Mededeling

Collapse
No announcement yet.

Nieuwe Laptop van mijn werk

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Nieuwe Laptop van mijn werk

    Hi,

    Ik heb een laptop gekregen van mijn werk. I.v.m, belangrijke emails en programma's kan ik hem niet gewoon formateren en windows opnieuw instaleren.

    Nu heeft de vorige eigenaar de laptop helemaal vol laten lopen met ad/mal/spyware. Ik heb Hitman Pro al een stuk of 10 keer laten draaien & combofix, Eusing registry cleaning. Ik heb het idee dat het probleem nog niet helemaal is verholpen. Want het probleem blijft terug komen.

    Hier is mijn Hijack log. Misschien is dat het makkelijkste.

    (O ja hebben jullie advies welke virus scanner aan te schaffen of te gebruiken? Zit nu een verlopen versie van Norton op)

    Alvast bedankt!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:07:41 PM, on 2/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hyves.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186170726633
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{25B37B59-BD8B-449D-AD9A-D4648440A53B}: NameServer = 61.9.208.14,61.9.192.14
    O17 - HKLM\System\CS1\Services\Tcpip\..\{25B37B59-BD8B-449D-AD9A-D4648440A53B}: NameServer = 61.9.208.14,61.9.192.14
    O20 - Winlogon Notify: awtuuts - awtuuts.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 7569 bytes
    Last edited by Themonkeyboy; 13-02-08, 06:31.

  • #2
    Er lijkt eigenlijk weinig mis.

    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O20 - Winlogon Notify: awtuuts - awtuuts.dll (file missing)

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      RVAXO-Results

      ---RVAXO.exe Updated: 2008-02-13---first run---
      Files found:

      Uninstallers:


      Folders Found:

      C:\Documents and Settings\Cloggsh\Application Data\EasySpywareCleaner.com

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        Combofix results

        ComboFix 08-02-13.1 - Cloggsh 2008-02-14 10:38:04.1 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.209 [GMT -8:00]
        Running from: C:\Documents and Settings\Cloggsh\Desktop\Desktop\ComboFix.exe
        * Created a new restore point

        WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
        .

        ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
        .

        2008-02-14 10:31 . 2008-02-14 10:32 <DIR> d-------- C:\RVAXO
        2008-02-14 10:30 . 2008-02-13 17:17 689,665 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-02-14 10:30 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
        2008-02-13 14:11 . 2008-02-13 14:18 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
        2008-02-12 10:09 . 2008-02-12 10:09 <DIR> d-------- C:\Program Files\Trend Micro
        2008-02-12 10:05 . 2008-02-12 10:05 30,760 --a------ C:\WINDOWS\system32\wjajfxlr.exe
        2008-02-12 09:24 . 2008-02-12 09:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
        2008-02-11 21:56 . 2008-02-11 22:46 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Facebook
        2008-02-11 17:18 . 2008-02-11 17:18 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
        2008-02-11 13:26 . 2008-02-11 13:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
        2008-02-11 13:26 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
        2008-02-11 13:26 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
        2008-02-11 13:26 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
        2008-02-11 13:26 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
        2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Program Files\Webroot
        2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Webroot
        2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
        2008-02-11 13:23 . 2008-02-11 13:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
        2008-02-11 13:23 . 2008-02-11 13:23 <DIR> d-------- C:\Program Files\Lavasoft
        2008-02-11 13:22 . 2008-02-13 18:45 <DIR> d-------- C:\Program Files\SpywareBlaster
        2008-01-26 23:28 . 2008-02-11 19:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2008-01-26 23:28 . 2008-01-26 23:28 1,409 --a------ C:\WINDOWS\QTFont.for
        2008-01-22 13:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
        2008-01-21 17:26 . 2008-02-13 20:34 <DIR> d-------- C:\Program Files\Spyware Doctor
        2008-01-21 17:26 . 2008-01-21 17:26 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\PC Tools
        2008-01-21 17:26 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
        2008-01-21 17:26 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
        2008-01-21 17:26 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
        2008-01-21 17:26 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
        2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Program Files\Microsoft Works
        2008-01-21 16:03 . 2008-01-21 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2008-01-15 11:53 . 2008-01-15 11:53 1,158 --a------ C:\WINDOWS\mozver.dat
        2008-01-15 11:50 . 2008-01-15 11:50 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Talkback

