Mededeling

Collapse
No announcement yet.

MalwareAlarm Hulp gevraagd!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • MalwareAlarm Hulp gevraagd!

    Hallo,

    Sinds een tijdje heb ik last van pop-ups, en schermpjes om maar zo snel mogelijk een antivirus software te instaleren. Als je die schermpjes probeert weg te klikken sluit internet explorer af. en krijg je weer allemaal pop ups. Ik had Norton Antivirus 2007 op mijn pc staan.

    Ik heb met verschillende programma's gescand onder andere: AVG Anti-Spyware, Ad-Aware, Spybot Search and Destroy.

    op internet las ik dit:

    MalwareAlarm is een kwaadaardige Anti-Spywaretoepassing. MalwareAlarm misleidt gebruikers door hen te waarschuwen voor niet-bestaande bedreigingen op hun computers en verleidt hen tot het kopen van het MalwareAlarm programma om deze bedreigingen te verwijderen. MalwareAlarm kan worden gedownload van de website www.malwarealarm.com. Het kan ook zeer moeilijk zijn om het handmatig te verwijderen omdat het zal proberen zichzelf te reproduceren. Laat u niet misleiden als MalwareAlarm die irritante pop-up berichten begint te tonen.

    Dit is mijn HijackTis log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:37, on 2008-01-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\progra~1\azureus\Azureus.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentbytes.net/browse.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentbytes.net/browse.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [acef2661] rundll32.exe "C:\WINDOWS\system32\gtuvasad.dll",b
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

    --
    End of file - 6902 bytes

    Ik hoop dat ik het zo goed doe. als er problemen zijn of als ik iets verkeerd doe met de log mijn excuses. Ik heb hier namelijk niet veel verstand van.

    Ik hoop dat jullie me kunnen helpen
    Groetjes

  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
    O4 - HKLM\..\Run: [acef2661] rundll32.exe "C:\WINDOWS\system32\gtuvasad.dll",b


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Bedankt voor de snelle reactie,

      Hier mijn Combofix Log:

      ComboFix 08-01-18.5 - Bas 2008-01-19 18:48:24.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.447 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Bas\Local Settings\Temporary Internet Files\Content.IE5\D5RELHAB\ComboFix[1].exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\bhookpl.dll
      C:\WINDOWS\system32\dasavutg.ini
      C:\WINDOWS\system32\gtuvasad.dll
      C:\WINDOWS\system32\jkcgweau.dll
      C:\WINDOWS\system32\rtvwa.ini
      C:\WINDOWS\system32\rtvwa.ini2

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))
      .

      2008-01-19 17:45 . 2008-01-19 17:45 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-19 17:21 . 2008-01-19 17:26 <DIR> d-------- C:\Program Files\Enigma Software Group
      2008-01-14 19:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-13 21:55 . 2008-01-13 22:33 51,355 --a------ C:\WINDOWS\system32\muzika.xm
      2008-01-13 19:29 . 2008-01-13 19:29 94 --a------ C:\WINDOWS\wininit.ini
      2008-01-13 15:58 . 2008-01-13 15:58 <DIR> d-------- C:\Documents and Settings\Bas\Application Data\Grisoft
      2008-01-13 15:55 . 2008-01-13 17:54 <DIR> d-------- C:\Program Files\Ad-Aware 2007
      2008-01-13 15:55 . 2008-01-13 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-13 15:54 . 2008-01-13 15:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-13 15:49 . 2008-01-13 15:49 <DIR> d-------- C:\Program Files\LavaSoft Ad Aware 2007
      2008-01-13 15:38 . 2008-01-13 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-13 15:34 . 2008-01-13 15:58 <DIR> d-------- C:\Program Files\AVG Anti-Spyware 7.5
      2008-01-13 15:34 . 2008-01-13 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-01-13 15:34 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-12-24 16:44 . 2007-12-24 16:45 314,784 --a------ C:\WINDOWS\system32\awvtr.dll
      2007-12-22 10:04 . 2007-12-22 10:05 <DIR> d-------- C:\Program Files\QuickTime
      2007-12-22 10:04 . 2007-12-22 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
      2007-12-21 18:43 . 2007-12-21 18:43 <DIR> d-------- C:\Program Files\Windows Live

