Mededeling

Collapse
No announcement yet.

trojan.dropper.win32.agent.dgo problemen.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan.dropper.win32.agent.dgo problemen.

    Hoi iedereen,

    Nod32 gaf mij de melding dat trojan.dropper.win32.agent.dgo aanwezig is op mijn systeem, deze krijgt hem ook niet verwijderd.

    Ik heb al de volgende acties ondernomen:
    - NOD32 laten scannen
    - Ewido anti-spyware laten scannen, wat niks uithaalde. Die heeft slechts een cookie gevonden en verwijderd.

    Ik heb Combofix al op mijn bureablad staan (verder nog niet eenmaal aangezeten) mocht dat nodig zijn.

    De logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:28, on 2008-01-18
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    F3 - REG:win.ini: load=C:\WINDOWS\system32\gebyx.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O24 - Desktop Component 0: (no name) - http://www.ea.com/images/games/crysis/img/wallpaper/wallpaper1680x1050.jpg

    --
    End of file - 3910 bytes

    Alvast bedankt,
    Steven.

  • #2
    Schopje.

    Comment


    • #3
      Download Combofix naar je bureaublad

      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

      Dubbelklik op combofix.exe
      Kies voor "Continue" door 1 te typen gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
      Groet,
      Pimmerd

      Comment


      • #4
        Dit is een logje nadat ik hier de HJT-log had gepost, ik was een beetje ongeduldig

        ComboFix 08-01-18.3 - Steven 2008-01-18 18:32:22.1 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1582 [GMT 1:00]
        Running from: C:\Documents and Settings\Steven\Desktop\ComboFix.exe

        WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
        .

        ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\WINDOWS\system32\gebyx.dll
        C:\WINDOWS\system32\jhfshkqn.ini
        C:\WINDOWS\system32\jkkihif.dll
        C:\WINDOWS\system32\kxwadtwm.dll
        C:\WINDOWS\system32\nqkhsfhj.dll
        C:\WINDOWS\system32\xybeg.ini
        C:\WINDOWS\system32\xybeg.ini2

        .
        ((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
        .

