Mededeling

Collapse
No announcement yet.

Trojan Vundo.DWB + StorageProtector

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan Vundo.DWB + StorageProtector

    Geachte forum leden,

    Sinds enkele dagen is mijn computer geinfecteerd met een trojan en/of spyware. De problemen zijn (denk ik) ontstaan na het runnen van een maligne exe-bestand. Mijn computer vertoont de volgende verschijnselen:

    (1) Er zijn twee nieuwe shortcuts op mijn desktop verschenen, vermomd als windows update ikoontjes. In werkelijkheid linken ze echter naar storageprotector.com en ze laten zich niet verwijderen. Ik heb er nooit op geclickt.

    (2) Mijn antivirus programma (AntiVir) geeft om de seconde de melding 'C:\WINDOWS\system32\tznmcmtp.dll is the trojan horse TR/Vundo.DWB'. Geen van aangeboden opties (move to quarantine, delete of access deny) werkt, na een seconde verschijnt steeds weer opnieuw een popup melding. Het opstarten of werken met de computer is hierdoor vrijwel onmogelijk geworden.

    (3) Ik heb een keer in veilige modus opgestart waarbij ik de volgende melding kreeg (die ik vervolgens met OK heb weggeclickt):
    'During a scan of files at system startup, potential errors in the system registry were found.
    p-07-0100 irql: 1f SYSVER 0xff00024
    NT_Kernel error 1256
    KMODE_EXCEPTION_NOT_HANDLED'
    Daarna heb ik geprobeerd om het bestand tznmcmtp.dll te hernoemen, verplaatsen of wissen, maar het systeem geeft dan aan dat het bestand door een programma in gebruik is.

    (4) Vervolgens heb ik (na eindeloos veel AntiVir meldingen te hebben weggeclickt) weer normaal opgestart Ad-Aware gedraaid en vervolgens onderstaande hijackthis-log gedraaid. Dit alles gaat allemaal zeer moeizaam door de vele virus popups, maar ik durf AntiVir niet uit te schakelen.

    Ik hoop zeer dat er een expert op dit forum is die me met dit probleem kan (en wil) helpen. Zit met mijn handen in mijn haar, zoals jullie zullen begrijpen.

    Bij voorbaat dank!

    ------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 10:27:55, on 30-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\Norton Utilities\SYSDOC32.EXE
    C:\Documents and Settings\Olaf (prive)\Bureaublad\Vundo virus\HijackThis.exe
    C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.copernic.com/home17/?l=DUT
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: 143.121.182.143 mvs02
    O1 - Hosts: 143.121.180.143 pdms1001
    O1 - Hosts: 143.121.186.57 mv1004
    O1 - Hosts: 143.121.87.128 pc_casper
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [e87f9504] rundll32.exe "C:\WINDOWS\system32\clqjvcjp.dll",b
    O4 - HKCU\..\Run: [System Restore] svcnet.exe
    O4 - HKCU\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
    O4 - HKCU\..\Run: [RemoteOutlookKiller] C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: NCProTray.lnk = ?
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094101056511
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hybmhapw.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: 143.121.182.143 mvs02
    O1 - Hosts: 143.121.180.143 pdms1001
    O1 - Hosts: 143.121.186.57 mv1004
    O1 - Hosts: 143.121.87.128 pc_casper
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O4 - HKLM\..\Run: [e87f9504] rundll32.exe "C:\WINDOWS\system32\clqjvcjp.dll",b
    O4 - HKCU\..\Run: [System Restore] svcnet.exe


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Wow, Marckie, ik had geen idee dat ik al zo snel een helpende hand zou treffen! Nu wil het feit dat mijn zoontje vandaag 5 wordt en nu zijn kinderfeestje viert (heb nu een huis vol kleuters) - dus als je het goed vind reageer ik pas vanavond met de logs die je me gevraagd hebt. Please don't go away!

      Comment


      • #4
        Ik zie de nieuwe logjes wel verschijnen. Geniet maar van het kinderfeestje, is altijd leuk.

