Mededeling

Collapse
No announcement yet.

C:\Program Files\Common Files\Micrsoft Shared\Web Folders\ibm00006.exe

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • C:\Program Files\Common Files\Micrsoft Shared\Web Folders\ibm00006.exe

    Mede dankzij de geweldige hulp van smeenk heb ik vorige x mijn computer spyware-vrij kunnen maken, maar nu heb ik op een andere pc het volgende "probleem".
    Tijdens het opstarten van de computer krijg ik een pop-up met de volgende melding:
    "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00006.exe"
    Controleer of u de naam juist hebt ingevoerd en probeer het daarna opnieuw. Klik als u naar een bestand wilt zoeken op de knop Start en daarna op Zoeken.

    Enig idee wat ik hier aan kan doen?

    Alvast bedankt voor de hulp.
    Last edited by BobBrand1983; 27-02-08, 15:48.

  • #2
    HijackThis logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:56:17, on 27-2-2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\panda software\panda antivirus 2007\WebProxy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00006.exe"
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\maxtorspeed.exe",
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Internet Security\isadd.dll (file missing)
    O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [ Windows] C:\WINDOWS\WinSecurity\services.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
    O4 - HKLM\..\Run: [MalwareWiped 5.4] C:\Program Files\MW\MalwareWiped 5.4\MalwareWiped 5.4.exe /h
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
    O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
    O4 - HKCU\..\Run: [DOS2USB] C:\Program Files\DOS2USB\DOS2USB.exe
    O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Internet Security\isamntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172409126624
    O22 - SharedTaskScheduler: grithbreach - {07a582e8-bae3-457d-9d29-2048de45a369} - C:\WINDOWS\System32\qvjpt.dll (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
    O24 - Desktop Component 1: Security info - C:\WINDOWS\screen.html

    --
    End of file - 6346 bytes
    Last edited by Eagle Creek; 27-02-08, 21:13.

    Comment


    • #3
      Dat ziet er niet zo goed uit en je hebt niet eens SP1a of SP2 geinstalleerd.

      Start Hijackthis op en kies voor 'Do a system scan only'
      Selecteer alleen de items die hieronder zijn genoemd:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00006.exe"
      F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\maxtorspeed.exe",
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Internet Security\isadd.dll (file missing)
      O4 - HKLM\..\Run: [ Windows] C:\WINDOWS\WinSecurity\services.exe
      O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
      O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
      O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Internet Security\isamntr.exe
      O24 - Desktop Component 1: Security info - C:\WINDOWS\screen.html

      Sluit alle vensters behalve Hijackthis
      Klik op 'Fix checked' om de items te verwijderen.

      Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden

      Volg de instructies die daar gegeven worden.

      Is er iets niet duidelijk, dan vraag je het.
      Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
      Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
      Last edited by Steggel; 27-02-08, 22:30.

      Comment


      • #4
        Combofix is niet te vinden op aangegeven URL, zal straks even logfile van HijackThis plaatsen.

        Comment


        • #5
          Kijk onder het hoofdstukje "ComboFix gebruiken", daar staan drie blauwe regels die verwijzen naar de Combofix.exe

          Comment


          • #6
            HijackThis-log na de "fix checked items":

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 23:01:34, on 29-2-2008
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\SYSTEM32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
            C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\explorer.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
            C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            C:\Program Files\MSN Messenger\MsnMsgr.Exe
            C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            c:\program files\panda software\panda antivirus 2007\WebProxy.exe
            C:\WINDOWS\System32\wuauclt.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
            O4 - HKLM\..\Run: [MalwareWiped 5.4] C:\Program Files\MW\MalwareWiped 5.4\MalwareWiped 5.4.exe /h
            O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
            O4 - HKCU\..\Run: [DOS2USB] C:\Program Files\DOS2USB\DOS2USB.exe
            O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"
            O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Internet Security\isamntr.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
            O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172409126624
            O22 - SharedTaskScheduler: grithbreach - {07a582e8-bae3-457d-9d29-2048de45a369} - C:\WINDOWS\System32\qvjpt.dll (file missing)
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
            O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

            --
            End of file - 5357 bytes

            Na een reboot is de melding in ieder geval al weg =)
            Alvast bedankt daarvoor.

