Mededeling

Collapse
No announcement yet.

Fout opgetreden in programfiles met rundll

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Fout opgetreden in programfiles met rundll

    Hallo,
    Deze pc komt bij het opstarten met een volgende melding:
    Er is een fout opgetreden tijdens het laden van c:\program Files\sdgzezyx\mnyfmded.dll Kan opgegeven module niet vinden.

    Hierbij het hijacklogfile en alvast bedankt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:44:38, on 2-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\dnbxb.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\ptczw.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer_.exe /quiet
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [sdgzezyx] rundll32.exe "C:\Program Files\sdgzezyx\mnyfmded.dll",Init
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Pinnacle Scheduler.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://dialer.midhold.nl/dialer_download/snelkiezer_plugin_referer=%20%20%20%20.exe
    O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
    O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} - http://exe.dialer.tintel.nl/tcw.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
    O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)

    --
    End of file - 7262 bytes

  • #2
    McAfee gebruik je niet meer en mag weg neem ik aan?

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\dnbxb.exe
    O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\ptczw.exe
    O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer_.exe /quiet
    O4 - HKLM\..\Run: [sdgzezyx] rundll32.exe "C:\Program Files\sdgzezyx\mnyfmded.dll",Init
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://dialer.midhold.nl/dialer_down...0%20%20%20.exe
    O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interacti...tallPlugIn.cab
    O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} - http://exe.dialer.tintel.nl/tcw.cab
    O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)


    Klik daarna op "Fix checked" en sluit HijackThis af.


    Ga naar Start - Uitvoeren en tik in: sc delete Srv32
    Druk op Enter.
    Herstart de computer.


    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Hallo Marckie,

      Gedaan wat je zei maar ik heb vlg`s jou nog iets van mcafee hierop zitten , via software vindt ik dit niet.Hoe moet ik de resten hiervan verwijderen?

      Bij het opstarten ben ik gelukkig nu wel van die rundll melding af thanks.

      Hieronder de combo.txt file en daarna de hijacklog.

      ComboFix 08-02.02.5 - arjen 2008-02-02 14:08:47.1 - NTFSx86
      Gestart vanuit: C:\Documents and Settings\arjen\Bureaublad\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\PerfInfo
      C:\WINDOWS\ppqvmpqr
      C:\WINDOWS\ppqvmpqr\1.png
      C:\WINDOWS\ppqvmpqr\2.png
      C:\WINDOWS\ppqvmpqr\3.png
      C:\WINDOWS\ppqvmpqr\4.png
      C:\WINDOWS\ppqvmpqr\5.png
      C:\WINDOWS\ppqvmpqr\6.png
      C:\WINDOWS\ppqvmpqr\bottom-rc.gif
      C:\WINDOWS\ppqvmpqr\content.png
      C:\WINDOWS\ppqvmpqr\download.gif
      C:\WINDOWS\ppqvmpqr\frame-bottom-left.gif
      C:\WINDOWS\ppqvmpqr\frame-h1bg.gif
      C:\WINDOWS\ppqvmpqr\head.png
      C:\WINDOWS\ppqvmpqr\indexuc.html
      C:\WINDOWS\ppqvmpqr\indexud.html
      C:\WINDOWS\ppqvmpqr\main.css
      C:\WINDOWS\ppqvmpqr\net.png
      C:\WINDOWS\ppqvmpqr\pc-mag.gif
      C:\WINDOWS\ppqvmpqr\pc.gif
      C:\WINDOWS\ppqvmpqr\poloska1.png
      C:\WINDOWS\ppqvmpqr\poloska2.png
      C:\WINDOWS\ppqvmpqr\poloska3.png
      C:\WINDOWS\ppqvmpqr\promouc1.html
      C:\WINDOWS\ppqvmpqr\promouc2.html
      C:\WINDOWS\ppqvmpqr\promouc3.html
      C:\WINDOWS\ppqvmpqr\promouc4.html
      C:\WINDOWS\ppqvmpqr\promouc5.html
      C:\WINDOWS\ppqvmpqr\promoud1.html
      C:\WINDOWS\ppqvmpqr\promoud2.html
      C:\WINDOWS\ppqvmpqr\promoud3.html
      C:\WINDOWS\ppqvmpqr\promoud4.html
      C:\WINDOWS\ppqvmpqr\promoud5.html
      C:\WINDOWS\ppqvmpqr\reg.png
      C:\WINDOWS\ppqvmpqr\repair.png
      C:\WINDOWS\ppqvmpqr\scr-1.png
      C:\WINDOWS\ppqvmpqr\scr-2.png
      C:\WINDOWS\ppqvmpqr\styles.css
      C:\WINDOWS\ppqvmpqr\top-rc.gif
      C:\WINDOWS\ppqvmpqr\vline.gif
      C:\WINDOWS\system32\drvnuhr.dll
      C:\WINDOWS\system32\ndaTqsVqrX.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
      .

