Mededeling

**Marckie** · 04-02-08, 12:51

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com
O4 - HKLM\..\Run: [40149afb] rundll32.exe "C:\WINDOWS\system32\cupoaywt.dll",b

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**No_Mercy_** · 04-02-08, 13:44

ComboFix 08-02.03.1 - MIMPIE_DENISE 2008-02-04 13:20:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.671 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\MIMPIE_DENISE\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MIMPIE_DENISE\Application Data\inst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\amtossok.dll
C:\WINDOWS\system32\avknbmpr.ini
C:\WINDOWS\system32\buwxfaqu.ini
C:\WINDOWS\system32\bvonqgnj.ini
C:\WINDOWS\system32\cupoaywt.dll
C:\WINDOWS\system32\dcoifhbk.ini
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\doniukjx.ini
C:\WINDOWS\system32\dqyefran.ini
C:\WINDOWS\system32\drlgmuvm.ini
C:\WINDOWS\system32\eypjyede.ini
C:\WINDOWS\system32\fuwvdvdf.ini
C:\WINDOWS\system32\ijuurmud.ini
C:\WINDOWS\system32\inghmtbp.dll
C:\WINDOWS\system32\itwlnvxr.dll
C:\WINDOWS\system32\jbnjupyy.ini
C:\WINDOWS\system32\kaaqjaso.ini
C:\WINDOWS\system32\kpnvkgid.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nmbrfjpx.ini
C:\WINDOWS\system32\qgthrkfy.ini
C:\WINDOWS\system32\qkllnpdk.ini
C:\WINDOWS\system32\raiqxptt.dll
C:\WINDOWS\system32\rkhuasrh.dll
C:\WINDOWS\system32\rsvuyxjx.ini
C:\WINDOWS\system32\sjecnirj.ini
C:\WINDOWS\system32\sxgbrkgr.dll
C:\WINDOWS\system32\tciisrsg.ini
C:\WINDOWS\system32\tpotmpxs.dll
C:\WINDOWS\system32\tujdcuvo.ini
C:\WINDOWS\system32\twtfxvgi.dll
C:\WINDOWS\system32\twyaopuc.ini
C:\WINDOWS\system32\urutdqbi.ini
C:\WINDOWS\system32\xjkuinod.dll
C:\WINDOWS\system32\xjxyuvsr.dll
C:\WINDOWS\system32\xuhaswko.ini
C:\WINDOWS\system32\ylshebmf.ini

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
.

