Mededeling

Collapse
No announcement yet.

Malware / virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Malware / virus

    Laatste tijd heb ik heel veel last van lastige popups / internet traag ,
    Wat van die popups zijn partypoker,delcaraddo,beveiligingmonitoor en soms als ik probeer te surfen probeert hij te connecten naar 1 of ander publiek ip adres
    explorer.exe loopt vast en krijg om de zoveel tijd een error msg met :
    Microsoft visual c++ runtime library
    Buffer overrun detected
    C:\windows\explorer.exe
    a buffer overrun has been detected which has corrupted program's internal state. The program cannot safely continue execution and must now be terminated



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:56:49, on 7-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkSrv2K.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Omerta Script\mirc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BMf7f65dec] Rundll32.exe "C:\WINDOWS\system32\housjbto.dll",s
    O4 - HKLM\..\Run: [f4c56e70] rundll32.exe "C:\WINDOWS\system32\ddagellk.dll",b
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7779] command /c del "C:\WINDOWS\system32\ddagellk.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1446] cmd /c del "C:\WINDOWS\system32\ddagellk.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1182] command /c del "C:\WINDOWS\system32\hpgfqclq.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4767] cmd /c del "C:\WINDOWS\system32\hpgfqclq.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2490] command /c del "C:\WINDOWS\system32\lufjjjeq.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9932] cmd /c del "C:\WINDOWS\system32\lufjjjeq.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3265] command /c del "C:\WINDOWS\system32\pwasvqbo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6745] cmd /c del "C:\WINDOWS\system32\pwasvqbo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6031] command /c del "C:\WINDOWS\system32\qoMdDTkI.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6994] cmd /c del "C:\WINDOWS\system32\qoMdDTkI.dll"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2967] command /c del "C:\WINDOWS\system32\ddagellk.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD462] cmd /c del "C:\WINDOWS\system32\ddagellk.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8306] command /c del "C:\WINDOWS\system32\hpgfqclq.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5196] cmd /c del "C:\WINDOWS\system32\hpgfqclq.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1740] command /c del "C:\WINDOWS\system32\lufjjjeq.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3639] cmd /c del "C:\WINDOWS\system32\lufjjjeq.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB770] command /c del "C:\WINDOWS\system32\pwasvqbo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5527] cmd /c del "C:\WINDOWS\system32\pwasvqbo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7345] command /c del "C:\WINDOWS\system32\qoMdDTkI.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1851] cmd /c del "C:\WINDOWS\system32\qoMdDTkI.dll"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Cyclon Webcam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 11127 bytes

  • #2
    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

    Comment


    • #3
      Dit is het eerste logje

      Malwarebytes' Anti-Malware 1.11
      Database versie: 599

      Scan type: Volledige Scan (C:\|)
      Objecten gescand: 69159
      Verstreken tijd: 10 minute(s), 18 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 0
      Registersleutels geïnfecteerd: 7
      Registerwaarden geïnfecteerd: 1
      Registerdata bestanden geïnfecteerd: 0
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 0

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Registersleutels geïnfecteerd:
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMf7f65dec (Trojan.Agent) -> Quarantined and deleted successfully.

      Registerdata bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      En deze van hijackthis


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:10:38, on 8-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\StkSrv2K.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\AIM6\aim6.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Common Files\AOL\Loader\aolload.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      C:\Program Files\AIM6\aolsoftware.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Omerta Script\mirc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {76CFE5AA-7689-4D9A-93F7-6A584D42391F} - C:\WINDOWS\system32\ddcYpoME.dll (file missing)
      O2 - BHO: (no name) - {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - C:\WINDOWS\system32\ddcDwvVM.dll (file missing)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {BD7D6902-3A3C-40E1-988A-BC189DBFEA8C} - C:\WINDOWS\system32\qoMdDTkI.dll (file missing)
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
      O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [f4c56e70] rundll32.exe "C:\WINDOWS\system32\ddagellk.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: Cyclon Webcam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      --
      End of file - 8376 bytes

      Comment


      • #4
        Download dit bestand: zoek.exe
        Dubbelklik het, na een tijdje opent er een logje.
        Post de inhoud van dit logje in je volgende bericht

