Mededeling

Collapse
No announcement yet.

Malware Dropper.agent.dgo probleem!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Malware Dropper.agent.dgo probleem!

    hi hi...

    Heb avg-anti-spyware op mijn pc. En sind kort ook een mededeling:
    Mallware found
    Dropper.agent.Dgo
    locatie: jkklj.exe

    Heb nu vooral problemen met IE bij het sluiten van vensters loopt alles vast en gaat mijn scherm op zwart.

    Clean & move to quarantine helpt niet, probleem blijft terug komen.
    heb Adaware en Spybot ook geprobeert maar niets lijkt te helpen.

    hopelijk kan iemand mij helpen
    hier alvast mijn hjt log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:09:52, on 12-1-2008
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    D:\INS-files\Ad Aware\aawservice.exe
    D:\INS-files\AVG Anti-Spyware 7.5\guard.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\drivers\KodakCCS.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
    C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\internat.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\svchost.exe
    D:\DL-files\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F3 - REG:win.ini: load=C:\WINNT\system32\jkklj.exe
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\INS-files\DAP2\DAPBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1D74DF33-6C91-4578-9DEC-87AA9190CE77} - C:\WINNT\system32\jkklj.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\INS-FI~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINNT\system32\njlfjzrn.dll
    O2 - BHO: {f0b12399-bfe6-63c8-9b34-f8471a94f37b} - {b73f49a1-748f-43b9-8c36-6efb99321b0f} - C:\WINNT\system32\kfjyqppj.dll
    O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - (no file)
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\INS-files\DAP2\DAPIEBar.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\INS-files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [8b107e50] rundll32.exe "C:\WINNT\system32\dnqhumdf.dll",b
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\INS-files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O8 - Extra context menu item: &Download with &DAP - D:\INS-FI~1\DAP2\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\INS-FI~1\DAP2\dapextie2.htm
    O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\INS-FI~1\DAP2\DAP.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\INS-FI~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\INS-FI~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {F01B7AD7-3269-42C4-823D-7C1D4780F49D} (GLoad Class) - http://gameloader.spelpunt.nl/gloader.cab
    O20 - Winlogon Notify: njlfjzrn - C:\WINNT\SYSTEM32\njlfjzrn.dll
    O20 - Winlogon Notify: wvuurss - wvuurss.dll (file missing)
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\INS-files\Ad Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\INS-files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: FCI - Unknown owner - C:\WINNT\system32\fci.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WUSB28SVC - GEMTEKS - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
    O24 - Desktop Component 0: (no name) - file:///D:/Documents%20and%20Settings/MS%20Client/Mijn%20documenten/Dennis/shockwave.jpg

    --
    End of file - 6816 bytes

    dit is versie 2.0.0 van HJT want versie 2.0.2 genereerd fouten en wordt door windows afgesloten.

    Bij voorbaat dank.
    Last edited by kumerit; 12-01-08, 16:12. Reden: onderwerp niet duidelijk

  • #2
    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    F3 - REG:win.ini: load=C:\WINNT\system32\jkklj.exe
    O2 - BHO: (no name) - {1D74DF33-6C91-4578-9DEC-87AA9190CE77} - C:\WINNT\system32\jkklj.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINNT\system32\njlfjzrn.dll
    O2 - BHO: {f0b12399-bfe6-63c8-9b34-f8471a94f37b} - {b73f49a1-748f-43b9-8c36-6efb99321b0f} - C:\WINNT\system32\kfjyqppj.dll
    O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - (no file)
    O4 - HKLM\..\Run: [8b107e50] rundll32.exe "C:\WINNT\system32\dnqhumdf.dll",b
    O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O20 - Winlogon Notify: njlfjzrn - C:\WINNT\SYSTEM32\njlfjzrn.dll
    O20 - Winlogon Notify: wvuurss - wvuurss.dll (file missing)


    Klik daarna op "Fix checked" en sluit HijackThis af.