        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-02-14 04:54 --------- d-----w C:\Program Files\Hitman Pro
        2008-02-14 04:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
        2008-02-14 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-02-13 18:24 --------- d-----w C:\Program Files\QuickTime
        2008-02-13 18:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
        2008-02-12 04:19 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
        2008-02-12 03:38 --------- d-----w C:\Program Files\iTunes
        2008-02-11 21:28 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Lavasoft
        2008-02-10 17:36 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Skype
        2008-01-25 19:14 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\U3
        2008-01-22 21:41 --------- d-----w C:\Program Files\Java
        2008-01-22 01:16 --------- d-----w C:\Program Files\Google
        2008-01-21 16:22 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
        2008-01-21 16:22 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
        2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
        2008-01-10 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
        2008-01-07 18:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
        2008-01-06 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
        2008-01-05 19:07 --------- d-----w C:\Program Files\DAEMON Tools Lite
        2008-01-05 19:07 --------- d-----w C:\Program Files\Apoint
        2008-01-05 18:14 --------- d-----w C:\Program Files\SymNetDrv
        2008-01-05 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
        2008-01-04 23:58 --------- d-----w C:\Program Files\Windows Media Connect 2
        2008-01-04 22:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
        2008-01-02 20:28 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\DAEMON Tools
        2008-01-02 20:02 --------- d-----w C:\Program Files\MagicISO
        2007-12-30 17:49 --------- d-----w C:\Program Files\Activision Value
        2007-12-30 17:32 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
        2007-12-30 06:01 --------- d-----w C:\Program Files\FastStone Photo Resizer
        2007-12-30 05:50 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Apple Computer
        2007-12-24 01:12 --------- d-----w C:\Program Files\Windows Mobile-hulpbronnen
        2007-12-24 01:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
        2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
        2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
        2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
        2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
        2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
        2007-12-07 02:21 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
        2007-12-07 02:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
        2007-12-07 02:21 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
        2007-12-07 02:21 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
        2007-12-07 02:21 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
        2007-12-07 02:21 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
        2007-12-07 02:21 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
        2007-12-07 02:21 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
        2007-12-07 02:21 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
        2007-12-07 02:21 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
        2007-12-07 02:21 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
        2007-12-07 02:21 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
        2007-12-07 02:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
        2007-12-07 02:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
        2007-12-07 02:21 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
        2007-12-07 02:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
        2007-12-07 02:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
        2007-12-07 02:21 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
        2007-12-07 02:21 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
        2007-12-07 02:21 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
        2007-12-07 02:21 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
        2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
        2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
        2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
        2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
        2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
        2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
        2006-04-11 03:24 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
        .
        Code:
        <pre>
        ----a-w           155,648 2008-01-05 08:52:40  C:\Program Files\Apoint\Apoint .exe
        ----a-w           339,968 2008-01-05 08:52:46  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
        ----a-w            81,920 2008-01-05 08:52:58  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
        ----a-w            48,800 2008-01-05 01:08:48  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
        ----a-w            53,248 2008-01-05 08:52:47  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
        ----a-w           486,856 2008-01-05 08:53:23  C:\Program Files\DAEMON Tools Lite\daemon .exe
        ----a-w           385,024 2008-01-05 08:52:42  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
        ----a-w           267,048 2008-02-12 03:28:13  C:\Program Files\iTunes\iTunesHelper .exe
        ----a-w           132,496 2008-02-12 03:28:09  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
        ----a-w         1,694,208 2008-02-11 23:02:51  C:\Program Files\Messenger\msmsgs .exe
        ----a-w           286,720 2008-01-08 19:41:22  C:\Program Files\QuickTime\qttask    .exe
        ----a-w            26,112 2008-01-05 08:52:50  C:\Program Files\Real\RealPlayer\RealPlay .exe
        ----a-w         1,065,288 2008-02-12 09:23:59  C:\Program Files\Spyware Doctor\SDTrayApp .exe
        ----a-w            15,360 2008-02-12 04:19:50  C:\WINDOWS\system32\ctfmon .exe
        ----a-w           127,035 2008-01-05 08:52:52  C:\WINDOWS\system32\dla\tfswctrl .exe
        </pre>

        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-21 08:22 15360]

        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
        Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
        C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
        SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

