 33,744 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
      2008-01-01 19:48 . 2008-01-01 19:50 <DIR> d-------- C:\Program Files\F-Secure
      2007-12-27 18:54 . 2008-01-07 12:15 <DIR> d-------- C:\WINDOWS\system32\dtw5d
      2007-12-27 18:54 . 2008-01-08 12:24 1,032,704 --a------ C:\WINDOWS\system32\nwklr.ini
      2007-12-27 18:54 . 2007-12-21 12:18 1,028,608 --a------ C:\WINDOWS\system32\korlg.ini
      2007-12-27 18:54 . 2008-01-08 12:24 684,032 --a------ C:\WINDOWS\system32\nwwlnt.ini
      2007-12-27 18:54 . 2007-12-21 12:18 671,744 --a------ C:\WINDOWS\system32\worlg.ini
      2007-12-27 18:54 . 2008-01-08 12:24 23,040 --a------ C:\WINDOWS\system32\ldshyr.old
      2007-12-20 12:24 . 2008-01-04 18:36 <DIR> d-------- C:\Backup_Drivers
      2007-12-20 12:18 . 2007-12-20 12:18 102,400 --a------ C:\WINDOWS\system32\orca0.dll
      2007-12-20 12:18 . 2007-12-20 12:18 136 --a------ C:\WINDOWS\system32\srvblck.tmp
      2007-12-20 09:30 . 2007-12-21 12:18 1,028,608 --a------ C:\WINDOWS\system32\nwkr.ini
      2007-12-20 09:30 . 2004-08-04 13:00 1,024,512 --a------ C:\WINDOWS\system32\korg.ini
      2007-12-20 09:30 . 2007-12-21 12:18 671,744 --a------ C:\WINDOWS\system32\nwwnt.ini
      2007-12-20 09:30 . 2004-08-04 13:00 659,456 --a------ C:\WINDOWS\system32\worg.ini
      2007-12-20 09:30 . 2007-12-21 12:18 23,040 --a------ C:\WINDOWS\system32\ldshfr.old
      2007-12-10 20:09 . 2007-12-10 20:09 <DIR> d-------- C:\splaneet

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-28 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2007-12-02 19:36 --------- d-----w C:\Program Files\Belastingdienst
      2007-11-28 12:27 --------- d-----w C:\Program Files\kikker
      2007-11-20 17:32 --------- d-----w C:\Documents and Settings\Mark\Application Data\Azureus
      2007-11-13 21:59 --------- d-----w C:\Program Files\LimeWire
      2006-07-26 21:31 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .

      ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684D52F8-5870-4F35-8443-7E36B184935D}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3F79291-2D04-4c82-8F23-E126F239EACA}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SystemDriver"=""
      "FDriver"=""
      "ADriver"=""
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
      "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMan"="SOUNDMAN.EXE" [2002-08-29 17:56 46592 C:\WINDOWS\SOUNDMAN.EXE]
      "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [ ]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [ ]
      "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [ ]
      "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
      "MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36 256576]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-06-02 23:37 122929]
      "F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 09:57 684032]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 13:00 15360]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 21:48 439872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 08:52 44544]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26]
      Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 20:53:14]
      F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2008-01-01 19:51:28]
      WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-10-06 17:01:42]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-12-08 11:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2006-11-26 16:22:21 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-08 12:37:58
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-08 12:42:49
      ComboFix-quarantined-files.txt 2008-01-08 11:42:43
      ComboFix2.txt 2007-08-23 21:51:58
      .
      2007-08-28 10:53:26 --- E O F ---
      • Citaat

      Comment

      • #4
        Download de bijlage: CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.
        Bijgevoegde Bestanden
        • Citaat

        Comment

        • #5
          2e combofix logje!

          ComboFix 08-01-08.4 - Mark 2008-01-08 17:13:20.3 - NTFSx86

          Gestart vanuit: c:\documents and settings\mark\bureaublad\combofix.exe
          Command switches used :: C:\Documents and Settings\Mark\Bureaublad\cfscript.txt

          FILE
          C:\WINDOWS\system32\korg.ini
          C:\WINDOWS\system32\korlg.ini
          C:\WINDOWS\system32\ldshfr.old
          C:\WINDOWS\system32\ldshyr.old
          C:\WINDOWS\system32\ldupdt.jpg
          C:\WINDOWS\system32\nwklr.ini
          C:\WINDOWS\system32\nwkr.ini
          C:\WINDOWS\system32\nwwlnt.ini
          C:\WINDOWS\system32\nwwnt.ini
          C:\WINDOWS\system32\orca0.dll
          C:\WINDOWS\system32\srvblck.tmp
          C:\WINDOWS\system32\worg.ini
          C:\WINDOWS\system32\worlg.ini
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Backup_Drivers
          C:\WINDOWS\system32\dtw5d
          C:\WINDOWS\system32\korg.ini
          C:\WINDOWS\system32\korlg.ini
          C:\WINDOWS\system32\ldshfr.old
          C:\WINDOWS\system32\ldshyr.old
          C:\WINDOWS\system32\ldupdt.jpg
          C:\WINDOWS\system32\legoz
          C:\WINDOWS\system32\nwklr.ini
          C:\WINDOWS\system32\nwkr.ini
          C:\WINDOWS\system32\nwwlnt.ini
          C:\WINDOWS\system32\nwwnt.ini
          C:\WINDOWS\system32\orca0.dll
          C:\WINDOWS\system32\srvblck.tmp
          C:\WINDOWS\system32\worg.ini
          C:\WINDOWS\system32\worlg.ini

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))
          .