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-19 17:51 --------- d-----w C:\Documents and Settings\Bas\Application Data\Azureus
      2008-01-19 16:09 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
      2008-01-13 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-01-13 16:47 --------- d-----w C:\Program Files\BSplayerPro
      2008-01-13 13:52 --------- d-----w C:\Documents and Settings\Bas\Application Data\GrabIt
      2008-01-13 13:27 --------- d-----w C:\Documents and Settings\Bas\Application Data\Move Networks
      2007-12-27 12:01 --------- d-----w C:\Program Files\Azureus
      2007-12-21 17:43 --------- d-----w C:\Program Files\MSN Messenger
      2007-12-15 16:58 --------- d-----w C:\Program Files\Common Files\Adobe
      2007-12-12 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2007-11-29 19:54 --------- d-----w C:\Documents and Settings\Bas\Application Data\Apple Computer
      2007-11-29 19:51 --------- d-----w C:\Program Files\Apple Software Update
      2007-11-29 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
      2007-11-29 18:37 --------- d-----w C:\Program Files\PSPMovieCreator
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      .

      ((((((((((((((((((((((((((((( [email protected]_19.19.28.78 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-01-14 18:05:49 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
      + 2008-01-19 17:47:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
      - 2008-01-14 18:05:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      + 2008-01-19 17:47:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      - 2008-01-14 18:05:50 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
      + 2008-01-19 17:47:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
      - 2008-01-14 18:05:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      + 2008-01-19 17:47:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      - 2008-01-14 18:05:50 3,985,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
      + 2008-01-19 17:47:43 3,985,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
      - 2008-01-14 18:05:50 4,046,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
      + 2008-01-19 17:47:43 4,046,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
      - 2005-03-01 10:27:04 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
      + 2004-12-07 10:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
      + 2007-03-15 11:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
      + 2007-03-15 11:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
      + 2008-01-19 17:53:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_908.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C0504C7-2F67-4795-B759-E7C3F4C43638}]
      2007-12-24 16:45 314784 --a------ C:\WINDOWS\system32\awvtr.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
      "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 06:42 3293184]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35 202024]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
      "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
      "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 88363 C:\WINDOWS\AGRSMMSG.exe]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
      "Dit"="Dit.exe" [2004-07-20 17:18 90112 C:\WINDOWS\Dit.exe]
      "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
      "Cmaudio"="cmicnfg.cpl"
      "CHotkey"="mHotkey.exe" [2004-02-24 13:05 508416 C:\WINDOWS\mHotkey.exe]
      "ledpointer"="CNYHKey.exe" [2004-02-03 16:15 5794816 C:\WINDOWS\CNYHKey.exe]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
      "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
      "!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
      "RegistryMechanic"=""
      "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 16:04 2951296]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "UIHost"="LogonUI.EXE"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijkj]
      mljijkj.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awvtr.dll

      R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
      R3 sitwl142;Sitecom WL-142 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-03-01 18:50]
      R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 16:13]
      R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 11:07]
      S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-19 17:09]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1199a5f-5716-11dc-aad9-af1b8dce2cf2}]
      \Shell\AutoRun\command - J:\setupSNK.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-12-22 06:47:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-19 18:54:26
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
      -> C:\WINDOWS\system32\awvtr.dll

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\WINDOWS\system32\awvtr.dll
      -> C:\WINDOWS\HKCYDLL.dll
      .
      Voltooingstijd: 2008-01-19 18:56:41 - machine was rebooted [Bas]
      ComboFix-quarantined-files.txt 2008-01-19 17:56:39
      ComboFix2.txt 2008-01-14 18:20:00
      .
      2008-01-09 16:51:57 --- E O F ---

      en hier mijn nieuwe HijackThis log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:58:02, on 19-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\Dit.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\Google Talk\googletalk.exe
      C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentbytes.net/browse.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentbytes.net/browse.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
      O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

      --
      End of file - 6831 bytes

      groeten

      Comment


      • #4
        Best dat je de instructies correct opvolgt, anders gaat het niet lukken.
        Om makkelijk te werken plaats je ComboFix, zoals ik al eerder aangaf, op je bureaublad. Jij had het gestart uit de map met tijdelijke internetbestanden.