        S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-01-28 20:39]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a65d4d0-45d3-11dc-8b42-0012f0970ff7}]
        \Shell\AutoRun\command - F:\LaunchU3.exe -a

        .
        Contents of the 'Scheduled Tasks' folder
        "2008-02-14 18:35:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
        - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-02-14 10:39:19
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        Completion time: 2008-02-14 10:40:13
        ComboFix-quarantined-files.txt 2008-02-14 18:39:41
        ComboFix2.txt 2008-02-13 18:34:25
        .
        2008-02-14 17:51:50 --- E O F ---

        Comment


        • #5
          Dus toch

          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



          File::
          C:\WINDOWS\system32\wjajfxlr.exe

          RENV::
          C:\Program Files\Apoint\Apoint .exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
          C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
          C:\Program Files\Common Files\Symantec Shared\ccApp .exe
          C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
          C:\Program Files\DAEMON Tools Lite\daemon .exe
          C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
          C:\Program Files\iTunes\iTunesHelper .exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
          C:\Program Files\Messenger\msmsgs .exe
          C:\Program Files\QuickTime\qttask .exe
          C:\Program Files\Real\RealPlayer\RealPlay .exe
          C:\Program Files\Spyware Doctor\SDTrayApp .exe
          C:\WINDOWS\system32\ctfmon .exe
          C:\WINDOWS\system32\dla\tfswctrl .exe





          Sla dit op op je Bureaublad als CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje

          Comment


          • #6
            ComboFix 08-02-13.1 - Cloggsh 2008-02-14 10:59:59.2 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.190 [GMT -8:00]
            Running from: C:\Documents and Settings\Cloggsh\Desktop\Desktop\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Cloggsh\Desktop\Desktop\CFScript.txt
            * Created a new restore point

            WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

            FILE
            C:\WINDOWS\system32\wjajfxlr.exe
            .

            ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\system32\wjajfxlr.exe

            .
            ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
            .

            2008-02-13 14:11 . 2008-02-13 14:18 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
            2008-02-12 10:09 . 2008-02-12 10:09 <DIR> d-------- C:\Program Files\Trend Micro
            2008-02-12 09:24 . 2008-02-12 09:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
            2008-02-11 21:56 . 2008-02-11 22:46 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Facebook
            2008-02-11 17:18 . 2008-02-11 17:18 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
            2008-02-11 13:26 . 2008-02-11 13:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
            2008-02-11 13:26 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
            2008-02-11 13:26 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
            2008-02-11 13:26 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
            2008-02-11 13:26 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
            2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Program Files\Webroot
            2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Webroot
            2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
            2008-02-11 13:23 . 2008-02-11 13:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
            2008-02-11 13:23 . 2008-02-11 13:23 <DIR> d-------- C:\Program Files\Lavasoft
            2008-02-11 13:22 . 2008-02-13 18:45 <DIR> d-------- C:\Program Files\SpywareBlaster
            2008-01-26 23:28 . 2008-02-11 19:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
            2008-01-26 23:28 . 2008-01-26 23:28 1,409 --a------ C:\WINDOWS\QTFont.for
            2008-01-22 13:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
            2008-01-21 17:26 . 2008-02-14 10:59 <DIR> d-------- C:\Program Files\Spyware Doctor
            2008-01-21 17:26 . 2008-01-21 17:26 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\PC Tools
            2008-01-21 17:26 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
            2008-01-21 17:26 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
            2008-01-21 17:26 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
            2008-01-21 17:26 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
            2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Program Files\Microsoft Works
            2008-01-21 16:03 . 2008-01-21 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
            2008-01-15 11:53 . 2008-01-15 11:53 1,158 --a------ C:\WINDOWS\mozver.dat
            2008-01-15 11:50 . 2008-01-15 11:50 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Talkback