        2008-01-18 15:39 . 2008-01-18 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-01-18 02:28 . 2008-01-18 02:28 <DIR> d-------- C:\Program Files\Trend Micro
        2008-01-18 01:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
        2008-01-18 01:14 . 2008-01-18 01:16 <DIR> d-------- C:\Program Files\AviSynth 2.5
        2008-01-18 01:13 . 2008-01-18 01:16 <DIR> d-------- C:\Program Files\d2mp
        2008-01-18 01:00 . 2008-01-18 01:00 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
        2008-01-15 20:09 . 2008-01-15 20:09 <DIR> d-------- C:\Program Files\MSXML 4.0
        2008-01-15 14:45 . 2008-01-15 14:45 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\InstallShield Installation Information
        2008-01-15 14:29 . 2008-01-15 14:29 <DIR> d-------- C:\WINDOWS\system32\AGEIA
        2008-01-15 14:29 . 2008-01-15 14:29 <DIR> d-------- C:\Program Files\Unreal Tournament 3
        2008-01-15 14:29 . 2008-01-15 14:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
        2008-01-15 14:29 . 2008-01-15 14:29 <DIR> d-------- C:\Program Files\AGEIA Technologies
        2008-01-14 16:42 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
        2008-01-14 16:32 . 2008-01-14 19:04 <DIR> d-------- C:\Program Files\The Witcher
        2008-01-12 02:29 . 2008-01-13 19:30 <DIR> d-------- C:\Program Files\The Witcher Demo
        2008-01-11 14:37 . 2008-01-11 14:37 <DIR> d-------- C:\Program Files\LucasArts
        2008-01-11 14:36 . 2008-01-18 01:13 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
        2008-01-09 23:49 . 2008-01-10 17:55 23 --a------ C:\WINDOWS\popcinfot.dat
        2008-01-09 17:39 . 2008-01-09 17:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData
        2008-01-08 21:38 . 2008-01-08 21:38 <DIR> d---s---- C:\Documents and Settings\Steven\UserData
        2008-01-07 23:20 . 2008-01-07 23:20 <DIR> d-------- C:\Program Files\CCleaner
        2008-01-07 15:04 . 2008-01-07 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
        2008-01-07 14:48 . 2008-01-07 14:48 <DIR> d-------- C:\Program Files\Ubisoft
        2008-01-06 20:16 . 2008-01-06 23:02 <DIR> d-------- C:\Program Files\HL2 ep
        2008-01-05 17:41 . 2008-01-08 21:52 <DIR> d-------- C:\Program Files\SEGA
        2008-01-05 15:23 . 2008-01-05 16:05 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
        2008-01-05 15:23 . 2008-01-05 16:05 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
        2008-01-05 14:14 . 2008-01-05 14:14 <DIR> d--h----- C:\Program Files\Creative Installation Information
        2008-01-05 01:40 . 2008-01-05 01:40 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\TransRender
        2008-01-05 01:40 . 2008-01-07 20:26 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Temporary
        2008-01-05 01:40 . 2008-01-05 01:40 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Samsung
        2008-01-05 01:40 . 2008-01-07 20:28 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\ConvertTemp
        2008-01-05 01:21 . 2008-01-05 01:21 <DIR> d-------- C:\Program Files\Samsung
        2008-01-05 01:08 . 2008-01-05 01:08 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\AVSMedia
        2008-01-05 01:08 . 2008-01-05 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
        2008-01-05 01:07 . 2008-01-18 01:16 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
        2008-01-05 01:07 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
        2008-01-05 00:46 . 2008-01-05 00:55 <DIR> d-------- C:\Program Files\My Video Converter
        2008-01-05 00:46 . 2008-01-05 00:50 67 --a------ C:\WINDOWS\My Video Converter.INI
        2008-01-04 15:17 . 2008-01-04 15:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center
        2008-01-03 01:25 . 2007-03-21 07:49 16,126,464 -ra------ C:\WINDOWS\Rthdcpl.exe.xpize
        2008-01-03 01:25 . 2005-09-21 03:25 299,008 -ra------ C:\WINDOWS\system32\Alsndmgr.cpl.xpize
        2008-01-03 01:25 . 2006-08-17 23:58 282,624 -ra------ C:\WINDOWS\system32\Rtsndmgr.cpl.xpize
        2008-01-03 01:25 . 2006-07-21 09:14 86,016 -ra------ C:\WINDOWS\Soundman.exe.xpize
        2008-01-03 01:23 . 2004-08-04 13:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
        2008-01-02 16:51 . 2008-01-05 16:02 <DIR> d-------- C:\Program Files\Windows Media Connect 2
        2008-01-02 16:51 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
        2008-01-02 16:49 . 2008-01-05 16:20 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
        2007-12-27 14:58 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
        2007-12-27 14:58 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
        2007-12-22 11:56 . 2007-12-22 11:56 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\DivX
        2007-12-22 02:08 . 2007-12-22 02:08 <DIR> d-------- C:\Program Files\VideoLAN
        2007-12-22 02:08 . 2007-12-22 02:08 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\vlc
        2007-12-21 15:17 . 2007-12-21 15:17 <DIR> d-------- C:\Program Files\DivX
        2007-12-21 14:36 . 2008-01-06 18:03 23 --a------ C:\WINDOWS\BlendSettings.ini
        2007-12-20 16:58 . 2007-12-20 16:58 <DIR> d-------- C:\Program Files\THQ
        2007-12-18 17:46 . 2007-12-18 17:46 <DIR> d-------- C:\Program Files\Atari
        2007-12-18 17:45 . 2007-12-18 18:23 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\DAEMON Tools

