Mededeling

Collapse
No announcement yet.

"Your computer was infected with an unknown trojan"

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    "Your computer was infected with an unknown trojan"

    Hallo iedereen,

    Ik krijg sinds deze morgend herhaaldelijk volgende foutmelding bij het openen van IE en bestanden op mijn pc :

    "Your computer was infected with a unkown trojan. It's dangerous for your system (critical files can be lost). Click OK to download the antispyware program to clean your system (recommended)"

    Als ik iets intyp in google krijg ik een een grote X te zien met deze melding:

    "Error!Your browser was hijacked! Some results was changed by porn advertising! You need to clean your system immediately to prevent it. Download the newest antispyware software!"

    Een paar dagen geleden had iemand hier hetzelfde probleem , ik heb ook alles gescand met verschillende programma's maar tevergeefs.

    Hier heb je mijn HjiackThis log , kan iemand me enige hulp bieden?

    Alvast bedankt ,

    Wolfe


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:21:35, on 18-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Office toolbar - {88452E1F-D91A-4A66-AA39-FD53F15B13AF} - C:\WINDOWS\sysosa.dll
    O2 - BHO: (no name) - {EE5C666C-78F6-49FD-99C9-751538475486} - C:\WINDOWS\system32\jkkli.dll (file missing)
    O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files\VIAudioi\HDADeck\HDeck.exe" 1
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] "C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [UVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156318372703
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156318484562
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{805F00A0-44BF-45D4-94C5-1F175384CA55}: NameServer = 84.36.0.250,84.36.255.250
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: BitComet AntiARP - Unknown owner - C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 10567 bytes
    Labels: Geen
    • Citaat
  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Office toolbar - {88452E1F-D91A-4A66-AA39-FD53F15B13AF} - C:\WINDOWS\sysosa.dll
    O2 - BHO: (no name) - {EE5C666C-78F6-49FD-99C9-751538475486} - C:\WINDOWS\system32\jkkli.dll (file missing)

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
    • Citaat

    Comment

    • #3
      Bedankt voor de snelle reactie. Heb gedaan wat je zei. Hier het resultaat.

      ComboFix 08-01-18.4 - Gebruiker 2008-01-18 19:44:34.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.403 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\check_LSA7.txt
      C:\Documents and Settings\Gebruiker\Application Data\macromedia\Flash Player\#SharedObjects\652W2SB3\www.broadcaster.com
      C:\Documents and Settings\Gebruiker\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
      C:\Documents and Settings\Gebruiker\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
      C:\Program Files\WinAble
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\drivers\npf.sys
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\Packet.dll
      C:\WINDOWS\system32\pthreadVC.dll
      C:\WINDOWS\system32\vfygwafp.ini
      C:\WINDOWS\system32\vfygwafp.ini2
      C:\WINDOWS\system32\vfygwafp.tmp
      C:\WINDOWS\system32\WanPacket.dll
      C:\WINDOWS\system32\wpcap.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_NPF
      -------\NPF


      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
      .