        Comment


        • #5
          Hallo Marckie,
          Alles is goed verlopen. Zie hieronder de logfiles van ComboFix en HijackThis.

          ------------------------------------

          ComboFix 08-01-29.3 - Olaf (prive) 2008-01-30 15:39:17.1 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.664 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Olaf (prive)\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\ddccc.dll
          C:\WINDOWS\system32\nnnmmno.dll
          C:\WINDOWS\system32\tznmcmtp.dll
          C:\RECYCLER\svchosl.exe
          C:\WINDOWS\system32\byxwtqq.dll
          C:\WINDOWS\system32\cbxuuvw.dll
          C:\WINDOWS\SYSTEM32\cccdd.ini
          C:\WINDOWS\SYSTEM32\cccdd.ini2
          C:\WINDOWS\system32\ddccc.dll
          C:\WINDOWS\system32\mcrh.tmp
          C:\WINDOWS\system32\nnnmmno.dll
          C:\WINDOWS\SYSTEM32\pjcvjqlc.ini
          C:\WINDOWS\system32\regsvr32.dll
          C:\WINDOWS\system32\setup.exe.tmp
          C:\WINDOWS\system32\system
          C:\WINDOWS\system32\system\CsLsp.dll
          C:\WINDOWS\system32\tznmcmtp.dll
          C:\WINDOWS\system32\tznmcmtp.dllbox

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_DOMAINSERVICE
          -------\DomainService
          -------\nm


          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))
          .

          2008-01-15 12:31 . 2008-01-15 12:31 78 --a------ C:\BJGQF.bat
          2007-12-18 11:11 . 2007-12-18 11:12 1,491,592 --a------ C:\TEMP\install_flash_player.exe
          2007-12-15 21:30 . 2007-12-04 02:08 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
          2007-12-15 21:30 . 2007-12-04 02:08 9,464 --------- C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys
          2007-12-15 21:30 . 2007-12-04 02:08 9,336 --------- C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-26 23:59 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\Azureus
          2008-01-26 19:26 --------- d-----w C:\Program Files\Azureus
          2008-01-26 18:04 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\Canon
          2007-12-16 17:38 --------- d-----w C:\Program Files\Common Files\Adobe
          2007-12-16 16:30 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\AdobeUM
          2007-12-04 01:08 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
          2005-09-18 13:03 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad740db0-263c-4094-8dc5-2e2bab72933b}]
          C:\WINDOWS\system32\lgbllouu.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Start WingMan Profiler"=""
          "Internet Sweeper"="C:\WINDOWS\SYSTEM32\SWEEPER.exe" [ ]
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 02:24 401496]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
          "LDM"="\Program\BackWeb-8876480.exe" [ ]
          "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-02-10 16:00 1937408]
          "RemoteOutlookKiller"="C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe" [2005-10-19 13:12 98304]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 01:59 200704]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-10 21:27 98304]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
          "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 18:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20 278528]
          "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-15 10:23 249896]
          "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 23:26 406016]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12 777424]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
          "nwiz"="nwiz.exe" [2006-06-01 16:22 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe]
          "NvMediaCenter"="NvMCTray.dll" [2006-06-01 16:22 86016 C:\WINDOWS\SYSTEM32\nvmctray.dll]
          "PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 14:13 49152]
          "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
          "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
          Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-04-05 13:25:54 1459392]
          Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2002-01-19 11:37:53 156160]
          NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-11-24 13:46:19 49220]
          Norton System Doctor.lnk - C:\Program Files\Norton Utilities\SYSDOC32.EXE [2003-01-04 17:41:23 24614]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfi32]
          winmfi32.dll

          R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-12 08:41]
          R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]
          R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-12 08:41]
          R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 03:47]
          R2 PDRJNDL;PDRJNDL;C:\Program Files\Dekart\Private Disk Light\PDRJNDL.SYS [2004-03-19 16:17]
          R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 02:40]
          R2 PRVDISK;PRVDISK;C:\Program Files\Dekart\Private Disk Light\PRVDISK.SYS [2005-02-14 09:46]
          R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-02-05 06:03]
          S3 LwAdiHid;Logitech WingMan-digitale apparaten (automatische detectie);C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2002-08-29 07:16]
          S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
          \Shell\AutoRun\command - H:\welcome.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
          \Shell\AutoRun\command - I:\Setup.exe -auto