        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-01-18 14:45 --------- d-----w C:\Program Files\Steam
        2008-01-18 00:36 --------- d-----w C:\Program Files\RivaTuner v2.06
        2008-01-14 15:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-01-05 15:11 --------- d-----w C:\Program Files\Creative
        2007-12-21 13:27 --------- d-----w C:\Program Files\Bethesda Softworks
        2007-12-18 17:26 --------- d-----w C:\Documents and Settings\Steven\Application Data\Bioshock
        2007-12-18 16:41 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
        2007-12-17 16:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
        2007-12-17 16:10 22,328 ----a-w C:\Documents and Settings\Steven\Application Data\PnkBstrK.sys
        2007-12-17 15:45 --------- d-----w C:\Program Files\The All-Seeing Eye
        2007-12-15 20:36 --------- d-----w C:\Program Files\SpeedFan
        2007-12-15 15:03 --------- d-----w C:\Program Files\Java
        2007-12-15 15:03 --------- d-----w C:\Documents and Settings\Steven\Application Data\SystemRequirementsLab
        2007-12-15 15:02 --------- d-----w C:\Program Files\Common Files\Java
        2007-12-05 09:18 --------- d-----w C:\Program Files\Lexmark 510 Series
        2007-12-04 21:43 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
        2007-12-04 21:43 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
        2007-12-04 21:28 --------- d-----w C:\Documents and Settings\Steven\Application Data\DAEMON Tools Pro
        2007-12-04 17:02 --------- d-----w C:\Program Files\MSBuild
        2007-12-04 17:02 --------- d-----w C:\Program Files\Microsoft Works
        2007-12-04 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2007-12-04 17:01 --------- d-----w C:\Program Files\Microsoft.NET
        2007-12-04 11:19 --------- d-----w C:\Program Files\Sierra Entertainment
        2007-12-04 11:19 --------- d-----w C:\Documents and Settings\Steven\Application Data\InstallShield
        2007-12-03 20:21 --------- d-----w C:\Program Files\Common Files\Adobe
        2007-12-02 20:42 --------- d-----w C:\Program Files\Intel Corporation
        2007-12-01 23:49 --------- d-----w C:\Documents and Settings\Steven\Application Data\Creative
        2007-12-01 16:18 --------- d--h--r C:\Documents and Settings\Steven\Application Data\SecuROM
        2007-12-01 16:01 --------- d-----w C:\Program Files\HL Ep 1
        2007-11-30 17:37 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
        2007-11-30 17:37 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
        2007-11-30 16:32 --------- d-----w C:\Program Files\Electronic Arts
        2007-11-30 16:07 --------- d-----w C:\Program Files\MSN Messenger
        2007-11-30 16:03 --------- d-----w C:\Program Files\BitLord
        2007-11-30 15:04 --------- d-----w C:\Program Files\Lavalys
        2007-11-30 14:59 --------- d-----w C:\Program Files\SystemRequirementsLab
        2007-11-30 14:32 --------- d-----w C:\Program Files\Sierra
        2007-11-30 14:22 --------- d-----w C:\Program Files\Intel
        2007-11-30 14:09 --------- d-----w C:\Program Files\Google
        2007-11-30 13:46 --------- d-----w C:\Program Files\Siemens
        2007-11-30 13:45 --------- d-----w C:\Program Files\Funk Software
        2007-11-30 13:45 --------- d-----w C:\Program Files\Common Files\InstallShield
        2007-11-30 13:45 --------- d-----w C:\Program Files\Common Files\Funk Software
        2007-11-30 13:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
        2007-11-30 13:40 --------- d-----w C:\Program Files\Realtek
        2007-11-30 13:24 --------- d-----w C:\Program Files\microsoft frontpage
        .