    Open een kladblokbestand.
    Kopieer de ondestaande code, en plak deze in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt op je bureaublad.
    Code:
    File::
    C:\WINNT\system32\kfjyqppj.dll
    C:\WINNT\system32\dnqhumdf.dll
    C:\WINNT\system32\fci.exe
    C:\WINNT\SYSTEM32\njlfjzrn.dll
    
    Folder::
    C:\Program Files\WebRebates4
    
    Driver::
    FCI
    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

    ComboFix zal starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      bedankt voor je hulp..

      alles gedaan hier de gegevens:

      ComboFix 08-01-13.1 - MS Client 13-01-2008 22:01:51.2 - FAT32x86
      Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1043.18.356 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\MS Client\Bureaublad\ComboFix.exe
      Command switches used :: C:\Documents and Settings\MS Client\Bureaublad\CFScript.txt

      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

      FILE
      C:\WINNT\system32\dnqhumdf.dll
      C:\WINNT\system32\fci.exe
      C:\WINNT\system32\kfjyqppj.dll
      C:\WINNT\SYSTEM32\njlfjzrn.dll
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))
      .

      2008-01-13 22:01 . 13-01-08 22:01 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2e8.dat
      2008-01-12 21:44 . 31-08-00 08:00 58,368 --a------ C:\WINNT\NirCmd.exe
      2008-01-10 19:05 . 10-01-08 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-10 18:45 . 10-01-08 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-10 18:37 . 10-01-08 18:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-10 17:31 . 10-01-08 17:31 85,568 --a------ C:\WINNT\system32\sfdbukdp.exe
      2008-01-06 13:43 . 06-01-08 13:43 75,840 --a------ C:\WINNT\system32\fdxukyrx.dll
      2008-01-05 17:22 . 24-10-03 06:22 135,168 --a------ C:\WINNT\system32\DVDMenu.dll
      2008-01-05 16:44 . 05-01-08 20:11 319 --ahs---- C:\WINNT\system32\abeeg.ini
      2008-01-05 15:52 . 05-01-08 15:52 <DIR> d-------- C:\Program Files\DVD-RAM
      2008-01-05 15:52 . 24-10-03 05:53 90,416 --------- C:\WINNT\system32\drivers\meiudf.sys
      2008-01-05 15:52 . 22-05-03 07:24 11,216 --------- C:\WINNT\system32\drivers\dvdram.sys
      2008-01-05 14:22 . 05-01-08 16:36 319 --ahs---- C:\WINNT\system32\nqtss.ini
      2008-01-05 14:09 . 05-01-08 14:09 353,216 --a------ C:\ldclvlsg.exe
      2008-01-05 14:09 . 05-01-08 14:09 353,216 --a------ C:\0x57.exe
      2008-01-05 14:09 . 05-01-08 14:09 89,848 --a------ C:\tshl.exe
      2008-01-05 14:09 . 05-01-08 14:09 65,536 --a------ C:\ysxl.exe
      2007-12-19 22:28 . 19-12-07 22:28 <DIR> d-------- C:\WINNT\winsxs
      2007-12-19 22:28 . 19-12-07 22:28 <DIR> d-------- C:\Program Files\Common Files\Adobe
      2007-12-16 17:49 . 16-12-07 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
      2007-12-16 16:21 . 16-12-07 16:21 <DIR> d-------- C:\Program Files\vso
      2007-12-16 16:21 . 16-12-07 16:21 <DIR> d-------- C:\Documents and Settings\MS Client\Application Data\Vso
      2007-12-16 16:21 . 29-09-06 11:24 217,127 --a------ C:\WINNT\system32\drv43260.dll
      2007-12-16 16:21 . 29-09-06 11:25 208,935 --a------ C:\WINNT\system32\drv33260.dll
      2007-12-16 16:21 . 29-09-06 11:26 176,165 --a------ C:\WINNT\system32\drv23260.dll
      2007-12-16 16:21 . 16-12-07 16:21 47,360 --a------ C:\WINNT\system32\drivers\pcouffin.sys
      2007-12-16 16:21 . 16-12-07 16:21 47,360 --a------ C:\Documents and Settings\MS Client\Application Data\pcouffin.sys
      2007-12-16 15:31 . 06-01-08 00:12 1,374,488 ---h----- C:\WINNT\ShellIconCache
      2007-12-16 14:21 . 16-12-07 14:21 1,334 --a------ C:\WINNT\system32\tmp.reg
      2007-12-16 14:00 . 16-12-07 14:00 <DIR> d-------- C:\Documents and Settings\MS Client\Application Data\Grisoft
      2007-12-16 14:00 . 16-12-07 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2007-12-16 14:00 . 30-05-07 13:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
      2007-12-14 23:36 . 14-12-07 23:36 <DIR> d-------- C:\Program Files\Windows Live Safety Center
      2007-12-14 21:12 . 14-12-07 21:12 0 --a------ C:\WINNT\b2_t_PACMAN&892.xml
      2007-12-14 21:11 . 14-12-07 21:11 0 --a------ C:\WINNT\b2_t_PACMAN566.xml
      2007-12-14 20:38 . 14-12-07 20:38 0 --a------ C:\WINNT\b2_t_2+GIRLS+1+CUP298.xml
      2007-12-14 20:36 . 14-12-07 20:36 0 --a------ C:\WINNT\b2_t_VIDEO872.xml
      2007-12-14 20:35 . 14-12-07 20:35 0 --a------ C:\WINNT\b2_t_VIDEO912.xml
      2007-12-14 20:27 . 14-12-07 20:27 0 --a------ C:\WINNT\b2_t_TWO+GIRLS+ONE+CUP+WATCH523.xml
      2007-12-14 20:26 . 14-12-07 20:26 0 --a------ C:\WINNT\b2_t_VIDEO18.xml
      2007-12-14 20:25 . 14-12-07 20:25 0 --a------ C:\WINNT\b2_t_TWO+GIRLS+ONE+CUP523.xml
      2007-12-14 18:40 . 14-12-07 18:40 0 --a------ C:\WINNT\b2_t_PACMAN+SPELLEN&496.xml
      2007-12-14 00:14 . 14-12-07 00:14 0 --a------ C:\WINNT\b2_t_PACMAN&244.xml
      2007-12-14 00:14 . 14-12-07 00:14 0 --a------ C:\WINNT\b2_t_PACMAN&122.xml
      2007-12-14 00:13 . 14-12-07 00:13 0 --a------ C:\WINNT\b2_t_PACMAN731.xml
      2007-12-13 23:00 . 13-12-07 23:00 0 --a------ C:\WINNT\b2_t_YMERE173.xml
      2007-12-13 15:30 . 13-12-07 15:30 0 --a------ C:\WINNT\b2_t_BELASTING155.xml