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e4a440-f76e-11d9-b945-0090d074ea6c}]
          \Shell\Auto\command - activexdebugger32.exe f
          \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
          \Shell\explore\Command - activexdebugger32.exe f
          \Shell\open\Command - activexdebugger32.exe f

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96cdd6a4-805c-11db-aecf-0050bfd65e3d}]
          \Shell\AutoRun\command - H:\setupSNK.exe

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-30 05:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
          - C:\Program Files\Windows Defender\MpCmdRun.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-30 15:51:33
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
          C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
          C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
          C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
          C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
          C:\Program Files\Norton Utilities\NPROTECT.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
          C:\Program Files\Speed Disk\nopdb.exe
          C:\WINDOWS\system32\wdfmgr.exe
          C:\WINDOWS\system32\UAService7.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Logitech\MouseWare\system\em_exec.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
          C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe
          C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
          C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
          C:\Program Files\Norton Utilities\SYSDOC32.EXE
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-01-30 15:55:54 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-30 14:55:50
          .
          2008-01-14 02:02:40 --- E O F ---



          ---------------------------------------


          Logfile of HijackThis v1.99.1
          Scan saved at 16:00:59, on 30-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
          C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
          C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
          C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
          C:\Program Files\Norton Utilities\NPROTECT.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
          C:\Program Files\Speed Disk\nopdb.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\UAService7.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Logitech\MouseWare\system\em_exec.exe
          C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
          C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe
          C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
          C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
          C:\Program Files\Norton Utilities\SYSDOC32.EXE
          C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
          C:\Documents and Settings\Olaf (prive)\Bureaublad\Vundo virus\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.copernic.com/home17/?l=DUT
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O2 - BHO: {b33927ba-b2e2-5cd8-4904-c3620bd047da} - {ad740db0-263c-4094-8dc5-2e2bab72933b} - C:\WINDOWS\system32\lgbllouu.dll (file missing)
          O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll
          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
          O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
          O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
          O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
          O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
          O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
          O4 - HKCU\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
          O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
          O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
          O4 - HKCU\..\Run: [RemoteOutlookKiller] C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe
          O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
          O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O4 - Global Startup: NCProTray.lnk = ?
          O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
          O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
          O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
          O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
          O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
          O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O11 - Options group: [INTERNATIONAL] International*
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
          O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094101056511
          O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
          O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
          O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
          O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
          O20 - Winlogon Notify: winmfi32 - winmfi32.dll (file missing)
          O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
          O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
          O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
          O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
          O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
          O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
          O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

          ------------------------------------------------

          Comment


          • #6
            Laat deze tool eventjes lopen: http://www.techsupportforum.com/sect...isinfector.exe

            Volg de instructies die je krijgt.

            Daarna maak je een nieuwe log met combofix.
            Maak ook een nieuwe hijackthislog en post deze.
            Gebruik wel deze versie van hijackthis: http://www.trendsecure.com/portal/en...HJTInstall.exe

            Comment


            • #7
              Bedankt voor je snelle reacties. Hier de gevraagde logs:
              -----------------------------------------------------

              ComboFix 08-01-29.3 - Olaf (prive) 2008-01-30 17:36:00.2 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.666 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Olaf (prive)\Bureaublad\ComboFix.exe

              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
              .

              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))
              .