            .
            (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-02-14 18:59 --------- d-----w C:\Program Files\iTunes
            2008-02-14 18:59 --------- d-----w C:\Program Files\DAEMON Tools Lite
            2008-02-14 18:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
            2008-02-14 18:59 --------- d-----w C:\Program Files\Apoint
            2008-02-14 04:54 --------- d-----w C:\Program Files\Hitman Pro
            2008-02-14 04:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
            2008-02-14 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-02-13 18:24 --------- d-----w C:\Program Files\QuickTime
            2008-02-13 18:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
            2008-02-11 21:28 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Lavasoft
            2008-02-10 17:36 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Skype
            2008-01-25 19:14 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\U3
            2008-01-22 21:41 --------- d-----w C:\Program Files\Java
            2008-01-22 01:16 --------- d-----w C:\Program Files\Google
            2008-01-10 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
            2008-01-06 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
            2008-01-05 18:14 --------- d-----w C:\Program Files\SymNetDrv
            2008-01-05 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
            2008-01-04 23:58 --------- d-----w C:\Program Files\Windows Media Connect 2
            2008-01-04 22:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
            2008-01-02 20:28 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\DAEMON Tools
            2008-01-02 20:02 --------- d-----w C:\Program Files\MagicISO
            2007-12-30 17:49 --------- d-----w C:\Program Files\Activision Value
            2007-12-30 17:32 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
            2007-12-30 06:01 --------- d-----w C:\Program Files\FastStone Photo Resizer
            2007-12-30 05:50 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Apple Computer
            2007-12-24 01:12 --------- d-----w C:\Program Files\Windows Mobile-hulpbronnen
            2007-12-24 01:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
            2006-04-11 03:24 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
            .
            Code:
            <pre>
            ----a-w           286,720 2008-01-08 19:41:22  C:\Program Files\QuickTime\qttask    .exe
            </pre>

            ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-21 08:22 15360]

            C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
            C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
            SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

            S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-01-28 20:39]

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a65d4d0-45d3-11dc-8b42-0012f0970ff7}]
            \Shell\AutoRun\command - F:\LaunchU3.exe -a

            .
            Contents of the 'Scheduled Tasks' folder
            "2008-02-14 19:05:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
            - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-02-14 11:04:32
            Windows 5.1.2600 Service Pack 2 NTFS

            scanning hidden processes ...

            scanning hidden autostart entries ...

            scanning hidden files ...

            scan completed successfully
            hidden files: 0

            **************************************************************************
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
            C:\WINDOWS\System32\SCardSvr.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
            C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
            C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
            C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
            .
            **************************************************************************
            .
            Completion time: 2008-02-14 11:09:22 - machine was rebooted
            ComboFix-quarantined-files.txt 2008-02-14 19:09:13
            ComboFix2.txt 2008-02-14 18:40:13
            ComboFix3.txt 2008-02-13 18:34:25
            .
            2008-02-14 17:51:50 --- E O F ---

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 11:11:07 AM, on 2/14/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16608)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
            C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
            C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hyves.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
            O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
            O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
            O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
            O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
            O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
            O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
            O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
            O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
            O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186170726633
            O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
            O17 - HKLM\System\CCS\Services\Tcpip\..\{25B37B59-BD8B-449D-AD9A-D4648440A53B}: NameServer = 61.9.208.14,61.9.192.14
            O17 - HKLM\System\CS1\Services\Tcpip\..\{25B37B59-BD8B-449D-AD9A-D4648440A53B}: NameServer = 61.9.208.14,61.9.192.14
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
            O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
            O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
            O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

            --
            End of file - 7403 bytes

            Comment


            • #7
              Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



              RENV::
              <pre>
              C:\Program Files\QuickTime\qttask .exe
              </pre>




              Sla dit op op je Bureaublad als CFScript.txt

              Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



              Dit zal ComboFix doen herstarten.
              Start opnieuw op als daarom gevraagd wordt,
              en post de inhoud van de Combofix.txt in je volgende antwoord.

              Comment


              • #8
                ComboFix 08-02-13.1 - Cloggsh 2008-02-14 11:18:16.3 - NTFSx86
                Running from: C:\Documents and Settings\Cloggsh\Desktop\Desktop\ComboFix.exe
                Command switches used :: C:\Documents and Settings\Cloggsh\Desktop\Desktop\CFScript.txt
                * Created a new restore point

                WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
                .

                ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
                .

