Mededeling

Collapse
No announcement yet.

Trage laptop en popups

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Trage laptop en popups

    Hallo,
    de laptop van mijn moeder is de laatste tijd vrij traag en er verschijnen ook popups, onder andere van wixawin.com, partypoker.com etc. heb al vanalles geprobeerd maar het is me niet gelukt dit te verhelpen. misschien dat 1 van jullie iets weet...
    hieronder mijn hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:22:08, on 2-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\OSD\OSD.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toolbar.google.com/tbredir?r=di&l=nl&v=4.0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [OSD] C:\Program Files\OSD\OSD.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [4cdad479] rundll32.exe "C:\WINDOWS\system32\dirjqtmg.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100272070238
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5241/mcfscan.cab
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

    --
    End of file - 6206 bytes
    Labels: Geen
    • Citaat
  • #2
    Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident TeaTimer en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
    Als de computer schoon is, kun je TeaTimer weer aan zetten

    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden

    Volg de instructies die daar gegeven worden.

    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
    • Citaat

    Comment

    • #3
      ComboFix 08-03-03.4 - Daan Martini 2008-03-02 20:19:22.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.86 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Daan Martini\Local Settings\Temporary Internet Files\Content.IE5\BONGN9YM\ComboFix[1].exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\bhfiqijx.dll
      C:\WINDOWS\system32\dirjqtmg.dll
      C:\WINDOWS\system32\gmtqjrid.ini
      C:\WINDOWS\system32\hsjdtbyo.dll
      C:\WINDOWS\system32\ihjkjnee.ini
      C:\WINDOWS\system32\kkkmp.ini
      C:\WINDOWS\system32\kkkmp.ini2
      C:\WINDOWS\system32\nnnmjkj.dll
      C:\WINDOWS\system32\pmkkk.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))
      .