      2008-02-02 14:05 . 2004-08-03 23:00 261,936 --a------ C:\cmldr
      2008-02-02 14:01 . 2008-02-02 14:01 <DIR> d-------- C:\WINDOWS\LastGood
      2008-02-02 10:46 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-02-01 23:00 . 2008-02-01 23:00 <DIR> d-------- C:\Documents and Settings\arjen\Application Data\Lavasoft
      2008-02-01 22:43 . 2008-02-01 22:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-02-01 22:43 . 2008-02-01 22:43 <DIR> d-------- C:\Program Files\Lavasoft
      2008-02-01 22:43 . 2008-02-02 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-01 22:42 . 2008-02-02 10:55 <DIR> d-------- C:\Program Files\SpywareBlaster
      2008-02-01 22:42 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
      2008-02-01 22:41 . 2008-02-02 10:55 <DIR> d-------- C:\Temp
      2008-02-01 22:41 . 2008-02-01 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-02-01 22:36 . 2008-02-01 22:36 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
      2008-02-01 22:36 . 2008-02-02 11:53 <DIR> d-------- C:\Program Files\Hitman Pro
      2008-02-01 22:24 . 2008-02-01 22:24 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-09 11:24 . 2008-01-09 11:24 <DIR> d-------- C:\WINDOWS\gtvupprv
      2008-01-09 11:24 . 2008-01-09 11:24 204,800 --a------ C:\WINDOWS\system32\ndaTqsVqrXs.dll
      2008-01-02 21:33 . 2008-01-02 21:36 <DIR> d-------- C:\Documents and Settings\arjen\Application Data\U3

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-02 10:10 --------- d-----w C:\Program Files\ESET
      2008-02-02 09:46 --------- d-----w C:\Program Files\Java
      2008-01-16 15:52 --------- d-----w C:\Program Files\Picasa2
      2007-11-21 17:22 298,104 ----a-w C:\WINDOWS\system32\imon.dll
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2004-10-24 07:42 326 ---ha-w C:\Documents and Settings\arjen\hpothb07.dat
      2004-10-23 19:26 153 ---ha-w C:\Documents and Settings\margret\hpothb07.dat
      2004-03-21 19:42 0 ---ha-w C:\Documents and Settings\arjen\Application Data\hpothb07.dat
      2003-04-17 08:16 447,616 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
      2003-04-17 08:15 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
      2003-04-17 08:15 147,200 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
      "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-11-17 10:33 49152]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "TCASUTIEXE"="TCAUDIAG.exe" [2003-02-12 10:55 1334784 C:\WINDOWS\system32\TCAUDIAG.EXE]
      "CTHelper"="CTHELPER.EXE" [2003-08-28 09:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]
      "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
      "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
      "PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-10-11 14:40 61440]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 11:34 406016]
      "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [ ]
      "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
      "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
      "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-21 18:22 949376]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-03-05 20:46:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2004-09-19 11:57:50 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1079873789.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-02 14:09:59
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
      -> C:\Program Files\Eset\pr_imon.dll
      .
      Voltooingstijd: 2008-02-02 14:10:27
      ComboFix-quarantined-files.txt 2008-02-02 13:10:19
      .
      2008-02-02 09:48:02 --- E O F ---