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-10 17:54 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
      2007-10-29 14:33 2,705,408 ------w C:\WINNT\system32\dllcache\MSHTML.DLL
      2007-10-27 19:33 1,226,752 ----a-w C:\WINNT\system32\quartz.dll
      2007-10-27 19:33 1,226,752 ------w C:\WINNT\system32\dllcache\quartz.dll
      2007-10-24 17:00 222,720 ----a-w C:\WINNT\system32\wmasf.dll
      2007-10-24 17:00 222,720 ------w C:\WINNT\system32\dllcache\wmasf.dll
      2007-10-24 17:00 2,064,384 ------w C:\WINNT\system32\dllcache\wmvcore.dll
      2007-10-17 07:23 96,016 ----a-w C:\WINNT\system32\dllcache\mqlogmgr.dll
      2007-10-17 07:23 8,464 ------w C:\WINNT\system32\dllcache\mqrperf.dll
      2007-10-17 07:23 77,072 ----a-w C:\WINNT\system32\dllcache\mqdscli.dll
      2007-10-17 07:23 71,440 ----a-w C:\WINNT\system32\dllcache\mqsec.dll
      2007-10-17 07:23 50,448 ----a-w C:\WINNT\system32\dllcache\mqclus.dll
      2007-10-17 07:23 440,592 ----a-w C:\WINNT\system32\dllcache\mqqm.dll
      2007-10-17 07:23 42,256 ----a-w C:\WINNT\system32\dllcache\mqdssrv.dll
      2007-10-17 07:23 404,240 ----a-w C:\WINNT\system32\dllcache\mqsnap.dll
      2007-10-17 07:23 30,992 ----a-w C:\WINNT\system32\dllcache\mqcertui.dll
      2007-10-17 07:23 293,648 ----a-w C:\WINNT\system32\dllcache\mq1repl.dll
      2007-10-17 07:23 29,968 ----a-w C:\WINNT\system32\dllcache\mqdbodbc.dll
      2007-10-17 07:23 267,536 ----a-w C:\WINNT\system32\dllcache\mqmigrat.dll
      2007-10-17 07:23 23,824 ----a-w C:\WINNT\system32\dllcache\mqupgrd.dll
      2007-10-17 07:23 228,624 ----a-w C:\WINNT\system32\dllcache\mqoa.dll
      2007-10-17 07:23 218,384 ----a-w C:\WINNT\system32\dllcache\mqads.dll
      2007-10-17 07:23 164,624 ----a-w C:\WINNT\system32\dllcache\msmqocm.dll
      2007-10-17 07:23 117,008 ----a-w C:\WINNT\system32\dllcache\mqutil.dll
      2007-10-17 07:23 102,672 ----a-w C:\WINNT\system32\dllcache\mqrt.dll
      2007-10-17 07:23 10,000 ----a-w C:\WINNT\system32\dllcache\mqperf.dll
      2007-10-17 07:17 34,576 ----a-w C:\WINNT\system32\dllcache\mqbkup.exe
      2007-10-16 13:56 517,904 ----a-w C:\WINNT\system32\LSASRV.DLL
      2007-10-16 13:56 517,904 ----a-w C:\WINNT\system32\dllcache\LSASRV.DLL
      2007-10-16 13:51 77,712 ------w C:\WINNT\system32\dllcache\mqac.sys
      2007-10-16 13:51 21,264 ----a-w C:\WINNT\system32\dllcache\mqsvc.exe
      2007-10-16 13:51 21,264 ----a-w C:\WINNT\system32\dllcache\mq1sync.exe
      2007-10-16 13:51 105,232 ----a-w C:\WINNT\system32\dllcache\mqmig.exe
      2004-06-11 09:24 784 ------w C:\Documents and Settings\MS Client\Application Data\mpauth.dat
      2004-03-10 12:24 271 ---h--w C:\Program Files\desktop.ini
      2004-03-10 12:24 22,085 ---h--w C:\Program Files\folder.htt
      2003-06-30 11:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
      .