          2008-01-08 17:10 . 2008-01-08 17:11 102,400 --a------ C:\WINDOWS\system32\orca01.dll
          2008-01-04 17:20 . 2008-01-04 17:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
          2008-01-04 17:20 . 2008-01-04 17:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-01-04 17:20 . 2008-01-04 17:20 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com
          2008-01-04 17:20 . 2008-01-04 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
          2008-01-04 16:51 . 2008-01-04 16:51 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\F-Secure
          2008-01-01 19:51 . 2008-01-01 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
          2008-01-01 19:51 . 2008-01-01 19:51 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
          2008-01-01 19:51 . 2005-06-21 16:32 70,224 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
          2008-01-01 19:51 . 2005-06-21 16:31 33,744 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
          2008-01-01 19:48 . 2008-01-01 19:50 <DIR> d-------- C:\Program Files\F-Secure
          2007-12-10 20:09 . 2007-12-10 20:09 <DIR> d-------- C:\splaneet

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-28 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-02 19:36 --------- d-----w C:\Program Files\Belastingdienst
          2007-11-28 12:27 --------- d-----w C:\Program Files\kikker
          2007-11-20 17:32 --------- d-----w C:\Documents and Settings\Mark\Application Data\Azureus
          2007-11-13 21:59 --------- d-----w C:\Program Files\LimeWire
          2006-07-26 21:31 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
          .

          ((((((((((((((((((((((((((((( [email protected]_12.42.22,54 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-01-08 11:24:35 1,032,704 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
          + 2008-01-08 16:11:45 1,032,704 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
          - 2008-01-08 11:24:35 684,032 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
          + 2008-01-08 16:11:45 684,032 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
          - 2008-01-08 11:24:35 1,032,704 ----a-w C:\WINDOWS\system32\kernel32.dll
          + 2008-01-08 16:11:45 1,032,704 ----a-w C:\WINDOWS\system32\kernel32.dll
          - 2008-01-08 11:24:35 684,032 ----a-w C:\WINDOWS\system32\wininet.dll
          + 2008-01-08 16:11:45 684,032 ----a-w C:\WINDOWS\system32\wininet.dll
          .
          ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
          "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMan"="SOUNDMAN.EXE" [2002-08-29 17:56 46592 C:\WINDOWS\SOUNDMAN.EXE]
          "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [ ]
          "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [ ]
          "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [ ]
          "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
          "MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36 256576]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-06-02 23:37 122929]
          "F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 09:57 684032]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 13:00 15360]
          "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 21:48 439872]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 08:52 44544]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26]
          Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 20:53:14]
          WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-10-06 17:01:42]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-08 11:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2006-11-26 16:22:21 C:\WINDOWS\Tasks\Symantec NetDetect.job"
          - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-08 17:23:31
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-08 17:27:32
          ComboFix-quarantined-files.txt 2008-01-08 16:27:28
          ComboFix2.txt 2008-01-08 11:42:51
          ComboFix3.txt 2007-08-23 21:51:58
          .
          2007-08-28 10:53:26 --- E O F ---
          • Citaat

          Comment

          • #6
            Kijk eens of je dit bestand vinden en verwijderen kunt:
            C:\WINDOWS\system32\orca01.dll

            Herstart je PC en post een nieuw logje van Combofix, vertel meteen of je nog problemen ondervindt
            • Citaat

            Comment

            • #7
              computer down

              hallo,
              nadat ik het door jou genoemde bestandje had verwijder en comfix had gedaan en de pc opnieuw had opgestart start de computer niet meer op.
              ik zit nu op een andere computer.
              hij start wel op maar het gaat erg langzaam, en als ik eenmaal bij de accounts ben aanbeland en ik klik er een aan, dan geeft windows een melding dat door een probleem windows geen overeenkomt van een licentie kan vinden ofzoiets, en als je dan op ok of kruisje klikt zit je weer gewoon bij de accounts, en kan je verder nergens meer op...help mij!
              dankje
              • Citaat

              Comment

              • #8
                Vreemd probleem

                Tap tijdens het opstarten de F8 toets en kies in het menu dat je dan te zien krijgt voor "Laatst juist werkende configuratie".

                Kan je dan weer normaal opstarten?
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X