                2008-02-13 14:11 . 2008-02-13 14:18 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
                2008-02-12 10:09 . 2008-02-12 10:09 <DIR> d-------- C:\Program Files\Trend Micro
                2008-02-12 09:24 . 2008-02-12 09:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
                2008-02-11 21:56 . 2008-02-11 22:46 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Facebook
                2008-02-11 17:18 . 2008-02-11 17:18 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
                2008-02-11 13:26 . 2008-02-11 13:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
                2008-02-11 13:26 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
                2008-02-11 13:26 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
                2008-02-11 13:26 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
                2008-02-11 13:26 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
                2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Program Files\Webroot
                2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Webroot
                2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
                2008-02-11 13:23 . 2008-02-11 13:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
                2008-02-11 13:23 . 2008-02-11 13:23 <DIR> d-------- C:\Program Files\Lavasoft
                2008-02-11 13:22 . 2008-02-13 18:45 <DIR> d-------- C:\Program Files\SpywareBlaster
                2008-01-26 23:28 . 2008-02-11 19:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                2008-01-26 23:28 . 2008-01-26 23:28 1,409 --a------ C:\WINDOWS\QTFont.for
                2008-01-22 13:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                2008-01-21 17:26 . 2008-02-14 10:59 <DIR> d-------- C:\Program Files\Spyware Doctor
                2008-01-21 17:26 . 2008-01-21 17:26 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\PC Tools
                2008-01-21 17:26 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
                2008-01-21 17:26 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
                2008-01-21 17:26 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
                2008-01-21 17:26 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
                2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Program Files\Microsoft Works
                2008-01-21 16:03 . 2008-01-21 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
                2008-01-15 11:53 . 2008-01-15 11:53 1,158 --a------ C:\WINDOWS\mozver.dat
                2008-01-15 11:50 . 2008-01-15 11:50 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Talkback

                .
                (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-02-14 18:59 --------- d-----w C:\Program Files\iTunes
                2008-02-14 18:59 --------- d-----w C:\Program Files\DAEMON Tools Lite
                2008-02-14 18:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                2008-02-14 18:59 --------- d-----w C:\Program Files\Apoint
                2008-02-14 04:54 --------- d-----w C:\Program Files\Hitman Pro
                2008-02-14 04:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                2008-02-14 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2008-02-13 18:24 --------- d-----w C:\Program Files\QuickTime
                2008-02-13 18:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
                2008-02-11 21:28 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Lavasoft
                2008-02-10 17:36 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Skype
                2008-01-25 19:14 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\U3
                2008-01-22 21:41 --------- d-----w C:\Program Files\Java
                2008-01-22 01:16 --------- d-----w C:\Program Files\Google
                2008-01-21 16:22 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
                2008-01-21 16:22 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
                2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
                2008-01-10 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
                2008-01-06 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
                2008-01-05 18:14 --------- d-----w C:\Program Files\SymNetDrv
                2008-01-05 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                2008-01-04 23:58 --------- d-----w C:\Program Files\Windows Media Connect 2
                2008-01-04 22:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
                2008-01-02 20:28 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\DAEMON Tools
                2008-01-02 20:02 --------- d-----w C:\Program Files\MagicISO
                2007-12-30 17:49 --------- d-----w C:\Program Files\Activision Value
                2007-12-30 17:32 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
                2007-12-30 06:01 --------- d-----w C:\Program Files\FastStone Photo Resizer
                2007-12-30 05:50 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Apple Computer
                2007-12-24 01:12 --------- d-----w C:\Program Files\Windows Mobile-hulpbronnen
                2007-12-24 01:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
                2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
                2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
                2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
                2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
                2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
                2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
                2007-12-07 02:21 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
                2007-12-07 02:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
                2007-12-07 02:21 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
                2007-12-07 02:21 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                2007-12-07 02:21 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
                2007-12-07 02:21 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
                2007-12-07 02:21 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
                2007-12-07 02:21 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
                2007-12-07 02:21 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
                2007-12-07 02:21 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
                2007-12-07 02:21 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
                2007-12-07 02:21 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
                2007-12-07 02:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
                2007-12-07 02:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
                2007-12-07 02:21 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
                2007-12-07 02:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
                2007-12-07 02:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
                2007-12-07 02:21 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
                2007-12-07 02:21 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
                2007-12-07 02:21 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
                2007-12-07 02:21 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
                2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
                2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
                2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
                2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
                2006-04-11 03:24 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
                .
                Code:
                <pre>
                ----a-w           286,720 2008-01-08 19:41:22  C:\Program Files\QuickTime\qttask    .exe
                </pre>

                ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Note* empty entries & legit default entries are not shown
                REGEDIT4

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-21 08:22 15360]

                C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
                Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
                C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

                [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-01-28 20:39]