      ((((((((((((((((((((((((((((( [email protected] 2008-01-13_21.51.41.50 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-01-12 20:45:38 1,945,600 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000001\ntuser.dat
      + 2008-01-13 21:01:44 1,941,504 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000001\ntuser.dat
      - 2008-01-12 20:45:38 143,360 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      + 2008-01-13 21:01:44 143,360 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      + 2000-08-31 07:00:00 174,080 ----a-w C:\WINNT\erdnt\subs\F3M\ERDNT.EXE
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "internat.exe"="internat.exe" [30-06-03 12:00 29456 C:\WINNT\system32\internat.exe]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "!AVG Anti-Spyware"="D:\INS-files\AVG Anti-Spyware 7.5\avgas.exe" [11-06-07 10:25 6731312]
      "Synchronization Manager"="mobsync.exe" [30-06-03 12:00 120592 C:\WINNT\system32\mobsync.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "internat.exe"="internat.exe" [30-06-03 12:00 29456 C:\WINNT\system32\internat.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [30-06-03 13:00 197904]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak software updater.lnk]
      backup=C:\WINNT\pss\Kodak software updater.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
      --------- 24-09-04 17:22 1925120 D:\INS-files\Nero BackItUp\NBJ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
      --------- 19-12-03 11:38 434176 C:\Program Files\Common Files\Nokia\Tools\NclTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
      --a------ 30-06-03 12:00 120592 C:\WINNT\system32\mobsync.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl]

      R0 viasraid;viasraid;C:\WINNT\system32\DRIVERS\viasraid.sys [12-06-03 11:31 ]
      R1 dvdram;Panasonic DVD-RAM Driver;C:\WINNT\system32\Drivers\dvdram.sys [22-05-03 07:24 ]
      R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINNT\system32\DRIVERS\DLPortIO.SYS [10-01-99 13:00 ]
      R2 ptssvc;ptssvc;C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe [11-08-04 02:00 ]
      R2 WUSB28SVC;WUSB28SVC;"C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe"
      R3 usbhub20;Ondersteuning van USB 2.0-hoofdhubs;C:\WINNT\system32\DRIVERS\usbhub20.sys [19-06-03 12:05 ]
      S3 EL90BC;3Com EtherLink XL B/C Adapter-stuurprogramma;C:\WINNT\system32\DRIVERS\el90xbc5.sys [23-10-99 20:22 ]
      S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINNT\system32\DRIVERS\vnet558x.sys [12-06-03 17:56 ]
      S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [18-06-03 16:48 ]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-07 18:06:06 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-03 09:41:34 C:\WINNT\Tasks\RegCure.job"
      - D:\INS-files\regcure\RegCure.exe
      "2008-01-12 16:00:02 C:\WINNT\Tasks\RegCure Program Check.job"
      - D:\INS-files\regcure\RegCure.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-13 22:02:26
      Windows 5.0.2195 Service Pack 4 FAT NTAPI

      detected NTDLL code modification:
      ZwOpenFile

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 13-01-2008 22:02:47
      ComboFix-quarantined-files.txt 2008-01-13 21:02:46
      ComboFix2.txt 2008-01-13 20:52:00
      .
      2008-01-10 16:43:53 --- E O F ---