              2008-01-15 12:31 . 2008-01-15 12:31 78 --a------ C:\BJGQF.bat
              2007-12-18 11:11 . 2007-12-18 11:12 1,491,592 --a------ C:\TEMP\install_flash_player.exe
              2007-12-15 21:30 . 2007-12-04 02:08 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
              2007-12-15 21:30 . 2007-12-04 02:08 9,464 --------- C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys
              2007-12-15 21:30 . 2007-12-04 02:08 9,336 --------- C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-26 23:59 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\Azureus
              2008-01-26 19:26 --------- d-----w C:\Program Files\Azureus
              2008-01-26 18:04 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\Canon
              2007-12-16 17:38 --------- d-----w C:\Program Files\Common Files\Adobe
              2007-12-16 16:30 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\AdobeUM
              2007-12-04 01:08 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
              2007-11-07 09:30 727,040 ------w C:\WINDOWS\SYSTEM32\lsasrv.dll
              2007-11-07 09:30 727,040 ------w C:\WINDOWS\SYSTEM32\dllcache\lsasrv.dll
              2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
              2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
              2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
              2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
              2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
              2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wmasf.dll
              2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
              2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
              2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
              2007-10-10 23:53 63,488 ------w C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
              2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
              2007-10-10 23:53 52,224 ------w C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
              2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
              2007-10-10 23:53 459,264 ------w C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
              2007-10-10 23:53 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\iernonce.dll
              2007-10-10 23:53 384,512 ------w C:\WINDOWS\SYSTEM32\dllcache\iedkcs32.dll
              2007-10-10 23:53 383,488 ------w C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
              2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
              2007-10-10 23:53 267,776 ------w C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
              2007-10-10 23:53 232,960 ------w C:\WINDOWS\SYSTEM32\dllcache\webcheck.dll
              2007-10-10 23:53 230,400 ------w C:\WINDOWS\SYSTEM32\dllcache\ieaksie.dll
              2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
              2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
              2007-10-10 23:53 153,088 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakeng.dll
              2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
              2007-10-10 23:53 124,928 ------w C:\WINDOWS\SYSTEM32\dllcache\advpack.dll
              2007-10-10 23:53 105,984 ------w C:\WINDOWS\SYSTEM32\dllcache\url.dll
              2007-10-10 23:53 102,400 ------w C:\WINDOWS\SYSTEM32\dllcache\occache.dll
              2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
              2007-10-10 11:02 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
              2007-10-10 11:02 625,152 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
              2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
              2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
              2005-09-18 13:03 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad740db0-263c-4094-8dc5-2e2bab72933b}]
              C:\WINDOWS\system32\lgbllouu.dll

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Start WingMan Profiler"=""
              "Internet Sweeper"="C:\WINDOWS\SYSTEM32\SWEEPER.exe" [ ]
              "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 02:24 401496]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
              "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
              "LDM"="\Program\BackWeb-8876480.exe" [ ]
              "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-02-10 16:00 1937408]
              "RemoteOutlookKiller"="C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe" [2005-10-19 13:12 98304]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 01:59 200704]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-10 21:27 98304]
              "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
              "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 18:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
              "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20 278528]
              "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-15 10:23 249896]
              "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 23:26 406016]
              "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12 777424]
              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
              "nwiz"="nwiz.exe" [2006-06-01 16:22 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe]
              "NvMediaCenter"="NvMCTray.dll" [2006-06-01 16:22 86016 C:\WINDOWS\SYSTEM32\nvmctray.dll]
              "PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 14:13 49152]
              "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
              "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
              Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-04-05 13:25:54 1459392]
              Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2002-01-19 11:37:53 156160]
              NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-11-24 13:46:19 49220]
              Norton System Doctor.lnk - C:\Program Files\Norton Utilities\SYSDOC32.EXE [2003-01-04 17:41:23 24614]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfi32]
              winmfi32.dll

              R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-12 08:41]
              R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]
              R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-12 08:41]
              R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 03:47]
              R2 PDRJNDL;PDRJNDL;C:\Program Files\Dekart\Private Disk Light\PDRJNDL.SYS [2004-03-19 16:17]
              R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 02:40]
              R2 PRVDISK;PRVDISK;C:\Program Files\Dekart\Private Disk Light\PRVDISK.SYS [2005-02-14 09:46]
              R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-02-05 06:03]
              S3 LwAdiHid;Logitech WingMan-digitale apparaten (automatische detectie);C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2002-08-29 07:16]
              S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
              \Shell\AutoRun\command - H:\welcome.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
              \Shell\AutoRun\command - I:\Setup.exe -auto