      2008-01-18 19:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-18 18:54 . 2008-01-18 18:54 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-18 18:23 . 2008-01-18 18:23 <DIR> d-------- C:\VundoFix Backups
      2008-01-18 18:06 . 2008-01-18 18:06 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
      2008-01-18 14:55 . 2008-01-18 14:55 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
      2008-01-18 14:55 . 2008-01-18 14:55 298,104 --a------ C:\WINDOWS\system32\imon.dll
      2008-01-18 14:55 . 2008-01-18 14:55 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
      2008-01-18 14:54 . 2008-01-18 14:55 <DIR> d-------- C:\Temp
      2008-01-18 14:54 . 2008-01-18 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-01-18 11:22 . 2008-01-18 11:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
      2008-01-18 11:22 . 2006-08-23 08:27 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
      2008-01-18 11:22 . 2006-08-22 13:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-01-18 11:22 . 2006-08-23 16:32 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-01-18 11:22 . 2006-08-22 15:42 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-01-18 11:22 . 2006-08-23 16:32 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-01-18 11:22 . 2006-08-23 10:22 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-01-18 11:22 . 2006-08-23 16:32 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
      2008-01-18 11:22 . 2006-08-23 12:09 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
      2008-01-18 11:22 . 2006-08-22 16:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
      2008-01-18 11:22 . 2006-08-22 16:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BullGuard
      2008-01-18 11:22 . 2006-08-22 16:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
      2008-01-18 09:48 . 2008-01-18 09:48 226,816 --a------ C:\WINDOWS\sysosa.dll
      2008-01-18 09:48 . 2008-01-18 09:48 50 --a------ C:\tmp.bat
      2008-01-18 09:24 . 2008-01-18 09:24 0 --a------ C:\WINDOWS\PowerReg.dat
      2008-01-18 09:19 . 2008-01-18 16:48 32 --a------ C:\WINDOWS\CD_Start.INI
      2008-01-13 23:40 . 2008-01-13 23:40 <DIR> d--hs---- C:\WINDOWS\ftpcache
      2008-01-12 16:22 . 2008-01-12 16:22 <DIR> d-------- C:\Program Files\Ruling Technologies
      2008-01-08 12:16 . 2008-01-08 12:16 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\ACD Systems
      2008-01-08 12:15 . 2008-01-08 12:16 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
      2008-01-08 12:15 . 2008-01-08 12:15 <DIR> d-------- C:\Program Files\ACD Systems
      2008-01-08 12:15 . 2008-01-08 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
      2007-12-24 08:37 . 2008-01-06 18:06 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\dvdcss
      2007-12-19 10:09 . 2004-08-04 00:56 32,000 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
      2007-12-19 10:09 . 2004-08-04 00:56 32,000 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-18 18:49 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Skype
      2008-01-18 18:48 --------- d-----w C:\Program Files\Hitman Pro
      2008-01-18 18:47 --------- d-----w C:\Program Files\Symantec AntiVirus
      2008-01-18 17:03 --------- d-----w C:\Program Files\Spyware Doctor
      2008-01-18 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-18 14:01 --------- d-----w C:\Program Files\SpywareBlaster
      2008-01-18 13:50 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-01-18 13:50 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-01-18 13:50 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-01-18 13:50 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
      2008-01-18 13:47 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
      2008-01-09 09:31 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\NeroDCTemplates
      2008-01-06 10:30 --------- d-----w C:\Program Files\Google
      2008-01-06 06:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-17 08:09 --------- d-----w C:\Program Files\Photo Viewer
      2007-12-12 07:50 --------- d-----w C:\Program Files\BitCometAntiARP
      2007-12-12 07:48 --------- d-----w C:\Program Files\BitComet
      2007-12-09 22:27 --------- d-----w C:\Program Files\Hema Album Software Advanced
      2007-12-09 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
      2007-12-05 14:57 --------- d-----w C:\Program Files\Boilsoft ASF Converter
      2007-12-05 14:01 --------- d-----w C:\Program Files\Online TV Player 3
      2007-12-03 08:18 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\vlc
      2007-12-03 08:06 --------- d-----w C:\Program Files\VideoLAN
      2007-11-22 20:46 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Sports Interactive
      2007-11-22 20:44 --------- d--h--w C:\Program Files\Zero G Registry
      2007-11-22 20:44 --------- d--h--r C:\Documents and Settings\Gebruiker\Application Data\SecuROM
      2007-10-22 09:41 120 ----a-w C:\drmHeader.bin
      2007-09-11 18:47 664,952 --sh--w C:\WINDOWS\system32\ilkkj.bak1
      2007-09-22 17:19 622,118 --sh--w C:\WINDOWS\system32\ilkkj.bak2
      2007-09-22 20:56 619,902 --sh--w C:\WINDOWS\system32\ilkkj.ini2
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-22 23:31 25388584]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 14:36 684032]
      "NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 33792 C:\WINDOWS\system32\rundll32.exe]
      "nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
      "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
      "USIUDF_Eject_Monitor"="C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 04:50 81920]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52 48752]
      "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 11:30 85184]
      "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 13:12 341488]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-13 11:25 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 08:35 282624]
      "Device Detector"="DevDetect.exe"
      "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

      C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\
      PowerReg Scheduler V3.exe [2008-01-18 10:00:56]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mp4 Player]
      C:\Program Files\Mp4 Player\Mp4Player.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-03-10 08:35 282624 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      --a------ 2007-05-13 11:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
      --------- 2006-11-02 22:53 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

      R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
      R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 10:39]
      R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-01-18 14:47]
      R2 BitComet AntiARP;BitComet AntiARP;C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe [2007-05-08 04:43]
      R3 EraserUtilDrv10740;EraserUtilDrv10740;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys [2008-01-16 10:00]
      S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2006-04-22 15:08]
      S3 PAC207;SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
      S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d14b527-9438-11db-a3f9-001617a972a9}]
      \Shell\AutoRun\command - I:\LaunchU3.exe -a