      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 22:12:42, on 13-1-2008
      Platform: Windows 2000 SP4 (WinNT 5.00.2195)
      Boot mode: Normal

      Running processes:
      C:\WINNT\System32\smss.exe
      C:\WINNT\system32\winlogon.exe
      C:\WINNT\system32\services.exe
      C:\WINNT\system32\lsass.exe
      C:\WINNT\system32\Ati2evxx.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\spoolsv.exe
      D:\INS-files\Ad Aware\aawservice.exe
      D:\INS-files\AVG Anti-Spyware 7.5\guard.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\drivers\KodakCCS.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
      C:\WINNT\system32\regsvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINNT\System32\WBEM\WinMgmt.exe
      C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
      C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
      C:\WINNT\system32\Ati2evxx.exe
      D:\INS-files\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINNT\system32\internat.exe
      C:\WINNT\explorer.exe
      D:\DL-files\HiJackThis_v2.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\INS-files\DAP2\DAPBHO.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
      O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\INS-files\DAP2\DAPIEBar.dll
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\INS-files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKCU\..\Run: [internat.exe] internat.exe
      O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
      O8 - Extra context menu item: &Download with &DAP - D:\INS-FI~1\DAP2\dapextie.htm
      O8 - Extra context menu item: Download &all with DAP - D:\INS-FI~1\DAP2\dapextie2.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\INS-FI~1\DAP2\DAP.EXE
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
      O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
      O16 - DPF: {F01B7AD7-3269-42C4-823D-7C1D4780F49D} (GLoad Class) - http://gameloader.spelpunt.nl/gloader.cab
      O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
      O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\INS-files\Ad Aware\aawservice.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\INS-files\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
      O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: WUSB28SVC - GEMTEKS - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
      O24 - Desktop Component 0: (no name) - file:///D:/Documents%20and%20Settings/MS%20Client/Mijn%20documenten/Dennis/shockwave.jpg

      --
      End of file - 5133 bytes

      Comment


      • #4
        Dit ziet er al beter uit kumerit.

        Open een kladblokbestand.
        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
        Sla het kladblokbestand op als CFScript.txt
        Code:
        File::
        C:\WINNT\system32\sfdbukdp.exe
        C:\WINNT\system32\fdxukyrx.dll
        C:\WINNT\system32\abeeg.ini
        C:\WINNT\system32\nqtss.ini
        C:\ldclvlsg.exe
        C:\0x57.exe
        C:\tshl.exe
        C:\ysxl.exe
        C:\WINNT\system32\tmp.reg
        
        Registry::
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl]
        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

        ComboFix zal opnieuw starten.
        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
        Post de inhoud van de logfile.

        Probeer nu een logje te maken met deze versie van hijckthis: http://www.trendsecure.com/portal/en...HJTInstall.exe

        Comment


        • #5
          hier de logs:

          ComboFix 08-01-13.1 - MS Client 15-01-2008 18:46:58.3 - FAT32x86
          Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1043.18.357 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\MS Client\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\MS Client\Bureaublad\CFScript.txt

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

          FILE
          C:\0x57.exe
          C:\ldclvlsg.exe
          C:\tshl.exe
          C:\WINNT\system32\abeeg.ini
          C:\WINNT\system32\fdxukyrx.dll
          C:\WINNT\system32\nqtss.ini
          C:\WINNT\system32\sfdbukdp.exe
          C:\WINNT\system32\tmp.reg
          C:\ysxl.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\0x57.exe
          C:\ldclvlsg.exe
          C:\tshl.exe
          C:\WINNT\system32\abeeg.ini
          C:\WINNT\system32\fdxukyrx.dll
          C:\WINNT\system32\nqtss.ini
          C:\WINNT\system32\sfdbukdp.exe
          C:\WINNT\system32\tmp.reg
          C:\ysxl.exe

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))
          .