            Alleen ik heb diverse malen geprobeerd combofix.exe te downloaden, maar de site is down of de link klopt niet, maar wat doet dit programma verder?
            Last edited by BobBrand1983; 29-02-08, 23:16.

            Comment


            • #7
              Probeer dan maar onderstaande programma.

              Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
              (kopieer de tekst naar bijv. Word en print dit uit)


              Download SmitfraudFix.exe (by S!Ri), en plaats het op je bureaublad.
              Indien dit niet lukt, download dan vanaf deze pagina.

              Start je PC op in VEILIGE mode.
              Kijk hier hoe dat moet.


              Dubbelklik op smitfraudfix.exe
              Kies optie #2 - Clean door2 te typen, en druk op "Enter" om de
              ge?nfecteerde bestanden te verwijderen.

              Je zal een vraag krijgen: "Registry cleaning - Do you want to clean the registry ?"
              Antwoord "yes" door y te typen en druk op "Enter".

              Als je pc daarna niet heropstart, start hem dan handmatig terug op in normale modus.

              Het tooltje zal nu onderzoeken of wininet.dll geïnfecteerd is. Je kan dus de vraag krijgen of je
              het geïnfecteerde bestandje wil vervangen. Antwoord dan "yes" door y te typen en druk op "Enter".

              Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.
              Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.
              Er zal een tekstbestandje openen met de resultaten van de fix. Post de inhoud van dit bestandje in je volgende antwoord.
              (Je kan het rapport ook vinden in c:\rapport.txt)
              Post dan ook een nieuw log van HijackThis

              Comment


              • #8
                SmitfraudFix-log:

                Het tooltje zal nu onderzoeken of wininet.dll geïnfecteerd is. Je kan dus de vraag krijgen of je
                het geïnfecteerde bestandje wil vervangen. Antwoord dan "yes" door y te typen en druk op "Enter".


                Dit stuk heb ik niet gekregen bij het rebooten....

                SmitFraudFix v2.299

                Scan done at 13:25:14,59, za 01-03-2008
                Run from C:\Documents and Settings\Administrator\Bureaublad\SmitfraudFix
                OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
                The filesystem type is FAT32
                Fix run in safe mode

                »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
                !!!Attention, following keys are not inevitably infected!!!

                SrchSTS.exe by S!Ri
                Search SharedTaskScheduler's .dll

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
                "{07a582e8-bae3-457d-9d29-2048de45a369}"="grithbreach"

                [HKEY_CLASSES_ROOT\CLSID\{07a582e8-bae3-457d-9d29-2048de45a369}\InProcServer32]
                @="C:\WINDOWS\System32\qvjpt.dll"

                [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07a582e8-bae3-457d-9d29-2048de45a369}\InProcServer32]
                @="C:\WINDOWS\System32\qvjpt.dll"


