Mededeling

Collapse
No announcement yet.

internet werkt maar voor even

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • internet werkt maar voor even

    direct na het opstarten doet het internet het wel maar na een minutt of 20 houdt ie ermee op. ook krijg ik berichten over illegale software

    hier de file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:18:04, on 28-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [MsManager] C:\WINDOWS\SYSTEM\msmgr.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\winver.exe
    O4 - HKLM\..\RunServices: [TPSRV9x] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Agenda-herinneringen.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-8af04ede3dbb9b6b.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: wincis32 - C:\WINDOWS\SYSTEM32\wincis32.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

    --
    End of file - 6372 bytes

  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O4 - HKLM\..\Run: [MsManager] C:\WINDOWS\SYSTEM\msmgr.exe
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\winver.exe
    O20 - Winlogon Notify: wincis32 - C:\WINDOWS\SYSTEM32\wincis32.dll


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.

    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Hoi Marckie

      Bedankt voor je reactie.

      Internet was gisteren helemaal weg daarom heb ik zelf maar een paar verdachte hijack this files gefixed om weer verbinding te krijgen. hoop dat het niet zo veel uitmaakt.

      hier is de logfile van combofix:

      ComboFix 08-02.02.5 - Administrator 2008-02-02 20:51:26.3 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.95 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\wincis32.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
      .

      2008-01-29 22:10 . 2008-02-01 16:18 <DIR> d-------- C:\WINDOWS\system32\nl-nl
      2008-01-28 21:17 . 2008-01-28 21:17 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-07 17:56 . 2008-01-07 17:56 <DIR> d-------- C:\Program Files\MSXML 4.0
      2008-01-03 21:10 . 2002-12-31 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
      2008-01-03 19:26 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-02 19:36 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
      2008-02-02 19:36 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
      2008-02-02 19:28 86,784 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
      2008-02-02 19:28 86,784 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
      2008-01-14 20:10 --------- d-----w C:\Program Files\Free Screen Recorder
      2008-01-14 20:09 --------- d-----w C:\Program Files\ZD Soft
      2007-12-26 15:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-26 00:18 --------- d-----w C:\Program Files\CoffeeCup Software
      2007-12-24 13:03 --------- d-----w C:\Program Files\quicksnooker
      2007-12-16 12:09 --------- d-----w C:\Program Files\Common Files\TerraGame Shared
      2007-12-15 21:56 774,144 ----a-w C:\Program Files\RngInterstitial.dll
      2007-12-15 21:55 --------- d-----w C:\Program Files\Real
      2007-12-02 21:25 --------- d-----w C:\Program Files\ConsoleClassix.com
      2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-02-11 19:39 22 ----a-w C:\Program Files\zia03736
      2006-11-02 17:54 24,203,072 ----a-w C:\Program Files\AdbeRdr708_nl_NL.exe
      2006-10-30 20:21 1,852,949 ----a-w C:\Program Files\WinRAR.rar
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
      "WebCamRT.exe"=""
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-24 21:04 282624]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
      "TPSRV9x"="C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe" [2007-09-21 10:33 405552]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 13:00 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]
      Microsoft Works Agenda-herinneringen.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 08:53:00 53317]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
      avldr.dll 2007-09-21 10:33 50736 C:\WINDOWS\system32\avldr.dll

      R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-21 10:33]
      R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-09-21 10:33]
      R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-09-21 10:33]
      R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-09-21 10:33]
      R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-09-21 10:33]
      R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-10-18 21:12]
      R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-09-21 10:33]
      R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-09-21 10:33]
      R2 aspnet_admin;ASP.NET Admin Service;C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe [2004-06-24 21:52]
      R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-09-21 10:33]
      R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-10-18 21:12]
      R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps snelle ethernet-adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
      R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:54]
      R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
      R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
      R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-10-18 21:12]
      R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys
      R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys
      S2 ERFPHEGQ;ERFPHEGQ;C:\WINDOWS\system32\erfphegq.gls
      S3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-09-06 20:49]
      S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);C:\WINDOWS\system32\DRIVERS\USRWGU.sys

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec5e2f2-4fe8-11dc-969e-000102da05be}]
      \Shell\AutoRun\command - F:\RunGame.exe

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-02 21:01:01
      Windows 5.1.2600 Service Pack 2 NTFS

      detected NTDLL code modification:
      ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\wincis32.dll
      .
      Voltooingstijd: 2008-02-02 21:06:31
      ComboFix-quarantined-files.txt 2008-02-02 20:06:18
      ComboFix2.txt 2007-11-15 23:07:27
      ComboFix3.txt 2007-11-15 18:59:45
      .
      2008-02-01 15:20:18 --- E O F ---




      illegaal software meldingen blijven nog steeds aanwezig en internet verbinding valt ook uit na een tijdje.

      Comment


      • #4
        Herstart de computer, maak een nieuwe log met combofix en post deze.
        Maak daarna een nieuwe hijackthislog en post deze ook.

        Comment


        • #5
          Hallo

          hier de resultaten

          combofix:

          ComboFix 08-02.02.5 - Administrator 2008-02-02 21:49:31.4 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.100 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
          .