          2008-01-15 18:46 . 15-01-08 18:47 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_314.dat
          2008-01-12 21:44 . 31-08-00 08:00 58,368 --a------ C:\WINNT\NirCmd.exe
          2008-01-10 19:05 . 10-01-08 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-10 18:45 . 10-01-08 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-01-10 18:37 . 10-01-08 18:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-01-05 17:22 . 24-10-03 06:22 135,168 --a------ C:\WINNT\system32\DVDMenu.dll
          2008-01-05 15:52 . 05-01-08 15:52 <DIR> d-------- C:\Program Files\DVD-RAM
          2008-01-05 15:52 . 24-10-03 05:53 90,416 --------- C:\WINNT\system32\drivers\meiudf.sys
          2008-01-05 15:52 . 22-05-03 07:24 11,216 --------- C:\WINNT\system32\drivers\dvdram.sys
          2007-12-19 22:28 . 19-12-07 22:28 <DIR> d-------- C:\WINNT\winsxs
          2007-12-19 22:28 . 19-12-07 22:28 <DIR> d-------- C:\Program Files\Common Files\Adobe
          2007-12-16 17:49 . 16-12-07 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
          2007-12-16 16:21 . 16-12-07 16:21 <DIR> d-------- C:\Program Files\vso
          2007-12-16 16:21 . 16-12-07 16:21 <DIR> d-------- C:\Documents and Settings\MS Client\Application Data\Vso
          2007-12-16 16:21 . 29-09-06 11:24 217,127 --a------ C:\WINNT\system32\drv43260.dll
          2007-12-16 16:21 . 29-09-06 11:25 208,935 --a------ C:\WINNT\system32\drv33260.dll
          2007-12-16 16:21 . 29-09-06 11:26 176,165 --a------ C:\WINNT\system32\drv23260.dll
          2007-12-16 16:21 . 16-12-07 16:21 47,360 --a------ C:\WINNT\system32\drivers\pcouffin.sys
          2007-12-16 16:21 . 16-12-07 16:21 47,360 --a------ C:\Documents and Settings\MS Client\Application Data\pcouffin.sys
          2007-12-16 15:31 . 06-01-08 00:12 1,374,488 ---h----- C:\WINNT\ShellIconCache
          2007-12-16 14:00 . 16-12-07 14:00 <DIR> d-------- C:\Documents and Settings\MS Client\Application Data\Grisoft
          2007-12-16 14:00 . 16-12-07 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2007-12-16 14:00 . 30-05-07 13:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-10 17:54 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
          2007-12-14 22:36 --------- d-----w C:\Program Files\Windows Live Safety Center
          2007-10-29 14:33 2,705,408 ------w C:\WINNT\system32\dllcache\MSHTML.DLL
          2007-10-27 19:33 1,226,752 ----a-w C:\WINNT\system32\quartz.dll
          2007-10-27 19:33 1,226,752 ------w C:\WINNT\system32\dllcache\quartz.dll
          2007-10-24 17:00 222,720 ----a-w C:\WINNT\system32\wmasf.dll
          2007-10-24 17:00 222,720 ------w C:\WINNT\system32\dllcache\wmasf.dll
          2007-10-24 17:00 2,064,384 ------w C:\WINNT\system32\dllcache\wmvcore.dll
          2007-10-17 07:23 96,016 ----a-w C:\WINNT\system32\dllcache\mqlogmgr.dll
          2007-10-17 07:23 8,464 ------w C:\WINNT\system32\dllcache\mqrperf.dll
          2007-10-17 07:23 77,072 ----a-w C:\WINNT\system32\dllcache\mqdscli.dll
          2007-10-17 07:23 71,440 ----a-w C:\WINNT\system32\dllcache\mqsec.dll
          2007-10-17 07:23 50,448 ----a-w C:\WINNT\system32\dllcache\mqclus.dll
          2007-10-17 07:23 440,592 ----a-w C:\WINNT\system32\dllcache\mqqm.dll
          2007-10-17 07:23 42,256 ----a-w C:\WINNT\system32\dllcache\mqdssrv.dll
          2007-10-17 07:23 404,240 ----a-w C:\WINNT\system32\dllcache\mqsnap.dll
          2007-10-17 07:23 30,992 ----a-w C:\WINNT\system32\dllcache\mqcertui.dll
          2007-10-17 07:23 293,648 ----a-w C:\WINNT\system32\dllcache\mq1repl.dll
          2007-10-17 07:23 29,968 ----a-w C:\WINNT\system32\dllcache\mqdbodbc.dll
          2007-10-17 07:23 267,536 ----a-w C:\WINNT\system32\dllcache\mqmigrat.dll
          2007-10-17 07:23 23,824 ----a-w C:\WINNT\system32\dllcache\mqupgrd.dll
          2007-10-17 07:23 228,624 ----a-w C:\WINNT\system32\dllcache\mqoa.dll
          2007-10-17 07:23 218,384 ----a-w C:\WINNT\system32\dllcache\mqads.dll
          2007-10-17 07:23 164,624 ----a-w C:\WINNT\system32\dllcache\msmqocm.dll
          2007-10-17 07:23 117,008 ----a-w C:\WINNT\system32\dllcache\mqutil.dll
          2007-10-17 07:23 102,672 ----a-w C:\WINNT\system32\dllcache\mqrt.dll
          2007-10-17 07:23 10,000 ----a-w C:\WINNT\system32\dllcache\mqperf.dll
          2007-10-17 07:17 34,576 ----a-w C:\WINNT\system32\dllcache\mqbkup.exe
          2007-10-16 13:56 517,904 ----a-w C:\WINNT\system32\LSASRV.DLL
          2007-10-16 13:56 517,904 ----a-w C:\WINNT\system32\dllcache\LSASRV.DLL
          2007-10-16 13:51 77,712 ------w C:\WINNT\system32\dllcache\mqac.sys
          2007-10-16 13:51 21,264 ----a-w C:\WINNT\system32\dllcache\mqsvc.exe
          2007-10-16 13:51 21,264 ----a-w C:\WINNT\system32\dllcache\mq1sync.exe
          2007-10-16 13:51 105,232 ----a-w C:\WINNT\system32\dllcache\mqmig.exe
          2004-06-11 09:24 784 ------w C:\Documents and Settings\MS Client\Application Data\mpauth.dat
          2004-03-10 12:24 271 ---h--w C:\Program Files\desktop.ini
          2004-03-10 12:24 22,085 ---h--w C:\Program Files\folder.htt
          2003-06-30 11:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
          .