2008-02-04 13:29 . 2008-02-04 13:31 6,370 --ahs---- C:\WINDOWS\system32\ddeeg.ini
2008-02-04 12:33 . 2008-02-04 12:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 03:55 . 2008-01-23 03:55 244 --ah----- C:\sqmnoopt10.sqm
2008-01-23 03:55 . 2008-01-23 03:55 232 --ah----- C:\sqmdata10.sqm
2008-01-22 18:34 . 2008-01-22 18:34 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-22 18:34 . 2008-01-22 18:34 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-01-22 05:34 . 2008-01-22 05:34 244 --ah----- C:\sqmnoopt09.sqm
2008-01-22 05:34 . 2008-01-22 05:34 232 --ah----- C:\sqmdata09.sqm
2008-01-11 23:56 . 2008-01-11 23:56 <DIR> d-------- C:\Documents and Settings\MIMPIE_DENISE\Application Data\schijfbewaker
2008-01-11 23:51 . 2008-01-11 23:51 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\schijfbewaker
2008-01-11 23:51 . 2008-01-11 23:51 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-11 23:50 . 2008-01-12 01:03 <DIR> d-------- C:\Program Files\SchijfBewaker
2008-01-11 23:50 . 2008-01-11 23:50 <DIR> d-------- C:\Program Files\Common Files\SchijfBewaker
2008-01-11 23:50 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-11 23:38 . 2008-01-11 23:38 257,552 --a------ C:\Documents and Settings\MIMPIE_DENISE\Application Data\setup_nl[1].exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 18:34 --------- d-----w C:\Program Files\eMule
2008-01-18 20:10 --------- d-----w C:\Program Files\McAfee
2008-01-01 06:12 --------- d-----w C:\Documents and Settings\MIMPIE_DENISE\Application Data\uTorrent
2007-12-26 23:09 --------- d-----w C:\Documents and Settings\MIMPIE_DENISE\Application Data\dvdcss
2007-12-26 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-26 14:28 --------- d-----w C:\Program Files\Serif
2007-12-26 14:26 --------- d-----w C:\Program Files\TLC Domus
2007-12-23 19:44 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-12-18 16:06 --------- d-----w C:\Documents and Settings\MIMPIE_DENISE\Application Data\ArcSoft
2007-12-18 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\ArcSoft
2007-12-18 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 13:30 --------- d-----w C:\Program Files\ArcSoft
2007-12-18 11:58 --------- d-----w C:\Program Files\Luxor 3
2007-12-18 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-18 02:01 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-17 01:43 155,995 ----a-w C:\WINDOWS\java\Packages\V9BFPZLZ.ZIP
2007-12-16 21:20 --------- d-----w C:\Program Files\Common Files\Corel
2007-12-16 21:20 --------- d-----w C:\Documents and Settings\MIMPIE_DENISE\Application Data\Corel
2007-12-16 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-16 21:19 --------- d-----w C:\Program Files\Corel
2007-12-16 21:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-12 10:06 --------- d-----w C:\Documents and Settings\MIMPIE_DENISE\Application Data\Vso
2007-12-09 23:42 17,920 ----a-w C:\Documents and Settings\MIMPIE_DENISE\Application Data\GDIPFONTCACHEV1.DAT
2007-12-09 22:19 --------- d-----w C:\Program Files\AviDvdBurner
2007-12-09 22:15 --------- d-----w C:\Program Files\AC3Filter
2007-12-09 22:14 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-09 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-12-09 00:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-08 22:29 --------- d-----w C:\Program Files\Ahead
2007-12-08 22:23 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-08 21:43 --------- d-----w C:\Documents and Settings\MIMPIE_DENISE\Application Data\Ahead
2007-12-08 18:08 --------- d-----w C:\Program Files\Canon
2007-12-08 18:04 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-08 15:28 --------- d-----w C:\Program Files\support.com
2007-12-08 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com
2007-12-06 19:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-06 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 22:12 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-04 22:12 --------- d-----w C:\Program Files\Common Files\Real
2007-12-04 22:11 --------- d-----w C:\Program Files\Real
2007-12-04 22:06 --------- d-----w C:\Program Files\URUSoft
2007-12-04 21:50 --------- d-----w C:\Program Files\MSN Messenger
2007-12-04 21:48 --------- d-----w C:\Program Files\uTorrent
2007-12-04 21:41 --------- d-----w C:\Documents and Settings\MIMPIE_DENISE\Application Data\vlc
2007-12-04 21:40 --------- d-----w C:\Program Files\VideoLAN
2007-12-04 21:15 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-04 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-04 21:02 --------- d-----w C:\Program Files\McAfee.com
2007-12-04 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-04 20:52 --------- d-----w C:\Program Files\Avi2Dvd
2007-12-03 22:05 47,360 ----a-w C:\Documents and Settings\MIMPIE_DENISE\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04793611-94CB-4370-AC9F-F8E129FFF0E0}]
2007-12-17 19:00 314624 --a------ C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-12-17 18:55 24336 --a------ C:\WINDOWS\system32\rqroomk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7f34d177-82c0-4b5c-9498-b5fbcbab7824}]
C:\WINDOWS\system32\mogxhdlo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 17:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"combofix"="C:\ComboFix\kmd.exe" [2004-08-04 01:03 399360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Event Reminder.lnk - C:\Program Files\TLC Domus\PrintMaster\Pmremind.exe [2007-12-26 15:18:09 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\rqroomk.dll [2007-12-17 18:55 24336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqroomk]
rqroomk.dll 2007-12-17 18:55 24336 C:\WINDOWS\system32\rqroomk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geedd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-12-06 20:14 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 02:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-04 23:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TQ566808]
F:\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 21:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1894d09f-a1d7-11dc-af9c-806d6172696f}]
\Shell\AutoRun\command - F:\Msetup4.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-15 00:20:31 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-01-01 00:02:43 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 13:31:12
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rqroomk.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\geedd.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\geedd.dll
-> C:\WINDOWS\system32\rqroomk.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-04 13:34:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 12:34:15
.
2008-01-10 01:29:15 --- E O F ---

en hier mijn hijackt his logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:18, on 4-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\TLC Domus\PrintMaster\Pmremind.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196714576045
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 5148 bytes

**Marckie** · 04-02-08, 13:58

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\rqroomk.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{04793611-94CB-4370-AC9F-F8E129FFF0E0}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqroomk]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

Mededeling

Browser hijack? Advanced Cleaner

Browser hijack? Advanced Cleaner

Comment

Comment

Comment