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:20:17, on 2-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\CTSVCCDA.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
      O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
      O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Pinnacle Scheduler.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
      O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
      O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

      --
      End of file - 6495 bytes

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
        Sla het kladblokbestand op als CFScript.txt
        Code:
        File::
        C:\WINDOWS\system32\ndaTqsVqrXs.dll
        
        Folder::
        C:\WINDOWS\gtvupprv
        
        Driver::
        McDetect.exe
        McShield
        McTskshd.exe
        MCVSRte
        
        Registry::
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "VSOCheckTask"=-
        "VirusScan Online"=-
        "MCAgentExe"=-
        "MCUpdateExe"=-
        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

        ComboFix zal opnieuw starten.
        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
        Post de inhoud van de logfile.

        Comment


        • #5
          He Marckie hier de inhoud van combo.txt file.

          ComboFix 08-02.02.5 - arjen 2008-02-02 3:16:28.2 - NTFSx86
          Gestart vanuit: C:\Documents and Settings\arjen\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\arjen\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          C:\WINDOWS\system32\ndaTqsVqrXs.dll
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\gtvupprv
          C:\WINDOWS\gtvupprv\1.png
          C:\WINDOWS\gtvupprv\2.png
          C:\WINDOWS\gtvupprv\3.png
          C:\WINDOWS\gtvupprv\4.png
          C:\WINDOWS\gtvupprv\5.png
          C:\WINDOWS\gtvupprv\6.png
          C:\WINDOWS\gtvupprv\bottom-rc.gif
          C:\WINDOWS\gtvupprv\content.png
          C:\WINDOWS\gtvupprv\download.gif
          C:\WINDOWS\gtvupprv\frame-bottom-left.gif
          C:\WINDOWS\gtvupprv\frame-h1bg.gif
          C:\WINDOWS\gtvupprv\head.png
          C:\WINDOWS\gtvupprv\indexpt.html
          C:\WINDOWS\gtvupprv\indexsg.html
          C:\WINDOWS\gtvupprv\main.css
          C:\WINDOWS\gtvupprv\net.png
          C:\WINDOWS\gtvupprv\pc-mag.gif
          C:\WINDOWS\gtvupprv\pc.gif
          C:\WINDOWS\gtvupprv\poloska1.png
          C:\WINDOWS\gtvupprv\poloska2.png
          C:\WINDOWS\gtvupprv\poloska3.png
          C:\WINDOWS\gtvupprv\promopt1.html
          C:\WINDOWS\gtvupprv\promopt2.html
          C:\WINDOWS\gtvupprv\promopt3.html
          C:\WINDOWS\gtvupprv\promopt4.html
          C:\WINDOWS\gtvupprv\promopt5.html
          C:\WINDOWS\gtvupprv\promosg1.html
          C:\WINDOWS\gtvupprv\promosg2.html
          C:\WINDOWS\gtvupprv\promosg3.html
          C:\WINDOWS\gtvupprv\promosg4.html
          C:\WINDOWS\gtvupprv\promosg5.html
          C:\WINDOWS\gtvupprv\reg.png
          C:\WINDOWS\gtvupprv\repair.png
          C:\WINDOWS\gtvupprv\scr-3.png
          C:\WINDOWS\gtvupprv\scr-4.png
          C:\WINDOWS\gtvupprv\scr-5.png
          C:\WINDOWS\gtvupprv\scr-6.png
          C:\WINDOWS\gtvupprv\styles.css
          C:\WINDOWS\gtvupprv\top-rc.gif
          C:\WINDOWS\gtvupprv\vline.gif
          C:\WINDOWS\system32\ndaTqsVqrXs.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_MCDETECT.EXE
          -------\LEGACY_MCSHIELD
          -------\LEGACY_MCTSKSHD.EXE
          -------\LEGACY_MCVSRTE
          -------\McDetect.exe
          -------\McShield
          -------\McTskshd.exe
          -------\MCVSRte


          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
          .