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e4a440-f76e-11d9-b945-0090d074ea6c}]
              \Shell\Auto\command - activexdebugger32.exe f
              \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
              \Shell\explore\Command - activexdebugger32.exe f
              \Shell\open\Command - activexdebugger32.exe f

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96cdd6a4-805c-11db-aecf-0050bfd65e3d}]
              \Shell\AutoRun\command - H:\setupSNK.exe

              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-01-30 05:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
              - C:\Program Files\Windows Defender\MpCmdRun.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-01-30 17:37:46
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2008-01-30 17:38:53
              ComboFix-quarantined-files.txt 2008-01-30 16:38:25
              ComboFix2.txt 2008-01-30 14:55:54
              .
              2008-01-14 02:02:40 --- E O F ---


              -------------------------------------------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 17:50:37, on 30-1-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
              C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
              C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
              C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
              C:\Program Files\Norton Utilities\NPROTECT.EXE
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
              C:\Program Files\Speed Disk\nopdb.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\UAService7.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\Program Files\Logitech\iTouch\iTouch.exe
              C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\Logitech\MouseWare\system\em_exec.exe
              C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
              C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe
              C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
              C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
              C:\Program Files\Norton Utilities\SYSDOC32.EXE
              C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
              C:\WINDOWS\explorer.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.copernic.com/home17/?l=DUT
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O2 - BHO: {b33927ba-b2e2-5cd8-4904-c3620bd047da} - {ad740db0-263c-4094-8dc5-2e2bab72933b} - C:\WINDOWS\system32\lgbllouu.dll (file missing)
              O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
              O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
              O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll
              O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
              O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
              O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
              O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
              O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
              O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
              O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
              O4 - HKCU\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
              O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
              O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
              O4 - HKCU\..\Run: [RemoteOutlookKiller] C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
              O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
              O4 - Global Startup: NCProTray.lnk = ?
              O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
              O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
              O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
              O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
              O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
              O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
              O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
              O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094101056511
              O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
              O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
              O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
              O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
              O20 - Winlogon Notify: winmfi32 - winmfi32.dll (file missing)
              O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
              O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
              O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
              O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
              O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
              O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
              O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

              --
              End of file - 10807 bytes
              -----------------------------------------

              Comment


              • #8
                Oorspronkelijk geplaatst door Marckie Bekijk Berichten
                Heeft die tool wat gevonden?

                Comment


                • #9
                  Open een kladblokbestand.
                  Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                  Sla het kladblokbestand op als CFScript.txt
                  Code:
                  Registry::
                  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad740db0-263c-4094-8dc5-2e2bab72933b}]
                  [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfi32]
                  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e4a440-f76e-11d9-b945-0090d074ea6c}]
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "LDM"=-
                  "Internet Sweeper"=-
                  Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                  ComboFix zal opnieuw starten.
                  Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                  Post de inhoud van de logfile.

                  Hoe draait de computer nu?

                  Comment


                  • #10
                    Het tooltje Flash_Disinfector had niets gevonden. Ik had overigens ook nog maar één USB-stick gebruikt sinds mijn problemen zijn begonnen en daarop is dus niets gevonden.

                    Ik heb het CFScript.txt bestandje zoals je aangaf gemaakt en op het ComboFix pictogram gesleept: er gebeurt dan wel iets (een korte tijdsbalk loopt en een blauw dos-scherm flits voorbij), maar het programma runt niet en produceert dus ook geen log-file. Ik heb daarom combofix daarna nog maar een keer handmatig gestart (zie log hieronder), maar ik weet niet of je daar iets aan hebt?

                    ---------------------------------------

                    ComboFix 08-01-29.3 - Olaf (prive) 2008-01-30 18:43:43.3 - NTFSx86
                    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.653 [GMT 1:00]
                    Gestart vanuit: C:\Documents and Settings\Olaf (prive)\Bureaublad\ComboFix.exe

                    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                    .