          ((((((((((((((((((((((((((((( [email protected] 2008-01-13_21.51.41.50 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-01-12 20:45:38 1,945,600 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000001\ntuser.dat
          + 2008-01-15 17:46:52 1,945,600 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000001\ntuser.dat
          - 2008-01-12 20:45:38 143,360 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-15 17:46:52 143,360 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2000-08-31 07:00:00 174,080 ----a-w C:\WINNT\erdnt\subs\F3M\ERDNT.EXE
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "internat.exe"="internat.exe" [30-06-03 12:00 29456 C:\WINNT\system32\internat.exe]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "!AVG Anti-Spyware"="D:\INS-files\AVG Anti-Spyware 7.5\avgas.exe" [11-06-07 10:25 6731312]
          "Synchronization Manager"="mobsync.exe" [30-06-03 12:00 120592 C:\WINNT\system32\mobsync.exe]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "internat.exe"="internat.exe" [30-06-03 12:00 29456 C:\WINNT\system32\internat.exe]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [30-06-03 13:00 197904]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak software updater.lnk]
          backup=C:\WINNT\pss\Kodak software updater.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
          --------- 24-09-04 17:22 1925120 D:\INS-files\Nero BackItUp\NBJ.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
          --------- 19-12-03 11:38 434176 C:\Program Files\Common Files\Nokia\Tools\NclTray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
          --a------ 30-06-03 12:00 120592 C:\WINNT\system32\mobsync.exe