          2008-02-02 14:05 . 2004-08-03 23:00 261,936 --a------ C:\cmldr
          2008-02-02 10:46 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2008-02-01 23:00 . 2008-02-01 23:00 <DIR> d-------- C:\Documents and Settings\arjen\Application Data\Lavasoft
          2008-02-01 22:43 . 2008-02-01 22:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
          2008-02-01 22:43 . 2008-02-01 22:43 <DIR> d-------- C:\Program Files\Lavasoft
          2008-02-01 22:43 . 2008-02-02 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-02-01 22:42 . 2008-02-02 10:55 <DIR> d-------- C:\Program Files\SpywareBlaster
          2008-02-01 22:42 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
          2008-02-01 22:41 . 2008-02-02 10:55 <DIR> d-------- C:\Temp
          2008-02-01 22:41 . 2008-02-01 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
          2008-02-01 22:36 . 2008-02-01 22:36 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
          2008-02-01 22:36 . 2008-02-02 11:53 <DIR> d-------- C:\Program Files\Hitman Pro
          2008-02-01 22:24 . 2008-02-01 22:24 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-02 21:33 . 2008-01-02 21:36 <DIR> d-------- C:\Documents and Settings\arjen\Application Data\U3

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-02 10:10 --------- d-----w C:\Program Files\ESET
          2008-02-02 09:46 --------- d-----w C:\Program Files\Java
          2008-01-16 15:52 --------- d-----w C:\Program Files\Picasa2
          2004-10-24 07:42 326 ---ha-w C:\Documents and Settings\arjen\hpothb07.dat
          2004-10-23 19:26 153 ---ha-w C:\Documents and Settings\margret\hpothb07.dat
          2004-03-21 19:42 0 ---ha-w C:\Documents and Settings\arjen\Application Data\hpothb07.dat
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-11-17 10:33 49152]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "TCASUTIEXE"="TCAUDIAG.exe" [2003-02-12 10:55 1334784 C:\WINDOWS\system32\TCAUDIAG.EXE]
          "CTHelper"="CTHELPER.EXE" [2003-08-28 09:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]
          "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
          "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
          "PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-10-11 14:40 61440]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
          "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 11:34 406016]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-21 18:22 949376]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
          "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-03-05 20:46:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2004-09-19 11:57:50 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1079873789.job"
          - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-02 03:19:26
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

          PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
          -> C:\Program Files\Eset\pr_imon.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\WINDOWS\system32\CTSVCCDA.EXE
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\System32\MsPMSPSv.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-02 3:21:03 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-02 02:21:00
          ComboFix2.txt 2008-02-02 13:10:27
          .
          2008-02-02 13:23:07 --- E O F ---

          Comment


          • #6
            Ziet er al beter uit.
            Zijn er nog problemen?

            Comment


            • #7
              Marckie mag ik jou weer hartelijk danken voor het oplossen van dit probleem.
              Vooral de snelheid van het reageren op mijn logje sta ik toch elke keer van te kijken.
              Bedankt nogmaals en plaats deze maar bij de opgeloste hijack logs.

              Comment


              • #8
                Graag gedaan.

                Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
                Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
                Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
                • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
                • Klik vervolgens op de toets Scan Settings.
                  Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
                  Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
                • Klik dan op de toets OK.
                • Start nu het scannen door op de tekst My Computer te klikken.


                  Hou er rekening mee dat deze scan een tijdje in beslag neemt.
                • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
                  Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

                Post dit rapport in je volgende bericht.

                Comment


                • #9
                  Hallo Marckie hier het logje van Kaspersky.

                  -------------------------------------------------------------------------------
                  KASPERSKY ONLINE SCANNER REPORT
                  Sunday, February 03, 2008 12:21:19 AM
                  Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
                  Kaspersky Online Scanner version: 5.0.98.0
                  Kaspersky Anti-Virus database last update: 2/02/2008
                  Kaspersky Anti-Virus database records: 546114
                  -------------------------------------------------------------------------------

                  Scan Settings:
                  Scan using the following antivirus database: extended
                  Scan Archives: true
                  Scan Mail Bases: true

                  Scan Target - My Computer:
                  A:\
                  C:\
                  D:\
                  E:\
                  F:\