        Open een kladblokbestand.
        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
        Sla het kladblokbestand op als CFScript.txt
        Code:
        FILE::
        C:\WINDOWS\wininit.ini
        C:\WINDOWS\system32\awvtr.dll
        
        Registry::
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C0504C7-2F67-4795-B759-E7C3F4C43638}]
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijkj]
        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
        "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

        ComboFix zal opnieuw starten.
        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
        Post de inhoud van de logfile.

        Comment


        • #5
          mijn excuses voor het onzorgvuldig uitvoeren van jou raad.

          ik hoop dat ik het dit keer goed heb gedaan hier is mijn log file:

          ComboFix 08-01-20.1 - Bas 2008-01-21 16:47:47.3 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.584 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Bas\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Bas\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\WINDOWS\system32\awvtr.dll
          C:\WINDOWS\wininit.ini
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\awvtr.dll
          C:\WINDOWS\system32\rtvwa.ini
          C:\WINDOWS\system32\rtvwa.ini2
          C:\WINDOWS\wininit.ini

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))
          .

          2008-01-19 21:45 . 2008-01-19 21:45 <DIR> d-------- C:\Program Files\MegauploadToolbar
          2008-01-19 21:45 . 2008-01-19 21:47 <DIR> d-------- C:\Documents and Settings\Bas\Application Data\MegauploadToolbar
          2008-01-19 17:45 . 2008-01-19 17:45 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-14 19:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-13 21:55 . 2008-01-13 22:33 51,355 --a------ C:\WINDOWS\system32\muzika.xm
          2008-01-13 15:58 . 2008-01-13 15:58 <DIR> d-------- C:\Documents and Settings\Bas\Application Data\Grisoft
          2008-01-13 15:55 . 2008-01-13 17:54 <DIR> d-------- C:\Program Files\Ad-Aware 2007
          2008-01-13 15:55 . 2008-01-13 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-01-13 15:54 . 2008-01-13 15:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-01-13 15:49 . 2008-01-13 15:49 <DIR> d-------- C:\Program Files\LavaSoft Ad Aware 2007
          2008-01-13 15:38 . 2008-01-13 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-13 15:34 . 2008-01-13 15:58 <DIR> d-------- C:\Program Files\AVG Anti-Spyware 7.5
          2008-01-13 15:34 . 2008-01-13 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2008-01-13 15:34 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
          2007-12-22 10:04 . 2007-12-22 10:05 <DIR> d-------- C:\Program Files\QuickTime
          2007-12-22 10:04 . 2007-12-22 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
          2007-12-21 18:43 . 2007-12-21 18:43 <DIR> d-------- C:\Program Files\Windows Live

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-19 20:30 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
          2008-01-19 18:26 --------- d-----w C:\Program Files\MSN Messenger
          2008-01-19 17:51 --------- d-----w C:\Documents and Settings\Bas\Application Data\Azureus
          2008-01-13 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2008-01-13 16:47 --------- d-----w C:\Program Files\BSplayerPro
          2008-01-13 13:52 --------- d-----w C:\Documents and Settings\Bas\Application Data\GrabIt
          2008-01-13 13:27 --------- d-----w C:\Documents and Settings\Bas\Application Data\Move Networks
          2007-12-27 12:01 --------- d-----w C:\Program Files\Azureus
          2007-12-15 16:58 --------- d-----w C:\Program Files\Common Files\Adobe
          2007-12-12 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2007-11-29 19:54 --------- d-----w C:\Documents and Settings\Bas\Application Data\Apple Computer
          2007-11-29 19:51 --------- d-----w C:\Program Files\Apple Software Update
          2007-11-29 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
          2007-11-29 18:37 --------- d-----w C:\Program Files\PSPMovieCreator
          .