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-18 19:48:55
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-18 19:52:04 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-18 18:52:01
      .
      2008-01-18 17:46:35 --- E O F ---

      Hier het HijackThis file

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:58:41, on 18-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe
      C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
      C:\Program Files\VIAudioi\HDADeck\HDeck.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
      O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files\VIAudioi\HDADeck\HDeck.exe" 1
      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] "C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [UVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
      O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: PowerReg Scheduler V3.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
      O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
      O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156318372703
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156318484562
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{805F00A0-44BF-45D4-94C5-1F175384CA55}: NameServer = 84.36.0.250,84.36.255.250
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: BitComet AntiARP - Unknown owner - C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe
      O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 10284 bytes
      • Citaat

      Comment

      • #4
        Open een kladblokbestand.
        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
        Sla het kladblokbestand op als CFScript.txt
        Code:
        File::
C:\WINDOWS\sysosa.dll
C:\tmp.bat
C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.bak2
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\drivers\mchInjDrv.sys

Driver::
mchInjDrv
        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

        ComboFix zal opnieuw starten.
        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
        Post de inhoud van de logfile.
        • Citaat

        Comment

        • #5
          Hier het logfile.

          ComboFix 08-01-18.4 - Gebruiker 2008-01-18 20:10:49.2 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.424 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Gebruiker\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\tmp.bat
          C:\WINDOWS\sysosa.dll
          C:\WINDOWS\system32\drivers\mchInjDrv.sys
          C:\WINDOWS\system32\ilkkj.bak1
          C:\WINDOWS\system32\ilkkj.bak2
          C:\WINDOWS\system32\ilkkj.ini2
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\tmp.bat
          C:\WINDOWS\system32\drivers\mchInjDrv.sys
          C:\WINDOWS\system32\ilkkj.bak1
          C:\WINDOWS\system32\ilkkj.bak2
          C:\WINDOWS\system32\ilkkj.ini2

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_MCHINJDRV
          -------\mchInjDrv


          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
          .

          2008-01-18 19:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-18 18:54 . 2008-01-18 18:54 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-18 18:23 . 2008-01-18 18:23 <DIR> d-------- C:\VundoFix Backups
          2008-01-18 14:55 . 2008-01-18 14:55 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
          2008-01-18 14:55 . 2008-01-18 14:55 298,104 --a------ C:\WINDOWS\system32\imon.dll
          2008-01-18 14:55 . 2008-01-18 14:55 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
          2008-01-18 14:54 . 2008-01-18 14:55 <DIR> d-------- C:\Temp
          2008-01-18 14:54 . 2008-01-18 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
          2008-01-18 11:22 . 2008-01-18 11:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
          2008-01-18 11:22 . 2006-08-23 08:27 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
          2008-01-18 11:22 . 2006-08-22 13:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
          2008-01-18 11:22 . 2006-08-23 16:32 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
          2008-01-18 11:22 . 2006-08-22 15:42 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
          2008-01-18 11:22 . 2006-08-23 16:32 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
          2008-01-18 11:22 . 2006-08-23 10:22 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
          2008-01-18 11:22 . 2006-08-23 16:32 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
          2008-01-18 11:22 . 2006-08-23 12:09 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
          2008-01-18 11:22 . 2006-08-22 16:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
          2008-01-18 11:22 . 2006-08-22 16:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BullGuard
          2008-01-18 11:22 . 2006-08-22 16:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
          2008-01-18 09:24 . 2008-01-18 09:24 0 --a------ C:\WINDOWS\PowerReg.dat
          2008-01-18 09:19 . 2008-01-18 16:48 32 --a------ C:\WINDOWS\CD_Start.INI
          2008-01-13 23:40 . 2008-01-13 23:40 <DIR> d--hs---- C:\WINDOWS\ftpcache
          2008-01-12 16:22 . 2008-01-12 16:22 <DIR> d-------- C:\Program Files\Ruling Technologies
          2008-01-08 12:16 . 2008-01-08 12:16 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\ACD Systems
          2008-01-08 12:15 . 2008-01-08 12:16 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
          2008-01-08 12:15 . 2008-01-08 12:15 <DIR> d-------- C:\Program Files\ACD Systems
          2008-01-08 12:15 . 2008-01-08 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
          2007-12-24 08:37 . 2008-01-06 18:06 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\dvdcss
          2007-12-19 10:09 . 2004-08-04 00:56 32,000 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
          2007-12-19 10:09 . 2004-08-04 00:56 32,000 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-18 19:13 --------- d-----w C:\Program Files\Hitman Pro
          2008-01-18 19:12 --------- d-----w C:\Program Files\Symantec AntiVirus
          2008-01-18 19:06 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Skype
          2008-01-18 17:03 --------- d-----w C:\Program Files\Spyware Doctor
          2008-01-18 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-18 14:01 --------- d-----w C:\Program Files\SpywareBlaster
          2008-01-18 13:50 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-01-18 13:50 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-01-18 13:50 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-01-18 13:50 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
          2008-01-09 09:31 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\NeroDCTemplates
          2008-01-06 10:30 --------- d-----w C:\Program Files\Google
          2008-01-06 06:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-17 08:09 --------- d-----w C:\Program Files\Photo Viewer
          2007-12-12 07:50 --------- d-----w C:\Program Files\BitCometAntiARP
          2007-12-12 07:48 --------- d-----w C:\Program Files\BitComet
          2007-12-09 22:27 --------- d-----w C:\Program Files\Hema Album Software Advanced
          2007-12-09 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
          2007-12-05 14:57 --------- d-----w C:\Program Files\Boilsoft ASF Converter
          2007-12-05 14:01 --------- d-----w C:\Program Files\Online TV Player 3
          2007-12-03 08:18 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\vlc
          2007-12-03 08:06 --------- d-----w C:\Program Files\VideoLAN
          2007-11-22 20:46 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Sports Interactive
          2007-11-22 20:44 --------- d--h--w C:\Program Files\Zero G Registry
          2007-11-22 20:44 --------- d--h--r C:\Documents and Settings\Gebruiker\Application Data\SecuROM
          2007-10-22 09:41 120 ----a-w C:\drmHeader.bin
          .