        Comment


        • #5
          ======C:\WINDOWS====
          ----a-w 0 2008-04-08 14:47:25 C:\WINDOWS\0.log
          ----a-w 15,159 2008-04-02 18:32:00 C:\WINDOWS\Ascd_log.ini
          ----a-w 13,263 2008-04-02 18:33:12 C:\WINDOWS\Ascd_tmp.ini
          ----a-w 0 2008-04-02 18:33:10 C:\WINDOWS\AS_Debug.txt
          ----a-w 2,254 2008-04-07 13:27:11 C:\WINDOWS\BMf7f65dec.txt
          ----a-w 140,355 2008-04-07 13:26:13 C:\WINDOWS\BMf7f65dec.xml
          --s-a-w 2,048 2008-04-08 14:47:04 C:\WINDOWS\bootstat.dat
          ----a-w 2,093 2008-04-07 21:27:34 C:\WINDOWS\comsetup.log
          ----a-w 0 2008-04-02 18:07:36 C:\WINDOWS\control.ini
          ----a-w 6,182 2008-04-07 21:27:34 C:\WINDOWS\FaxSetup.log
          ----a-w 315,392 2008-04-02 18:22:39 C:\WINDOWS\HideWin.exe
          ----a-w 6,638 2008-04-07 21:27:34 C:\WINDOWS\iis6.log
          ----a-w 1,355 2008-04-07 21:27:34 C:\WINDOWS\imsins.log
          ----a-w 853 2008-04-07 21:27:44 C:\WINDOWS\KB912812.log
          ----a-w 62,267 2008-04-07 21:27:34 C:\WINDOWS\KB912919.log
          ----a-w 71,781 2008-04-08 01:01:08 C:\WINDOWS\KB941569.log
          ----a-w 32,066 2008-04-08 01:03:15 C:\WINDOWS\KB944533-IE7.log
          ----a-w 425 2008-04-07 21:27:34 C:\WINDOWS\MedCtrOC.log
          ----a-w 1,158 2008-04-06 14:13:47 C:\WINDOWS\mozver.dat
          ----a-w 303 2008-04-07 21:27:34 C:\WINDOWS\msgsocm.log
          ----a-w 1,846 2008-04-07 21:27:33 C:\WINDOWS\msmqinst.log
          ----a-w 290,196 2008-04-08 01:00:48 C:\WINDOWS\msxml4-KB936181-enu.LOG
          ----a-w 69 2008-04-07 01:22:17 C:\WINDOWS\NeroDigital.ini
          ----a-w 1,083 2008-04-07 21:27:34 C:\WINDOWS\netfxocm.log
          ----a-w 0 2008-04-06 12:49:54 C:\WINDOWS\nsreg.dat
          ----a-w 1,265 2008-04-07 21:27:34 C:\WINDOWS\ntdtcsetup.log
          ----a-w 2,916 2008-04-07 21:27:34 C:\WINDOWS\ocgen.log
          ----a-w 386 2008-04-07 21:27:34 C:\WINDOWS\ocmsn.log
          ----a-w 4,205 2008-04-02 18:07:27 C:\WINDOWS\ODBCINST.INI
          ----a-w 22 2008-04-07 12:13:00 C:\WINDOWS\pskt.ini
          ----a-w 8,192 2008-04-02 18:10:54 C:\WINDOWS\REGLOCS.OLD
          ------w 3,900 2008-04-07 01:25:09 C:\WINDOWS\SchedLgU.Txt
          ----a-w 0 2008-04-07 21:27:32 C:\WINDOWS\setupact.log
          ----a-w 22,778 2008-04-08 01:01:05 C:\WINDOWS\setupapi.log
          ----a-w 0 2008-04-07 21:27:32 C:\WINDOWS\setuperr.log
          ------w 0 2008-04-02 20:01:38 C:\WINDOWS\Sti_Trace.log
          ----a-w 231 2008-04-02 19:58:30 C:\WINDOWS\system.ini
          ----a-w 311 2008-04-07 21:27:34 C:\WINDOWS\tabletoc.log
          ----a-w 2,821 2008-04-07 21:27:34 C:\WINDOWS\tsoc.log
          ----a-w 36 2008-04-02 18:05:36 C:\WINDOWS\vb.ini
          ----a-w 37 2008-04-02 18:05:36 C:\WINDOWS\vbaddin.ini
          ----a-w 67,461 2008-04-03 12:51:42 C:\WINDOWS\War3Unin.dat
          ----a-w 139,264 2008-04-03 12:45:16 C:\WINDOWS\War3Unin.exe
          ----a-w 2,829 2008-04-03 12:45:16 C:\WINDOWS\War3Unin.pif
          ----a-w 159 2008-04-08 14:47:21 C:\WINDOWS\wiadebug.log
          ----a-w 48 2008-04-08 14:47:22 C:\WINDOWS\wiaservc.log
          ----a-w 945 2008-04-07 21:25:22 C:\WINDOWS\win.ini
          ---ha-r 749 2008-04-02 18:06:55 C:\WINDOWS\WindowsShell.Manifest
          ----a-w 1,588,248 2008-04-08 15:56:27 C:\WINDOWS\WindowsUpdate.log
          ----a-w 207 2008-04-07 22:05:27 C:\WINDOWS\wininit.ini
          ----a-w 316,640 2008-04-06 12:35:46 C:\WINDOWS\WMSysPr9.prx