                »»»»»»»»»»»»»»»»»»»»»»»» Killing process


                »»»»»»»»»»»»»»»»»»»»»»»» hosts

                10.0.0.5 avp.com
                10.0.0.5 kaspersky.com
                10.0.0.5 kaspersky-labs.com
                10.0.0.5 updates1.kaspersky.com
                10.0.0.5 updates2.kaspersky.com
                10.0.0.5 updates3.kaspersky.com
                10.0.0.5 updates-us1.kaspersky.com
                10.0.0.5 downloads1.kaspersky.com
                10.0.0.5 downloads-us1.kaspersky.com
                10.0.0.5 www.avp.com
                10.0.0.5 www.kaspersky.com
                10.0.0.5 d-ru-1f.kaspersky-labs.com
                10.0.0.5 d-ru-1h.kaspersky-labs.com
                10.0.0.5 d-ru-2f.kaspersky-labs.com
                10.0.0.5 d-ru-2h.kaspersky-labs.com
                10.0.0.5 d-eu-2f.kaspersky-labs.com
                10.0.0.5 d-eu-2h.kaspersky-labs.com
                10.0.0.5 d-eu-1f.kaspersky-labs.com
                10.0.0.5 d-eu-1h.kaspersky-labs.com
                10.0.0.5 d-us-1f.kaspersky-labs.com
                10.0.0.5 d-us-1h.kaspersky-labs.com
                10.0.0.5 downloads1.kaspersky.ru
                10.0.0.5 downloads2.kaspersky.ru
                10.0.0.5 downloads3.kaspersky.ru
                10.0.0.5 downloads4.kaspersky.ru
                10.0.0.5 downloads5.kaspersky.ru
                10.0.0.5 eset.com
                10.0.0.5 www.eset.com
                10.0.0.5 u2.eset.com
                10.0.0.5 u3.eset.com
                10.0.0.5 u4.eset.com
                10.0.0.5 u7.eset.com
                10.0.0.5 82.165.250.33
                10.0.0.5 82.165.237.14
                10.0.0.5 www.nod32.com
                10.0.0.5 nod32.com
                10.0.0.5 eset.casablanca.cz
                10.0.0.5 casablanca.cz
                10.0.0.5 customer.symantec.com
                10.0.0.5 liveupdate.symantec.com
                10.0.0.5 liveupdate.symantecliveupdate.com
                10.0.0.5 securityresponse.symantec.com
                10.0.0.5 symantec.com
                10.0.0.5 update.symantec.com
                10.0.0.5 updates.symantec.com
                10.0.0.5 www.symantec.com
                10.0.0.5 www.norton.com
                10.0.0.5 norton.com
                10.0.0.5 mast.mcafee.com
                10.0.0.5 mcafee.com
                10.0.0.5 rads.mcafee.com
                10.0.0.5 www.mcafee.com
                10.0.0.5 mcafee.com
                10.0.0.5 us.mcafee.com
                10.0.0.5 dispatch.mcafee.com
                10.0.0.5 download.mcafee.com
                10.0.0.5 metalhead2005.info
                10.0.0.5 my-etrust.com
                10.0.0.5 nai.com
                10.0.0.5 networkassociates.com
                10.0.0.5 secure.nai.com
                10.0.0.5 sophos.com
                10.0.0.5 trendmicro.com
                10.0.0.5 viruslist.com
                10.0.0.5 viruslist.com
                10.0.0.5 www.ca.com
                10.0.0.5 www.f-secure.com
                10.0.0.5 www.my-etrust.com
                10.0.0.5 www.nai.com
                10.0.0.5 www.networkassociates.com
                10.0.0.5 www.sophos.com
                10.0.0.5 www.trendmicro.com
                10.0.0.5 www.viruslist.com
                10.0.0.5 ca.com
                10.0.0.5 d66.myleftnut.info
                10.0.0.5 f-secure.com

                »»»»»»»»»»»»»»»»»»»»»»»» VACFix

                VACFix
                Credits: Malware Analysis & Diagnostic
                Code: S!Ri


                »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

                S!Ri's WS2Fix: LSP not Found.


                »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

                GenericRenosFix by S!Ri


                »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

                C:\WINDOWS\sites.ini Deleted
                C:\WINDOWS\system32\date.ico Deleted
                C:\WINDOWS\system32\migicons.exe Deleted
                C:\WINDOWS\system32\network.ico Deleted
                C:\WINDOWS\system32\pharm.ico Deleted
                C:\WINDOWS\system32\spam.ico Deleted
                C:\WINDOWS\system32\spyware.ico Deleted
                C:\Program Files\Internet Security\ Deleted

                »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

                IEDFix
                Credits: Malware Analysis & Diagnostic
                Code: S!Ri


                »»»»»»»»»»»»»»»»»»»»»»»» DNS

                HKLM\SYSTEM\CCS\Services\Tcpip\..\{671A7A6E-99D7-40E9-8D9D-AAF4A5163FDE}: DhcpNameServer=192.168.2.1
                HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDA38DB1-90D4-4709-BD01-3FFD288B49D1}: DhcpNameServer=192.168.2.1
                HKLM\SYSTEM\CS1\Services\Tcpip\..\{671A7A6E-99D7-40E9-8D9D-AAF4A5163FDE}: DhcpNameServer=192.168.2.1
                HKLM\SYSTEM\CS1\Services\Tcpip\..\{CDA38DB1-90D4-4709-BD01-3FFD288B49D1}: DhcpNameServer=192.168.2.1
                HKLM\SYSTEM\CS2\Services\Tcpip\..\{671A7A6E-99D7-40E9-8D9D-AAF4A5163FDE}: DhcpNameServer=192.168.2.1
                HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDA38DB1-90D4-4709-BD01-3FFD288B49D1}: DhcpNameServer=192.168.2.1


                »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


                »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
                !!!Attention, following keys are not inevitably infected!!!