          R0 viasraid;viasraid;C:\WINNT\system32\DRIVERS\viasraid.sys [12-06-03 11:31 ]
          R1 dvdram;Panasonic DVD-RAM Driver;C:\WINNT\system32\Drivers\dvdram.sys [22-05-03 07:24 ]
          R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINNT\system32\DRIVERS\DLPortIO.SYS [10-01-99 13:00 ]
          R2 ptssvc;ptssvc;C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe [11-08-04 02:00 ]
          R2 WUSB28SVC;WUSB28SVC;"C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe"
          R3 usbhub20;Ondersteuning van USB 2.0-hoofdhubs;C:\WINNT\system32\DRIVERS\usbhub20.sys [19-06-03 12:05 ]
          S3 EL90BC;3Com EtherLink XL B/C Adapter-stuurprogramma;C:\WINNT\system32\DRIVERS\el90xbc5.sys [23-10-99 20:22 ]
          S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINNT\system32\DRIVERS\vnet558x.sys [12-06-03 17:56 ]
          S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [18-06-03 16:48 ]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-07 18:06:06 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-01-03 09:41:34 C:\WINNT\Tasks\RegCure.job"
          - D:\INS-files\regcure\RegCure.exe
          "2008-01-12 16:00:02 C:\WINNT\Tasks\RegCure Program Check.job"
          - D:\INS-files\regcure\RegCure.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-15 18:47:34
          Windows 5.0.2195 Service Pack 4 FAT NTAPI

          detected NTDLL code modification:
          ZwOpenFile

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 15-01-2008 18:47:52
          ComboFix-quarantined-files.txt 2008-01-15 17:47:52
          ComboFix3.txt 2008-01-13 20:52:00
          ComboFix2.txt 2008-01-13 21:02:50
          .
          2008-01-10 16:43:53 --- E O F ---





          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:31:46, on 15-1-2008
          Platform: Windows 2000 SP4 (WinNT 5.00.2195)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
          Boot mode: Normal

          Running processes:
          C:\WINNT\System32\smss.exe
          C:\WINNT\system32\winlogon.exe
          C:\WINNT\system32\services.exe
          C:\WINNT\system32\lsass.exe
          C:\WINNT\system32\Ati2evxx.exe
          C:\WINNT\system32\svchost.exe
          C:\WINNT\system32\spoolsv.exe
          D:\INS-files\Ad Aware\aawservice.exe
          D:\INS-files\AVG Anti-Spyware 7.5\guard.exe
          C:\WINNT\system32\svchost.exe
          C:\WINNT\system32\drivers\KodakCCS.exe
          C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
          C:\WINNT\system32\regsvc.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\WINNT\System32\WBEM\WinMgmt.exe
          C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
          C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
          C:\WINNT\system32\Ati2evxx.exe
          C:\WINNT\Explorer.EXE
          D:\INS-files\AVG Anti-Spyware 7.5\avgas.exe
          C:\WINNT\system32\internat.exe
          K:\HiJackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\INS-files\DAP2\DAPBHO.dll
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
          O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\INS-files\DAP2\DAPIEBar.dll
          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\INS-files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
          O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
          O4 - HKCU\..\Run: [internat.exe] internat.exe
          O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
          O8 - Extra context menu item: &Download with &DAP - D:\INS-FI~1\DAP2\dapextie.htm
          O8 - Extra context menu item: Download &all with DAP - D:\INS-FI~1\DAP2\dapextie2.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\INS-FI~1\DAP2\DAP.EXE
          O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
          O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
          O16 - DPF: {F01B7AD7-3269-42C4-823D-7C1D4780F49D} (GLoad Class) - http://gameloader.spelpunt.nl/gloader.cab
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\INS-files\Ad Aware\aawservice.exe
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\INS-files\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
          O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          O23 - Service: WUSB28SVC - GEMTEKS - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
          O24 - Desktop Component 0: (no name) - file:///D:/Documents%20and%20Settings/MS%20Client/Mijn%20documenten/Dennis/shockwave.jpg

          --
          End of file - 4900 bytes



          ik ben je zeer dankbaar voor al je hulp.
          alles lijkt in orde, op 1 punt na: krijg geen internet verbinding meer...
          misschien nog een laatste tip voor me?

          groetjes

          Comment


          • #6
            Download WinsockFix: http://www.tacktech.com/pub/winsockfix/WinsockFix.zip
            Unzip het en plaats het op je bureaublad.
            Start winsockfix.exe en klik op "Fix".
            De computer zal herstarten.

            Kijk of je internetverbinding werkt.

            Comment


            • #7
              Bedankt voor je tip maar heb het al opgelost...

              ik ben van alle problemen af...
              petje af voor iedereen op deze site...

              Comment


              • #8
                Ga naar Start - Uitvoeren en tik in: ComboFix /u
                Druk op Enter.

                Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                De status van deze thread staat op opgelost.
                Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                Happy surfing again.

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X