        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
        "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]
        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 06:51 8523776]
        "nwiz"="nwiz.exe" [2007-11-12 06:51 1626112 C:\WINDOWS\system32\nwiz.exe]
        "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-12 06:51 81920]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
        Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2007-11-30 14:46:21]

        R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 21:11]
        R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
        R3 OdysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]

        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-01-18 18:40:48
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        Completion time: 2008-01-18 18:44:04 - machine was rebooted [Steven]
        ComboFix-quarantined-files.txt 2008-01-18 17:44:03
        .
        2008-01-15 19:13:13 --- E O F ---


        en de verse HJT-Log:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 17:00:19, on 22-1-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Eset\nod32krn.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
        C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\PC Inspector File Recovery\filerecovery.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\Program Files\Steam\Steam.exe
        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
        O24 - Desktop Component 0: (no name) - http://www.ea.com/images/games/crysis/img/wallpaper/wallpaper1680x1050.jpg

        --
        End of file - 4356 bytes

        De meeste problemen zijn opgelost, alleen heb ik nu het probleem dat geen Antivirus wilt draaien zoals NOD32 en Spybot Search and Destroy.

        Groetjes,
        Steven

        Comment


        • #5
          Download ATF Cleaner (by Atribune)

          Dubbelklik op ATF cleaner om het programma te starten.
          Op het tabblad "Main", plaats je een vinkje bij Select All.
          Klik op de knop Empty Selected.

          Het volgende doen als je ook FireFox als browser hebt:
          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
          Klik op de knop Empty Selected.

          Het volgende doen als je ook Opera als browser hebt:
          Klik op tabblad "Opera", plaats een vinkje bij Select All.
          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          Klik op de knop Empty Selected.
          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

          Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
          Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
          Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
          • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
          • Klik vervolgens op de toets Scan Settings.
            Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
            Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
          • Klik dan op de toets OK.
          • Start nu het scannen door op de tekst My Computer te klikken.


            Hou er rekening mee dat deze scan een tijdje in beslag neemt.
          • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
            Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

          Post dit rapport in je volgende bericht.
          Groet,
          Pimmerd

          Comment


          • #6
            -------------------------------------------------------------------------------
            KASPERSKY ONLINE SCANNER REPORT
            Tuesday, January 22, 2008 10:05:38 PM
            Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
            Kaspersky Online Scanner version: 5.0.98.0
            Kaspersky Anti-Virus database last update: 22/01/2008
            Kaspersky Anti-Virus database records: 527121
            -------------------------------------------------------------------------------

            Scan Settings:
            Scan using the following antivirus database: extended
            Scan Archives: true
            Scan Mail Bases: true

            Scan Target - My Computer:
            C:\
            D:\
            E:\

            Scan Statistics:
            Total number of scanned objects: 143244
            Number of viruses found: 4
            Number of infected objects: 5
            Number of suspicious objects: 0
            Duration of the scan process: 01:08:02