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


                »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

                Registry Cleaning done.

                »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
                !!!Attention, following keys are not inevitably infected!!!

                SrchSTS.exe by S!Ri
                Search SharedTaskScheduler's .dll


                »»»»»»»»»»»»»»»»»»»»»»»» End

                HijackThis-log:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 13:39:25, on 1-3-2008
                Platform: Windows XP (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 (6.00.2600.0000)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\SYSTEM32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
                C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
                C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                C:\Program Files\MSN Messenger\MsnMsgr.Exe
                C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\System32\nvsvc32.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\svchost.exe
                c:\program files\panda software\panda antivirus 2007\WebProxy.exe
                C:\WINDOWS\System32\wuauclt.exe
                C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Program Files\Panda Software\Panda Antivirus 2007\psimreal.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                O4 - HKLM\..\Run: [MalwareWiped 5.4] C:\Program Files\MW\MalwareWiped 5.4\MalwareWiped 5.4.exe /h
                O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
                O4 - HKCU\..\Run: [DOS2USB] C:\Program Files\DOS2USB\DOS2USB.exe
                O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172409126624
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
                O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

                --
                End of file - 5170 bytes
                Last edited by BobBrand1983; 01-03-08, 13:40.

                Comment


                • #9
                  Start Hijackthis op en kies voor 'Do a system scan only'
                  Selecteer alleen de items die hieronder zijn genoemd:

                  O4 - HKLM\..\Run: [MalwareWiped 5.4] C:\Program Files\MW\MalwareWiped 5.4\MalwareWiped 5.4.exe /h
                  O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Internet Security\isamntr.exe
                  O22 - SharedTaskScheduler: grithbreach - {07a582e8-bae3-457d-9d29-2048de45a369} - C:\WINDOWS\System32\qvjpt.dll (file missing)

                  Klik op 'Fix checked' om de items te verwijderen

                  Verwijder daarna nog de volgende mappen:
                  C:\Program Files\MW\
                  C:\Program Files\Internet Security\

                  Probeer nu SmitFraudFix opnieuw, evt in normale mode.
                  Last edited by Steggel; 01-03-08, 13:53.

                  Comment


                  • #10
                    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Internet Security\isamntr.exe
                    O22 - SharedTaskScheduler: grithbreach - {07a582e8-bae3-457d-9d29-2048de45a369} - C:\WINDOWS\System32\qvjpt.dll (file missing)

                    Stonden er allebei niet meer bij na een system scan met HijackThis.

                    C:\Program Files\MW\
                    C:\Program Files\Internet Security\

                    Ook deze 2 mappen bestaan niet.

                    Log SmitFraudFix:

                    SmitFraudFix v2.299

                    Scan done at 16:28:20,90, za 01-03-2008
                    Run from C:\Documents and Settings\Administrator\Bureaublad\SmitfraudFix
                    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
                    The filesystem type is FAT32
                    Fix run in normal mode

                    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
                    !!!Attention, following keys are not inevitably infected!!!