          ((((((((((((((((((((((((((((( [email protected]_19.51.50.82 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-01-18 18:44:21 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          + 2008-01-18 19:10:46 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          - 2008-01-18 18:44:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-18 19:10:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          - 2008-01-18 18:44:21 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          + 2008-01-18 19:10:46 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          - 2008-01-18 18:44:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          + 2008-01-18 19:10:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          - 2008-01-18 18:44:21 10,280,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
          + 2008-01-18 19:10:46 10,301,440 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
          - 2008-01-18 18:44:21 454,656 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2008-01-18 19:10:46 454,656 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
          "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-22 23:31 25388584]
          "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 14:36 684032]
          "NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 33792 C:\WINDOWS\system32\rundll32.exe]
          "nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
          "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
          "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
          "USIUDF_Eject_Monitor"="C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 04:50 81920]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52 48752]
          "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 11:30 85184]
          "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 13:12 341488]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-13 11:25 185896]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 08:35 282624]
          "Device Detector"="DevDetect.exe"
          "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

          C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\
          PowerReg Scheduler V3.exe [2008-01-18 10:00:56]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mp4 Player]
          C:\Program Files\Mp4 Player\Mp4Player.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2007-03-10 08:35 282624 C:\Program Files\QuickTime\qttask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
          --a------ 2007-05-13 11:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
          --------- 2006-11-02 22:53 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

          R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
          R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 10:39]
          R2 BitComet AntiARP;BitComet AntiARP;C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe [2007-05-08 04:43]
          S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2006-04-22 15:08]
          S3 PAC207;SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
          S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d14b527-9438-11db-a3f9-001617a972a9}]
          \Shell\AutoRun\command - I:\LaunchU3.exe -a

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-18 20:14:17
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-18 20:17:19 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-18 19:17:16
          ComboFix2.txt 2008-01-18 18:52:04
          .
          2008-01-18 17:46:35 --- E O F ---
          • Citaat

          Comment

          • #6
            Ziet er goed uit.
            Alle problemen zijn opgelost?
            • Citaat

            Comment

            • #7
              Ja Super, hartelijk bedankt. Zat er een beetje in mijn rats ermee. Ik weet niet wat er precies aan de hand was maar de meldingen krijg ik niet meer.

              Bedankt,
              Henri
              • Citaat

              Comment

              • #8
                Graag gedaan Henri.

                Doe dit nog even:
                Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
                Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
                Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
                • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
                • Klik vervolgens op de toets Scan Settings.
                  Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
                  Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
                • Klik dan op de toets OK.
                • Start nu het scannen door op de tekst My Computer te klikken.


                  Hou er rekening mee dat deze scan een tijdje in beslag neemt.
                • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
                  Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

                Post dit rapport in je volgende bericht.
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X