          ((((((((((((((((((((((((((((( [email protected]_19.19.28.78 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-01-14 18:05:49 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          + 2008-01-21 15:46:57 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          - 2008-01-14 18:05:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-21 15:46:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          - 2008-01-14 18:05:50 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          + 2008-01-21 15:46:57 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          - 2008-01-14 18:05:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          + 2008-01-21 15:46:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          - 2008-01-14 18:05:50 3,985,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          + 2008-01-21 15:46:57 3,985,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          - 2008-01-14 18:05:50 4,046,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2008-01-21 15:46:57 4,046,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          - 2007-08-30 20:01:46 29,926 ----a-r C:\WINDOWS\Installer\{9816B8B8-4B53-4D3D-9235-AD931252001D}\MsblIco.Exe
          + 2008-01-19 18:26:36 29,926 ----a-r C:\WINDOWS\Installer\{9816B8B8-4B53-4D3D-9235-AD931252001D}\MsblIco.Exe
          - 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
          + 2008-01-02 09:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
          + 2007-03-15 11:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
          + 2007-03-15 11:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
          "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 06:42 3293184]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35 202024]
          "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
          "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
          "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 08:06 88363 C:\WINDOWS\AGRSMMSG.exe]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
          "Dit"="Dit.exe" [2004-07-20 17:18 90112 C:\WINDOWS\Dit.exe]
          "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
          "Cmaudio"="cmicnfg.cpl"
          "CHotkey"="mHotkey.exe" [2004-02-24 13:05 508416 C:\WINDOWS\mHotkey.exe]
          "ledpointer"="CNYHKey.exe" [2004-02-03 16:15 5794816 C:\WINDOWS\CNYHKey.exe]
          "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
          "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
          "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
          "!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
          "RegistryMechanic"=""

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
          "DisableRegistryTools"= 0 (0x0)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
          "UIHost"="LogonUI.EXE"

          R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
          R3 sitwl142;Sitecom WL-142 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-03-01 18:50]
          R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 16:13]
          R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 11:07]
          S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-19 21:30]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1199a5f-5716-11dc-aad9-af1b8dce2cf2}]
          \Shell\AutoRun\command - J:\setupSNK.exe

          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-22 06:47:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-21 16:52:48
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
          -> C:\WINDOWS\HKCYDLL.dll
          .
          Voltooingstijd: 2008-01-21 16:54:48 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-21 15:54:46
          ComboFix2.txt 2008-01-19 17:56:42
          ComboFix3.txt 2008-01-14 18:20:00
          .
          2008-01-09 16:51:57 --- E O F ---

          Comment


          • #6
            ---

            Comment


            • #7
              Ziet er goed uit Gruffalo.
              Zijn er nog problemen momenteel?

              Comment


              • #8
                Nee ik ondervind geen problemen meer,
                als dat wel het geval is post ik een nieuw bericht.

                Ik wil je heel erg bedanken voor je hulp!

                Groetjes

                Comment


                • #9
                  Installeer een virusscanner, update deze en laat de volledige computer controleren op aanwezigheid van malware.
                  Wordt er wat gevonden, dan laat je dit verwijderen.

                  Meld je daarna terug met een nieuwe hijackthislog.
                  Dan kunnen we de laatste stapjes doen.

                  Comment


                  • #10
                    Hallo,

                    Ik heb nog een laatste scan gedaan met AVG nadat ik hem eerst geupdate heb. uit de scan kwam gelukkig helemaal niks.
                    hier volgt mijn HijackThis logje:

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 23:06:41, on 21-1-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                    C:\WINDOWS\system32\nvsvc32.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\system32\RUNDLL32.EXE
                    C:\WINDOWS\AGRSMMSG.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\WINDOWS\Dit.exe
                    C:\WINDOWS\system32\RunDll32.exe
                    C:\WINDOWS\mHotkey.exe
                    C:\WINDOWS\CNYHKey.exe
                    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Google\Google Talk\googletalk.exe
                    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
                    C:\Program Files\DAEMON Tools\daemon.exe
                    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
                    C:\WINDOWS\System32\svchost.exe
                    c:\progra~1\azureus\Azureus.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    C:\Program Files\Grisoft\AVG7\avgcc.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentbytes.net/browse.php
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentbytes.net/browse.php
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKLM\..\Run: [Dit] Dit.exe
                    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
                    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
                    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
                    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
                    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
                    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
                    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

                    --
                    End of file - 7431 bytes

                    Groetjes

                    Comment


                    • #11
                      Mooi zo. Dan kunnen we afsluiten.

                      Ga naar Start - Uitvoeren en tik in: ComboFix /u
                      Druk op Enter.

                      Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                      De status van deze thread zet ik op opgelost.
                      Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                      Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                      Happy surfing again.

                      Comment


                      • #12
                        Heel erg Bedankt voor je hulp nogmaals Marckie!

                        Comment


                        • #13
                          Graag gedaan Gruffalo.

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X