                    SrchSTS.exe by S!Ri
                    Search SharedTaskScheduler's .dll

                    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


                    »»»»»»»»»»»»»»»»»»»»»»»» hosts

                    10.0.0.5 avp.com
                    10.0.0.5 kaspersky.com
                    10.0.0.5 kaspersky-labs.com
                    10.0.0.5 updates1.kaspersky.com
                    10.0.0.5 updates2.kaspersky.com
                    10.0.0.5 updates3.kaspersky.com
                    10.0.0.5 updates-us1.kaspersky.com
                    10.0.0.5 downloads1.kaspersky.com
                    10.0.0.5 downloads-us1.kaspersky.com
                    10.0.0.5 www.avp.com
                    10.0.0.5 www.kaspersky.com
                    10.0.0.5 d-ru-1f.kaspersky-labs.com
                    10.0.0.5 d-ru-1h.kaspersky-labs.com
                    10.0.0.5 d-ru-2f.kaspersky-labs.com
                    10.0.0.5 d-ru-2h.kaspersky-labs.com
                    10.0.0.5 d-eu-2f.kaspersky-labs.com
                    10.0.0.5 d-eu-2h.kaspersky-labs.com
                    10.0.0.5 d-eu-1f.kaspersky-labs.com
                    10.0.0.5 d-eu-1h.kaspersky-labs.com
                    10.0.0.5 d-us-1f.kaspersky-labs.com
                    10.0.0.5 d-us-1h.kaspersky-labs.com
                    10.0.0.5 downloads1.kaspersky.ru
                    10.0.0.5 downloads2.kaspersky.ru
                    10.0.0.5 downloads3.kaspersky.ru
                    10.0.0.5 downloads4.kaspersky.ru
                    10.0.0.5 downloads5.kaspersky.ru
                    10.0.0.5 eset.com
                    10.0.0.5 www.eset.com
                    10.0.0.5 u2.eset.com
                    10.0.0.5 u3.eset.com
                    10.0.0.5 u4.eset.com
                    10.0.0.5 u7.eset.com
                    10.0.0.5 82.165.250.33
                    10.0.0.5 82.165.237.14
                    10.0.0.5 www.nod32.com
                    10.0.0.5 nod32.com
                    10.0.0.5 eset.casablanca.cz
                    10.0.0.5 casablanca.cz
                    10.0.0.5 customer.symantec.com
                    10.0.0.5 liveupdate.symantec.com
                    10.0.0.5 liveupdate.symantecliveupdate.com
                    10.0.0.5 securityresponse.symantec.com
                    10.0.0.5 symantec.com
                    10.0.0.5 update.symantec.com
                    10.0.0.5 updates.symantec.com
                    10.0.0.5 www.symantec.com
                    10.0.0.5 www.norton.com
                    10.0.0.5 norton.com
                    10.0.0.5 mast.mcafee.com
                    10.0.0.5 mcafee.com
                    10.0.0.5 rads.mcafee.com
                    10.0.0.5 www.mcafee.com
                    10.0.0.5 mcafee.com
                    10.0.0.5 us.mcafee.com
                    10.0.0.5 dispatch.mcafee.com
                    10.0.0.5 download.mcafee.com
                    10.0.0.5 metalhead2005.info
                    10.0.0.5 my-etrust.com
                    10.0.0.5 nai.com
                    10.0.0.5 networkassociates.com
                    10.0.0.5 secure.nai.com
                    10.0.0.5 sophos.com
                    10.0.0.5 trendmicro.com
                    10.0.0.5 viruslist.com
                    10.0.0.5 viruslist.com
                    10.0.0.5 www.ca.com
                    10.0.0.5 www.f-secure.com
                    10.0.0.5 www.my-etrust.com
                    10.0.0.5 www.nai.com
                    10.0.0.5 www.networkassociates.com
                    10.0.0.5 www.sophos.com
                    10.0.0.5 www.trendmicro.com
                    10.0.0.5 www.viruslist.com
                    10.0.0.5 ca.com
                    10.0.0.5 d66.myleftnut.info
                    10.0.0.5 f-secure.com

                    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

                    VACFix
                    Credits: Malware Analysis & Diagnostic
                    Code: S!Ri


                    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

                    S!Ri's WS2Fix: LSP not Found.


                    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

                    GenericRenosFix by S!Ri


                    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


                    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

                    IEDFix
                    Credits: Malware Analysis & Diagnostic
                    Code: S!Ri


                    »»»»»»»»»»»»»»»»»»»»»»»» DNS

                    Description: Microsoft Loopback-adapter #2
                    DNS Server Search Order: 192.168.2.1

                    Description: CNet PRO200WL PCI Fast Ethernet Adapter #2
                    DNS Server Search Order: 192.168.2.1

                    HKLM\SYSTEM\CCS\Services\Tcpip\..\{671A7A6E-99D7-40E9-8D9D-AAF4A5163FDE}: DhcpNameServer=192.168.2.1
                    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDA38DB1-90D4-4709-BD01-3FFD288B49D1}: DhcpNameServer=192.168.2.1
                    HKLM\SYSTEM\CS1\Services\Tcpip\..\{671A7A6E-99D7-40E9-8D9D-AAF4A5163FDE}: DhcpNameServer=192.168.2.1
                    HKLM\SYSTEM\CS1\Services\Tcpip\..\{CDA38DB1-90D4-4709-BD01-3FFD288B49D1}: DhcpNameServer=192.168.2.1
                    HKLM\SYSTEM\CS2\Services\Tcpip\..\{671A7A6E-99D7-40E9-8D9D-AAF4A5163FDE}: DhcpNameServer=192.168.2.1
                    HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDA38DB1-90D4-4709-BD01-3FFD288B49D1}: DhcpNameServer=192.168.2.1


                    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


                    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
                    !!!Attention, following keys are not inevitably infected!!!