                    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))
                    .

                    2008-01-30 17:50 . 2008-01-30 17:50 <DIR> d-------- C:\Program Files\Trend Micro
                    2008-01-15 12:31 . 2008-01-15 12:31 78 --a------ C:\BJGQF.bat
                    2007-12-18 11:11 . 2007-12-18 11:12 1,491,592 --a------ C:\TEMP\install_flash_player.exe
                    2007-12-15 21:30 . 2007-12-04 02:08 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
                    2007-12-15 21:30 . 2007-12-04 02:08 9,464 --------- C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys
                    2007-12-15 21:30 . 2007-12-04 02:08 9,336 --------- C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys

                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2008-01-26 23:59 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\Azureus
                    2008-01-26 19:26 --------- d-----w C:\Program Files\Azureus
                    2008-01-26 18:04 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\Canon
                    2007-12-16 17:38 --------- d-----w C:\Program Files\Common Files\Adobe
                    2007-12-16 16:30 --------- d-----w C:\Documents and Settings\Olaf (prive)\Application Data\AdobeUM
                    2007-12-04 01:08 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
                    2007-11-07 09:30 727,040 ------w C:\WINDOWS\SYSTEM32\lsasrv.dll
                    2007-11-07 09:30 727,040 ------w C:\WINDOWS\SYSTEM32\dllcache\lsasrv.dll
                    2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
                    2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
                    2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
                    2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
                    2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
                    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
                    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wmasf.dll
                    2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
                    2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
                    2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
                    2007-10-10 23:53 63,488 ------w C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
                    2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
                    2007-10-10 23:53 52,224 ------w C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
                    2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
                    2007-10-10 23:53 459,264 ------w C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
                    2007-10-10 23:53 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\iernonce.dll
                    2007-10-10 23:53 384,512 ------w C:\WINDOWS\SYSTEM32\dllcache\iedkcs32.dll
                    2007-10-10 23:53 383,488 ------w C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
                    2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
                    2007-10-10 23:53 267,776 ------w C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
                    2007-10-10 23:53 232,960 ------w C:\WINDOWS\SYSTEM32\dllcache\webcheck.dll
                    2007-10-10 23:53 230,400 ------w C:\WINDOWS\SYSTEM32\dllcache\ieaksie.dll
                    2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
                    2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
                    2007-10-10 23:53 153,088 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakeng.dll
                    2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
                    2007-10-10 23:53 124,928 ------w C:\WINDOWS\SYSTEM32\dllcache\advpack.dll
                    2007-10-10 23:53 105,984 ------w C:\WINDOWS\SYSTEM32\dllcache\url.dll
                    2007-10-10 23:53 102,400 ------w C:\WINDOWS\SYSTEM32\dllcache\occache.dll
                    2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
                    2007-10-10 11:02 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
                    2007-10-10 11:02 625,152 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
                    2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
                    2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
                    2005-09-18 13:03 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI
                    .

                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    REGEDIT4
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad740db0-263c-4094-8dc5-2e2bab72933b}]
                    C:\WINDOWS\system32\lgbllouu.dll

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Start WingMan Profiler"=""
                    "Internet Sweeper"="C:\WINDOWS\SYSTEM32\SWEEPER.exe" [ ]
                    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 02:24 401496]
                    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
                    "LDM"="\Program\BackWeb-8876480.exe" [ ]
                    "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-02-10 16:00 1937408]
                    "RemoteOutlookKiller"="C:\Program Files\Wisco\RemoteOutlookKiller\RemoteOutlookKiller.exe" [2005-10-19 13:12 98304]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 01:59 200704]
                    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
                    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-10 21:27 98304]
                    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
                    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 18:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
                    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20 278528]
                    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-15 10:23 249896]
                    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 23:26 406016]
                    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12 777424]
                    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
                    "nwiz"="nwiz.exe" [2006-06-01 16:22 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe]
                    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 16:22 86016 C:\WINDOWS\SYSTEM32\nvmctray.dll]
                    "PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 14:13 49152]
                    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
                    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]