      2008-03-02 15:20 . 2008-03-02 15:22 <DIR> d-------- C:\Program Files\Hijack This
      2008-02-29 21:41 . 2008-02-29 21:41 <DIR> d-------- C:\WINDOWS\McAfee.com
      2008-02-29 21:20 . 2008-02-29 21:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-02-29 21:20 . 2008-03-02 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      2008-02-29 21:14 . 2008-02-29 21:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-02-29 21:14 . 2008-02-29 21:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
      2008-02-29 19:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-02-29 19:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
      2008-02-29 19:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-02-28 17:05 . 2008-02-28 17:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-02-28 17:04 . 2008-02-28 17:07 <DIR> d-------- C:\Program Files\Windows Live
      2008-02-28 17:04 . 2008-02-28 17:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
      2008-02-27 15:43 . 2008-02-27 15:43 <DIR> d-------- C:\Program Files\VideoLAN
      2008-02-27 15:40 . 2008-02-27 15:40 <DIR> d-------- C:\Documents and Settings\Daan Martini\Application Data\Apple Computer
      2008-02-24 20:26 . 2008-02-24 20:26 <DIR> d-------- C:\Documents and Settings\Daan Martini\Application Data\AdobeUM
      2008-02-24 20:25 . 2008-02-24 20:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
      2008-02-21 16:19 . 2008-02-21 16:19 <DIR> d-------- C:\Documents and Settings\Daan Martini\Application Data\CyberLink
      2008-02-17 22:54 . 2008-02-17 22:54 <DIR> d-------- C:\Documents and Settings\Daan Martini\Application Data\Lavasoft
      2008-02-17 11:00 . 2008-02-17 11:00 1,199 --a------ C:\Documents and Settings\Daan Martini\Asklaver.scr
      2008-02-13 20:10 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-02-13 20:08 . 2008-02-13 20:10 <DIR> d-------- C:\Program Files\Java
      2008-02-13 20:08 . 2008-02-13 20:08 <DIR> d-------- C:\Program Files\Common Files\Java
      2008-02-13 20:07 . 2008-02-14 17:59 <DIR> d-------- C:\Program Files\LimeWire
      2008-02-13 20:06 . 2008-02-29 19:18 <DIR> d-------- C:\Documents and Settings\Daan Martini\.limewire
      2008-02-13 19:15 . 2008-02-13 19:15 <DIR> d-------- C:\Program Files\MusiCutter
      2008-02-07 17:06 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
      2008-02-07 17:06 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
      2008-02-07 17:05 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
      2008-02-07 17:05 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
      2008-02-03 15:49 . 2008-02-03 15:51 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
      2008-02-03 15:48 . 2008-02-03 15:51 <DIR> d-------- C:\WINDOWS\system32\nl-nl
      2008-02-03 15:23 . 2007-12-07 03:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-02-03 15:23 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-02-03 15:23 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-02-03 15:23 . 2007-12-07 03:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-02-03 15:23 . 2007-12-07 03:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-02-03 15:23 . 2007-12-07 03:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-02-03 15:23 . 2007-12-07 03:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-02-03 15:23 . 2007-12-07 03:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-02-03 15:23 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-29 19:47 --------- d-----w C:\Documents and Settings\Daan Martini\Application Data\wsInspector
      2008-02-28 15:45 --------- d-----w C:\Documents and Settings\Daan Martini\Application Data\Registry Booster
      2008-02-27 14:22 --------- d-----w C:\Documents and Settings\Daan Martini\Application Data\BitTorrent
      2008-02-26 14:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-26 14:20 --------- d-----w C:\Program Files\Google
      2008-02-26 14:19 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-02-03 13:54 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
      2008-02-01 20:39 --------- d-----w C:\Program Files\BitTorrent
      2008-02-01 16:32 --------- d-----w C:\Program Files\AppieSoft
      2008-02-01 16:24 --------- d-----w C:\Program Files\Startup Inspector for Windows
      2008-01-31 17:02 --------- d-----w C:\Program Files\Microsoft.NET
      2008-01-31 16:59 --------- d-----w C:\Program Files\Lavasoft
      2008-01-31 16:52 --------- d-----w C:\Program Files\Uniblue
      2008-01-31 16:50 --------- d-----w C:\Program Files\QuickTime
      2008-01-31 16:48 --------- d-----w C:\Program Files\Apple Software Update
      2008-01-31 16:48 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      2008-01-31 16:44 --------- d-----w C:\Program Files\Common Files\xing shared
      2008-01-31 16:44 --------- d-----w C:\Program Files\Common Files\Real
      2008-01-31 16:43 --------- d-----w C:\Program Files\Real
      2008-01-31 16:40 --------- d-----w C:\Program Files\DIFX
      2008-01-31 16:30 --------- d-----w C:\Program Files\support.com
      2008-01-31 16:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
      2008-01-31 16:23 --------- d-----w C:\Program Files\Winamp
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-31 17:54 68856]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMan"="SOUNDMAN.EXE" [2004-07-01 17:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
      "AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 12:38 88361 C:\WINDOWS\AGRSMMSG.exe]
      "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-28 14:08 184320]
      "OSD"="C:\Program Files\OSD\OSD.EXE" [2004-08-20 17:01 86016]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-09-10 22:29 98395]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-09-10 22:27 684123]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-01 11:02 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-01 10:58 118784]
      "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-02-13 10:25 493024]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
      "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
      "C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
      "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "D:\\StubInstaller.exe"=
      "D:\\Install Files\\StubInstaller.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\BlueByte\\Settlers3\\s3.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 17:29]
      R2 NTPrime;NTPrime;C:\WINDOWS\system32\drivers\NTPrime.sys [2004-08-18 10:21]
      R3 WBFIRDMA;Winbond Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys [2004-08-31 16:57]
      S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 17:27]
      S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 17:41]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-03 20:30:07
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
      C:\WINDOWS\system32\wdfmgr.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-03-03 20:33:10 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-03-03 19:32:12
      .
      2008-03-02 13:13:00 --- E O F ---


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:36:30, on 3-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\Program Files\OSD\OSD.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Hijack This\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toolbar.google.com/tbredir?r=di&l=nl&v=4.0
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [OSD] C:\Program Files\OSD\OSD.EXE
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100272070238
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5241/mcfscan.cab
      O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
      O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

      --
      End of file - 6766 bytes

      bij deze..
      • Citaat

      Comment

      • #4
        Gestart vanuit: C:\Documents and Settings\Daan Martini\Local Settings\Temporary Internet Files\Content.IE5\BONGN9YM\ComboFix[1].exe
        Er staat in de instructie dat je ComboFix moet installeren op je Bureaublad
        Tevens wordt geadviseerd om de Recovery Console te installeren.

        Combofix heeft gelukkig geen fouten gemaakt en ik zie geen reden voor extra acties.
        Het hijackthis log is in orde.

        Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
        Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

        Lees hier hoe je nieuwe infecties kan voorkomen!
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X