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


                    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

                    Registry Cleaning done.

                    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
                    !!!Attention, following keys are not inevitably infected!!!

                    SrchSTS.exe by S!Ri
                    Search SharedTaskScheduler's .dll


                    »»»»»»»»»»»»»»»»»»»»»»»» End

                    Log HijackThis:

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 16:35:36, on 1-3-2008
                    Platform: Windows XP (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\SYSTEM32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
                    C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\System32\nvsvc32.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                    C:\WINDOWS\explorer.exe
                    C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
                    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                    O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
                    O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
                    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172409126624
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
                    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

                    --
                    End of file - 4671 bytes
                    Last edited by BobBrand1983; 01-03-08, 16:35.

                    Comment


                    • #11
                      Niet handig als je ondertussen ook je post bijwerkt.
                      Het log van hijackthis ziet er nu goed uit.

                      Download HostsXpert en unzip HostsXpert naar een eigen map,
                      bijvoorbeeld C:\HostsXpert.

                      Start HostsXpert.exe

                      klik "restore microsoft's hosts files"

                      Sluit daarna het programma af.

                      Copieer onderstaande code in notepad (kladblok):
                      Code:
                       
                      CD C:\
                      DIR /s systray.exe >C:\info.txt
                      START C:\info.txt
                      Klik op Bestand -> Opslaan als ...
                      Opslaan als type: Alle bestanden
                      Sla het bestand op het bureaublad op als info.bat

                      Dubbelklik nu op info.bat.
                      Er zal snel een notepad venster openen.
                      Post de inhoud.

                      Comment


                      • #12
                        Sorry was de logs vergeten erbij te zetten, ik krijg hetvolgende in de .txt-file:

                        Het volume in station C heeft geen naam.
                        Het volumenummer is 2927-1B0E

                        Map van C:\WINDOWS\SYSTEM32

                        07-09-2001 12:00 3.072 systray.exe
                        1 bestand(en) 3.072 bytes

                        Map van C:\WINDOWS\SYSTEM32\dllcache

                        07-09-2001 12:00 3.072 systray.exe
                        1 bestand(en) 3.072 bytes

                        Totaal aantal weergegeven bestanden:
                        2 bestand(en) 6.144 bytes
                        0 map(pen) 64.330.760.192 bytes beschikbaar

                        Comment


                        • #13
                          Kan je de regels in het bestand info.bat wijzigen:

                          Code:
                          CD C:\
                          DIR /s /a systray.exe >C:\info.txt
                          START C:\info.txt
                          Dit laat ook de verborgen bestanden zien.

                          Comment


                          • #14
                            Het volume in station C heeft geen naam.
                            Het volumenummer is 2927-1B0E

                            Map van C:\WINDOWS\SYSTEM32

                            07-09-2001 12:00 3.072 systray.exe
                            1 bestand(en) 3.072 bytes

                            Map van C:\WINDOWS\SYSTEM32\dllcache

                            07-09-2001 12:00 3.072 systray.exe
                            1 bestand(en) 3.072 bytes

                            Totaal aantal weergegeven bestanden:
                            2 bestand(en) 6.144 bytes
                            0 map(pen) 64.327.024.640 bytes beschikbaar

                            Volgens mij krijg ik hetzelfde als in 1 van mijn vorige post, na het aanpassen van het .bat-bestand.

                            Comment


                            • #15
                              OK, dat is dan in orde.

                              Zorg nu dat je Windows upgrade met SP2, want je bent nu hopeloos onbeveiligd. De kans is groot dat je na een week internetten alweer opnieuw rommel op je computer krijgt.

                              Lees hier hoe je nieuwe infecties kan voorkomen!

                              Ik zal dit onderwerp als opgelost markeren.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X