                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a65d4d0-45d3-11dc-8b42-0012f0970ff7}]
                \Shell\AutoRun\command - F:\LaunchU3.exe -a

                .
                Contents of the 'Scheduled Tasks' folder
                "2008-02-14 19:20:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
                .
                **************************************************************************

                catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-02-14 11:20:43
                Windows 5.1.2600 Service Pack 2 NTFS

                scanning hidden processes ...

                scanning hidden autostart entries ...

                scanning hidden files ...

                scan completed successfully
                hidden files: 0

                **************************************************************************
                .
                Completion time: 2008-02-14 11:21:30
                ComboFix-quarantined-files.txt 2008-02-14 19:21:06
                ComboFix2.txt 2008-02-14 19:09:22
                ComboFix3.txt 2008-02-14 18:40:13
                ComboFix4.txt 2008-02-13 18:34:25
                .
                2008-02-14 17:51:50 --- E O F ---

                Comment


                • #9
                  Die laatste is blijkbaar een taaie, die moet overnieuw

                  Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:




                  <pre>
                  RENV::
                  C:\Program Files\QuickTime\qttask .exe
                  </pre>




                  Sla dit op op je Bureaublad als CFScript.txt

                  Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                  Dit zal ComboFix doen herstarten.
                  Start opnieuw op als daarom gevraagd wordt,
                  en post de inhoud van de Combofix.txt in je volgende antwoord.

                  Comment


                  • #10
                    ComboFix 08-02-13.1 - Cloggsh 2008-02-14 11:43:21.4 - NTFSx86
                    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.244 [GMT -8:00]
                    Running from: C:\Documents and Settings\Cloggsh\Desktop\Desktop\ComboFix.exe
                    Command switches used :: C:\Documents and Settings\Cloggsh\Desktop\Desktop\CFScript.txt
                    * Created a new restore point

                    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
                    .

                    ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
                    .

                    2008-02-13 14:11 . 2008-02-13 14:18 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
                    2008-02-12 10:09 . 2008-02-12 10:09 <DIR> d-------- C:\Program Files\Trend Micro
                    2008-02-12 09:24 . 2008-02-12 09:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
                    2008-02-11 21:56 . 2008-02-11 22:46 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Facebook
                    2008-02-11 17:18 . 2008-02-11 17:18 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
                    2008-02-11 13:26 . 2008-02-11 13:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
                    2008-02-11 13:26 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
                    2008-02-11 13:26 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
                    2008-02-11 13:26 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
                    2008-02-11 13:26 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
                    2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Program Files\Webroot
                    2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Webroot
                    2008-02-11 13:25 . 2008-02-11 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
                    2008-02-11 13:23 . 2008-02-11 13:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
                    2008-02-11 13:23 . 2008-02-11 13:23 <DIR> d-------- C:\Program Files\Lavasoft
                    2008-02-11 13:22 . 2008-02-13 18:45 <DIR> d-------- C:\Program Files\SpywareBlaster
                    2008-01-26 23:28 . 2008-02-11 19:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                    2008-01-26 23:28 . 2008-01-26 23:28 1,409 --a------ C:\WINDOWS\QTFont.for
                    2008-01-22 13:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                    2008-01-21 17:26 . 2008-02-14 10:59 <DIR> d-------- C:\Program Files\Spyware Doctor
                    2008-01-21 17:26 . 2008-01-21 17:26 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\PC Tools
                    2008-01-21 17:26 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
                    2008-01-21 17:26 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
                    2008-01-21 17:26 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
                    2008-01-21 17:26 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
                    2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Program Files\Microsoft Works
                    2008-01-21 16:03 . 2008-01-21 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
                    2008-01-15 11:53 . 2008-01-15 11:53 1,158 --a------ C:\WINDOWS\mozver.dat
                    2008-01-15 11:50 . 2008-01-15 11:50 <DIR> d-------- C:\Documents and Settings\Cloggsh\Application Data\Talkback