                  Scan Statistics:
                  Total number of scanned objects: 49939
                  Number of viruses found: 7
                  Number of infected objects: 11
                  Number of suspicious objects: 0
                  Duration of the scan process: 00:41:23

                  Infected Object Name / Virus Name / Last Action
                  C:\Documents and Settings\arjen\Cookies\index.dat Object is locked skipped
                  C:\Documents and Settings\arjen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                  C:\Documents and Settings\arjen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                  C:\Documents and Settings\arjen\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                  C:\Documents and Settings\arjen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                  C:\Documents and Settings\arjen\ntuser.dat Object is locked skipped
                  C:\Documents and Settings\arjen\ntuser.dat.LOG Object is locked skipped
                  C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
                  C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                  C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                  C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                  C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                  C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
                  C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
                  C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                  C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                  C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
                  C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
                  C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
                  C:\Program Files\ESET\cache\FND0.NFI Infected: Trojan-Downloader.Win32.Alphabet.an skipped
                  C:\Program Files\ESET\infected\YEM5W4BA.NQF/data0004/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
                  C:\Program Files\ESET\infected\YEM5W4BA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
                  C:\Program Files\ESET\infected\YEM5W4BA.NQF/data0005 Infected: Trojan-Downloader.Win32.Agent.hjs skipped
                  C:\Program Files\ESET\infected\YEM5W4BA.NQF/data0006/data0007 Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
                  C:\Program Files\ESET\infected\YEM5W4BA.NQF/data0006 Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
                  C:\Program Files\ESET\infected\YEM5W4BA.NQF NSIS: infected - 5 skipped
                  C:\Program Files\ESET\infected\YEM5W4BA.NQF PE-Crypt.XorPE: infected - 5 skipped
                  C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
                  C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
                  C:\Program Files\Trend Micro\HijackThis\backups\backup-20080202-134000-906.dll Infected: not-a-virusownloader.Win32.Skilin.b skipped
                  C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
                  C:\System Volume Information\_restore{703CEFFD-69A3-4BEA-9DC3-C4BB7231D171}\RP325\A0325574.dll Infected: Trojan.Win32.Dialer.yz skipped
                  C:\System Volume Information\_restore{703CEFFD-69A3-4BEA-9DC3-C4BB7231D171}\RP325\A0325576.dll Infected: Trojan-Downloader.Win32.Zlob.fvi skipped
                  C:\System Volume Information\_restore{703CEFFD-69A3-4BEA-9DC3-C4BB7231D171}\RP333\change.log Object is locked skipped
                  C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
                  C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
                  C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
                  C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
                  C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
                  C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
                  C:\WINDOWS\SchedLgU.Txt Object is locked skipped
                  C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
                  C:\WINDOWS\Sti_Trace.log Object is locked skipped
                  C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
                  C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
                  C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
                  C:\WINDOWS\system32\config\default Object is locked skipped
                  C:\WINDOWS\system32\config\default.LOG Object is locked skipped
                  C:\WINDOWS\system32\config\SAM Object is locked skipped
                  C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
                  C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
                  C:\WINDOWS\system32\config\SECURITY Object is locked skipped
                  C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
                  C:\WINDOWS\system32\config\software Object is locked skipped
                  C:\WINDOWS\system32\config\software.LOG Object is locked skipped
                  C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
                  C:\WINDOWS\system32\config\system Object is locked skipped
                  C:\WINDOWS\system32\config\system.LOG Object is locked skipped
                  C:\WINDOWS\system32\h323log.txt Object is locked skipped
                  C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
                  C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
                  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
                  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
                  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
                  C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
                  C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
                  C:\WINDOWS\wiadebug.log Object is locked skipped
                  C:\WINDOWS\wiaservc.log Object is locked skipped
                  C:\WINDOWS\WindowsUpdate.log Object is locked skipped
                  D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

                  Scan process completed.

                  Comment


                  • #10
                    Mooi zo.

                    Ga naar Start - Uitvoeren en tik in: ComboFix /u
                    Druk op Enter.


                    Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                    De status van deze thread zet ik op opgelost.
                    Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                    Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                    Happy surfing again scenic.

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X