                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
                    Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-04-05 13:25:54 1459392]
                    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2002-01-19 11:37:53 156160]
                    NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-11-24 13:46:19 49220]
                    Norton System Doctor.lnk - C:\Program Files\Norton Utilities\SYSDOC32.EXE [2003-01-04 17:41:23 24614]

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfi32]
                    winmfi32.dll

                    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-12 08:41]
                    R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]
                    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-12 08:41]
                    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 03:47]
                    R2 PDRJNDL;PDRJNDL;C:\Program Files\Dekart\Private Disk Light\PDRJNDL.SYS [2004-03-19 16:17]
                    R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 02:40]
                    R2 PRVDISK;PRVDISK;C:\Program Files\Dekart\Private Disk Light\PRVDISK.SYS [2005-02-14 09:46]
                    R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-02-05 06:03]
                    S3 LwAdiHid;Logitech WingMan-digitale apparaten (automatische detectie);C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2002-08-29 07:16]
                    S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
                    \Shell\AutoRun\command - H:\welcome.exe

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
                    \Shell\AutoRun\command - I:\Setup.exe -auto

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e4a440-f76e-11d9-b945-0090d074ea6c}]
                    \Shell\Auto\command - activexdebugger32.exe f
                    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
                    \Shell\explore\Command - activexdebugger32.exe f
                    \Shell\open\Command - activexdebugger32.exe f

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96cdd6a4-805c-11db-aecf-0050bfd65e3d}]
                    \Shell\AutoRun\command - H:\setupSNK.exe

                    .
                    Inhoud van de 'Gedeelde Taken' map
                    "2008-01-30 05:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
                    - C:\Program Files\Windows Defender\MpCmdRun.exe
                    .
                    **************************************************************************

                    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2008-01-30 18:45:02
                    Windows 5.1.2600 Service Pack 2 NTFS

                    scannen van verborgen processen ...

                    scannen van verborgen autostart items ...

                    scannen van verborgen bestanden ...

                    Scan succesvol afgerond
                    verborgen bestanden: 0

                    **************************************************************************
                    .
                    Voltooingstijd: 2008-01-30 18:46:08
                    ComboFix-quarantined-files.txt 2008-01-30 17:45:41
                    ComboFix2.txt 2008-01-30 16:38:53
                    ComboFix3.txt 2008-01-30 14:55:54
                    .
                    2008-01-14 02:02:40 --- E O F ---

                    Comment


                    • #11
                      PS. De computer lijkt weer normaal te werken. Ik heb de virusscanner weer aangezet en krijg vooralsnog geen meldingen.

                      Comment


                      • #12
                        OPen deze map: C:\Qoobox
                        Daarin zie je bestandjes met de naam CFScript_used gevolg door een tijdstip.
                        Post de inhoud van het bestandje met het meeste recente tijdstip.

                        Comment


                        • #13
                          Het spijt me, maar in C:\QooBox staan alléén de submap BackEnv, submap Quarantine, ComboFix2.txt, ComboFix3.txt, ComboFix-quarantined-files.txt en twee keer een [email protected] file.

                          Ik heb dus geen CFScript_used bestanden. Zoals ik eerder aangaf, lijkt het eerder dus niet gelukt te zijn om ComboFix.exe te runnen door het CFScript.txt te droppen. Advies?

                          Comment


                          • #14
                            Probeer opnieuw.

                            Comment


                            • #15
                              Gecontroleerd: ComboFix.exe staat rechtstreeks op de desktop, het CFScript.txt bestandje bevat de exacte code zoals beschreven. Echter er gebeurt weer precies hetzelfde: ComboFix reageert direct en toont even een soort voortgangsbalk, daarna flitst heel kort een leeg blauw dos-scherm voorbij, maar verder gebeurt er niets (dus ook geen log-file). Mist er wellicht een stukje code in het CFScript?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X