                    .
                    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2008-02-14 19:43 --------- d-----w C:\Program Files\QuickTime
                    2008-02-14 18:59 --------- d-----w C:\Program Files\iTunes
                    2008-02-14 18:59 --------- d-----w C:\Program Files\DAEMON Tools Lite
                    2008-02-14 18:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                    2008-02-14 18:59 --------- d-----w C:\Program Files\Apoint
                    2008-02-14 04:54 --------- d-----w C:\Program Files\Hitman Pro
                    2008-02-14 04:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                    2008-02-14 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                    2008-02-13 18:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
                    2008-02-11 21:28 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Lavasoft
                    2008-02-10 17:36 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Skype
                    2008-01-25 19:14 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\U3
                    2008-01-22 21:41 --------- d-----w C:\Program Files\Java
                    2008-01-22 01:16 --------- d-----w C:\Program Files\Google
                    2008-01-21 16:22 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
                    2008-01-21 16:22 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
                    2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
                    2008-01-10 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
                    2008-01-06 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
                    2008-01-05 18:14 --------- d-----w C:\Program Files\SymNetDrv
                    2008-01-05 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                    2008-01-04 23:58 --------- d-----w C:\Program Files\Windows Media Connect 2
                    2008-01-04 22:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
                    2008-01-02 20:28 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\DAEMON Tools
                    2008-01-02 20:02 --------- d-----w C:\Program Files\MagicISO
                    2007-12-30 17:49 --------- d-----w C:\Program Files\Activision Value
                    2007-12-30 17:32 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
                    2007-12-30 06:01 --------- d-----w C:\Program Files\FastStone Photo Resizer
                    2007-12-30 05:50 --------- d-----w C:\Documents and Settings\Cloggsh\Application Data\Apple Computer
                    2007-12-24 01:12 --------- d-----w C:\Program Files\Windows Mobile-hulpbronnen
                    2007-12-24 01:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
                    2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
                    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
                    2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
                    2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
                    2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
                    2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
                    2007-12-07 02:21 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
                    2007-12-07 02:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
                    2007-12-07 02:21 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
                    2007-12-07 02:21 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                    2007-12-07 02:21 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
                    2007-12-07 02:21 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
                    2007-12-07 02:21 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
                    2007-12-07 02:21 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
                    2007-12-07 02:21 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
                    2007-12-07 02:21 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
                    2007-12-07 02:21 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
                    2007-12-07 02:21 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
                    2007-12-07 02:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
                    2007-12-07 02:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
                    2007-12-07 02:21 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
                    2007-12-07 02:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
                    2007-12-07 02:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
                    2007-12-07 02:21 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
                    2007-12-07 02:21 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
                    2007-12-07 02:21 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
                    2007-12-07 02:21 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
                    2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
                    2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                    2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                    2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
                    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
                    2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
                    2006-04-11 03:24 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
                    .

                    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    *Note* empty entries & legit default entries are not shown
                    REGEDIT4

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-21 08:22 15360]

                    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
                    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
                    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

                    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                    S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-01-28 20:39]

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a65d4d0-45d3-11dc-8b42-0012f0970ff7}]
                    \Shell\AutoRun\command - F:\LaunchU3.exe -a

                    .
                    Contents of the 'Scheduled Tasks' folder
                    "2008-02-14 19:40:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                    - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
                    .
                    **************************************************************************

                    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2008-02-14 11:44:25
                    Windows 5.1.2600 Service Pack 2 NTFS

                    scanning hidden processes ...

                    scanning hidden autostart entries ...

                    scanning hidden files ...

                    scan completed successfully
                    hidden files: 0

                    **************************************************************************
                    .
                    Completion time: 2008-02-14 11:45:12
                    ComboFix-quarantined-files.txt 2008-02-14 19:44:47
                    ComboFix2.txt 2008-02-14 19:21:31
                    ComboFix3.txt 2008-02-14 19:09:22
                    ComboFix4.txt 2008-02-14 18:40:13
                    ComboFix5.txt 2008-02-13 18:34:25
                    .
                    2008-02-14 17:51:50 --- E O F ---

                    Comment


                    • #11
                      Je logje ziet er goed uit, er zijn geen sporen van infecties te bekennen

                      Doe dit nog:
                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Ga naar Start - Uitvoeren en geef hier het volgende in:
                      Combofix /U
                      Druk daarna op OK.
                      Let op: Er moet een spatie tussen Combofix en /U zitten.

                      Dit zal Combofix deïnstalleren.

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Zijn alle problemen nu voorbij?
                      Last edited by smeenk; 13-02-08, 21:36.

                      Comment


                      • #12
                        Thx voor al de moeite!

                        Super!

                        Comment


                        • #13
                          Graag gedaan hoor

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X