            Infected Object Name / Virus Name / Last Action
            C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
            C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
            C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
            C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
            C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
            C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
            C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
            C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
            C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
            C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
            C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
            C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
            C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
            C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
            C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\cert8.db Object is locked skipped
            C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\formhistory.dat Object is locked skipped
            C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\history.dat Object is locked skipped
            C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\key3.db Object is locked skipped
            C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\parent.lock Object is locked skipped
            C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\search.sqlite Object is locked skipped
            C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\urlclassifier2.sqlite Object is locked skipped
            C:\Documents and Settings\Steven\Cookies\index.dat Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\Cache\_CACHE_001_ Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\Cache\_CACHE_002_ Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\Cache\_CACHE_003_ Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\Cache\_CACHE_MAP_ Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\History\History.IE5\index.dat Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\History\History.IE5\MSHist012008012220080123\index.dat Object is locked skipped
            C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
            C:\Documents and Settings\Steven\NTUSER.DAT Object is locked skipped
            C:\Documents and Settings\Steven\ntuser.dat.LOG Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_16.DVD(AAC)[KAA][044EA07C].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_17.DVD(AAC)[KAA][E0060F5D].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_18.DVD(AAC)[KAA][6D19DE13].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_20.DVD(AAC)[KAA][A91BA3B1].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_22.DVD(AAC)[KAA][E6140F69].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_23.DVD(AAC)[KAA][20451956].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_24.DVD(AAC)[KAA][B88973A0].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_25.DVD(AAC)[KAA][2F1B0A73].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_35.DVD(AAC)[KAA][D8E288DC].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_38.DVD(AAC)[KAA][A38DF978].avi.bc! Object is locked skipped
            C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_42.DVD(H264.AAC)[KAA][713E51AF].mkv.bc! Object is locked skipped
            C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
            C:\Program Files\ESET\infected\E1EH3TAA.NQF Infected: Trojan-Dropper.Win32.Agent.dgo skipped
            C:\Program Files\ESET\infected\PCIJXCDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
            C:\Program Files\ESET\infected\PHOYVWBA.NQF Infected: Trojan-Downloader.Win32.Agent.gwe skipped
            C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
            C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
            C:\Program Files\Steam\Steam.log Object is locked skipped
            C:\Program Files\Steam\steamapps\base source engine 2.gcf Object is locked skipped
            C:\Program Files\Steam\steamapps\counter-strike source client.gcf Object is locked skipped
            C:\Program Files\Steam\steamapps\counter-strike source shared.gcf Object is locked skipped
            C:\Program Files\Steam\steamapps\source engine.gcf Object is locked skipped
            C:\Program Files\Steam\steamapps\source materials.gcf Object is locked skipped
            C:\Program Files\Steam\steamapps\source models.gcf Object is locked skipped
            C:\Program Files\Steam\steamapps\source sounds.gcf Object is locked skipped
            C:\Program Files\Steam\steamapps\sourceinit.gcf Object is locked skipped
            C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
            C:\QooBox\Quarantine\C\WINDOWS\system32\kxwadtwm.dll.vir Object is locked skipped
            C:\QooBox\Quarantine\catchme2008-01-18_184042.90.zip/jkkihif.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dqa skipped
            C:\QooBox\Quarantine\catchme2008-01-18_184042.90.zip ZIP: infected - 1 skipped
            C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
            C:\System Volume Information\_restore{4483D05F-D9A8-44DC-AD79-D2090077D549}\RP1\change.log Object is locked skipped
            C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
            C:\WINDOWS\SchedLgU.Txt Object is locked skipped
            C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
            C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
            C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
            C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
            C:\WINDOWS\system32\config\default Object is locked skipped
            C:\WINDOWS\system32\config\default.LOG Object is locked skipped
            C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
            C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
            C:\WINDOWS\system32\config\SAM Object is locked skipped
            C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
            C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
            C:\WINDOWS\system32\config\SECURITY Object is locked skipped
            C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
            C:\WINDOWS\system32\config\software Object is locked skipped
            C:\WINDOWS\system32\config\software.LOG Object is locked skipped
            C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
            C:\WINDOWS\system32\config\system Object is locked skipped
            C:\WINDOWS\system32\config\system.LOG Object is locked skipped
            C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
            C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
            C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
            C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
            C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
            C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
            C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
            C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
            C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
            C:\WINDOWS\WindowsUpdate.log Object is locked skipped

            Scan process completed.

            Comment


            • #7
              Prima, hoe is het inmiddels met je problemen?
              Groet,
              Pimmerd

              Comment


              • #8
                Ik kan nog steeds niet NOD32 opstarten, maar ik zal hem eens opnieuw installeren. Nadat ik combofix had gedraaid was alles een stuk sneller en reageerde alles weer vlot. Ik zal nu eens NOD32 herinstalleren en dan zal ik laten weten of alles werkt.

                Zeer bedankt voor alle hulp.

                Groetjes,
                Steven.

                Comment


                • #9
                  Ik hoor het dan wel
                  Groet,
                  Pimmerd

                  Comment


                  • #10
                    Ik heb NOD gisteren geinstalleerd en heb werkt allemaal naar behoren.

                    Nogmaals bedankt,
                    Steven.

                    Comment


                    • #11
                      Mooi zo, doe het volgende nog even:


                      Deinstalleer Combofix:
                      Ga naar start --> uitvoeren en typ daar: combofix /u
                      Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

                      Download ATF Cleaner (by Atribune)

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
                      Groet,
                      Pimmerd

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X