          2008-01-29 22:10 . 2008-02-01 16:18 <DIR> d-------- C:\WINDOWS\system32\nl-nl
          2008-01-28 21:17 . 2008-01-28 21:17 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-07 17:56 . 2008-01-07 17:56 <DIR> d-------- C:\Program Files\MSXML 4.0
          2008-01-03 21:10 . 2002-12-31 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
          2008-01-03 19:26 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-02 20:44 86,784 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
          2008-02-02 20:44 86,784 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
          2008-02-02 20:44 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
          2008-02-02 20:44 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
          2008-01-14 20:10 --------- d-----w C:\Program Files\Free Screen Recorder
          2008-01-14 20:09 --------- d-----w C:\Program Files\ZD Soft
          2007-12-26 15:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2007-12-26 00:18 --------- d-----w C:\Program Files\CoffeeCup Software
          2007-12-24 13:03 --------- d-----w C:\Program Files\quicksnooker
          2007-12-16 12:09 --------- d-----w C:\Program Files\Common Files\TerraGame Shared
          2007-12-15 21:56 774,144 ----a-w C:\Program Files\RngInterstitial.dll
          2007-12-15 21:55 --------- d-----w C:\Program Files\Real
          2007-12-02 21:25 --------- d-----w C:\Program Files\ConsoleClassix.com
          2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
          2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
          2007-02-11 19:39 22 ----a-w C:\Program Files\zia03736
          2006-11-02 17:54 24,203,072 ----a-w C:\Program Files\AdbeRdr708_nl_NL.exe
          2006-10-30 20:21 1,852,949 ----a-w C:\Program Files\WinRAR.rar
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
          "WebCamRT.exe"=""
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-24 21:04 282624]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
          "TPSRV9x"="C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe" [2007-09-21 10:33 405552]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 13:00 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]
          Microsoft Works Agenda-herinneringen.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 08:53:00 53317]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
          avldr.dll 2007-09-21 10:33 50736 C:\WINDOWS\system32\avldr.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincis32]
          wincis32.dll

          R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-21 10:33]
          R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-09-21 10:33]
          R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-09-21 10:33]
          R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-09-21 10:33]
          R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-09-21 10:33]
          R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-10-18 21:12]
          R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-09-21 10:33]
          R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-09-21 10:33]
          R2 aspnet_admin;ASP.NET Admin Service;C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe [2004-06-24 21:52]
          R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-09-21 10:33]
          R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-10-18 21:12]
          R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps snelle ethernet-adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
          R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:54]
          R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
          R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
          R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-10-18 21:12]
          R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys
          R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys
          S2 ERFPHEGQ;ERFPHEGQ;C:\WINDOWS\system32\erfphegq.gls
          S3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-09-06 20:49]
          S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);C:\WINDOWS\system32\DRIVERS\USRWGU.sys

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec5e2f2-4fe8-11dc-969e-000102da05be}]
          \Shell\AutoRun\command - F:\RunGame.exe

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-02 21:57:52
          Windows 5.1.2600 Service Pack 2 NTFS

          detected NTDLL code modification:
          ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-02-02 22:02:22
          ComboFix-quarantined-files.txt 2008-02-02 21:02:02
          ComboFix2.txt 2008-02-02 20:06:35
          ComboFix3.txt 2007-11-15 23:07:27
          ComboFix4.txt 2007-11-15 18:59:45
          .
          2008-02-01 15:20:18 --- E O F ---



          hijack this:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 22:03:28, on 2-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
          C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
          C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
          C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
          C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
          C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
          C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
          c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
          C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
          C:\WINDOWS\system32\WgaTray.exe
          c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\RunServices: [TPSRV9x] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O4 - Global Startup: Microsoft Works Agenda-herinneringen.lnk = ?
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-8af04ede3dbb9b6b.spaces.live.com/PhotoUpload/MsnPUpld.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O20 - Winlogon Notify: wincis32 - wincis32.dll (file missing)
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
          O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
          O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
          O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
          O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
          O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
          O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
          O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

          --
          End of file - 6009 bytes

          Comment


          • #6
            Sluit alle open vensters.
            Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

            O20 - Winlogon Notify: wincis32 - wincis32.dll (file missing)

            Klik daarna op "Fix checked" en sluit HijackThis af.

            Download sophos-anti-rootkit: http://www.sophos.com/products/free-...i-rootkit.html
            Plaatst het op je bureaublad.
            Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap C:\Program Files\Sophos\Sophos Anti-Rootkit)
            Wanneer de installatie succesvol is verlopen krijg je hiervan een melding.
            Klik op JA/YES om het programma te starten.
            Zorg dat aangevinkt zijn:
            - Running processes
            - Windows Registry
            - Local Hard Drives
            Klik op de knop "Start Scan".

            Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
            Ga naar Start - Uitvoeren en tik in: %temp%\sarscan.log
            Er opent een kladblokbestandje. Post de inhoud van dit bestand.

            Comment


            • #7
              hoi

              hier de inhoud:


              Sophos Anti-Rootkit Version 1.3.1 (data 1.07) (c) 2006 Sophos Plc
              Started logging on 3-2-2008 at 16:29:10
              Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Grisoft
              Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\Search Bar
              Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_Run
              Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
              Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\User Trusted External Applications\"C:\PROGRA~1\WINDOW~2\wmplayer.exe"
              Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\PROGRA~1\WINDOW~2\wmplayer.exe
              Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\User Trusted External Applications\"C:\Program Files\Windows Media Player\wmplayer.exe"
              Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\Program Files\Windows Media Player\wmplayer.exe
              Stopped logging on 3-2-2008 at 17:01:43

              Comment


              • #8
                Ziet er goed uit.
                Zijn er nog problemen?

                Comment


                • #9
                  hallo

                  Internet doet het nu wel.

                  Alleen blijf ik nog steeds soort van een ster logo van microsoft zien met een waarschuwing over dat mijn systeem mogelijk gevaar loopt en dat ik de dupe ben geworden van softwarevervalsing. direct bij de start van de computer komt er al een waarschuwing.

                  Dank je wel voor je hulp!

                  Comment


                  • #10
                    Die melding verschijnt indien je een illegale versie van Windows gebruikt.

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X