          Entries: 51 (49)
          Directories: 0 Files: 51
          Bytes: 3,130,436 Blocks: 6,136
          ======C:\WINDOWS\system32=====
          ----a-w 261 2008-04-02 18:08:55 C:\WINDOWS\System32\$winnt$.inf
          ----a-w 16,832 2008-04-02 18:07:34 C:\WINDOWS\System32\amcompat.tlb
          ----a-w 146,650 2008-04-02 18:24:50 C:\WINDOWS\System32\BuzzingBee.wav
          ---ha-r 749 2008-04-02 18:06:55 C:\WINDOWS\System32\cdplayer.exe.manifest
          ----a-w 108,144 2008-04-06 13:01:10 C:\WINDOWS\System32\CmdLineExt.dll
          ----a-w 2,845 2008-04-02 18:07:36 C:\WINDOWS\System32\CONFIG.NT
          ----a-w 21,748 2008-04-02 18:05:44 C:\WINDOWS\System32\emptyregdb.dat
          ----a-w 263,824 2008-04-02 19:48:19 C:\WINDOWS\System32\FNTCACHE.DAT
          ----a-w 0 2008-04-02 20:03:43 C:\WINDOWS\System32\h323log.txt
          --sha-w 195,712 2008-04-07 21:19:16 C:\WINDOWS\System32\IkTDdMoq.ini
          --sha-w 195,712 2008-04-07 21:17:55 C:\WINDOWS\System32\IkTDdMoq.ini2
          ----a-w 298,104 2008-04-07 21:22:01 C:\WINDOWS\System32\imon.dll
          ----a-w 6,300 2008-04-02 19:30:04 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
          --sh--w 714 2008-04-07 13:53:03 C:\WINDOWS\System32\kllegadd.ini
          ----a-w 34,064 2008-04-02 19:58:35 C:\WINDOWS\System32\lhacm.acm
          ---ha-r 488 2008-04-02 18:06:58 C:\WINDOWS\System32\logonui.exe.manifest
          ----a-w 940,794 2008-04-02 18:24:50 C:\WINDOWS\System32\LoopyMusic.wav
          ----a-w 143 2008-04-06 22:51:01 C:\WINDOWS\System32\mcrh.tmp
          ----a-w 297 2008-04-06 12:38:48 C:\WINDOWS\System32\MsiExec.exe.log
          ---ha-r 749 2008-04-02 18:06:55 C:\WINDOWS\System32\ncpa.cpl.manifest
          ----a-w 23,392 2008-04-02 18:07:34 C:\WINDOWS\System32\nscompat.tlb
          ----a-w 162,159 2008-04-02 18:51:01 C:\WINDOWS\System32\nvapps.xml
          ---ha-r 749 2008-04-02 18:06:55 C:\WINDOWS\System32\nwc.cpl.manifest
          ----a-w 40,972 2008-04-07 21:27:09 C:\WINDOWS\System32\perfc009.dat
          ----a-w 54,698 2008-04-07 21:27:09 C:\WINDOWS\System32\perfc013.dat
          ----a-w 314,644 2008-04-07 21:27:09 C:\WINDOWS\System32\perfh009.dat
          ----a-w 367,600 2008-04-07 21:27:09 C:\WINDOWS\System32\perfh013.dat
          ----a-w 784,704 2008-04-07 21:27:07 C:\WINDOWS\System32\PerfStringBackup.INI
          --sh--w 594 2008-04-07 11:27:13 C:\WINDOWS\System32\qejjjful.ini
          ---ha-r 749 2008-04-02 18:06:55 C:\WINDOWS\System32\sapi.cpl.manifest
          ----a-w 759 2008-04-02 19:14:11 C:\WINDOWS\System32\spupdsvc.inf
          ----a-w 138,670 2008-04-02 19:14:59 C:\WINDOWS\System32\TZLog.log
          ---ha-r 488 2008-04-02 18:06:58 C:\WINDOWS\System32\WindowsLogon.manifest
          ----a-w 2,206 2008-04-08 14:47:40 C:\WINDOWS\System32\wpa.dbl
          ---ha-r 749 2008-04-02 18:06:55 C:\WINDOWS\System32\wuaucpl.cpl.manifest

          Entries: 35 (24)
          Directories: 0 Files: 35
          Bytes: 4,127,263 Blocks: 8,078
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 821,856 2008-04-08 15:19:39 C:\WINDOWS\System32\drivers\avg7core.sys
          ----a-w 4,224 2008-04-08 15:19:40 C:\WINDOWS\System32\drivers\avg7rsw.sys
          ----a-w 27,776 2008-04-08 15:19:40 C:\WINDOWS\System32\drivers\avg7rsxp.sys
          ----a-w 10,760 2008-04-08 15:19:52 C:\WINDOWS\System32\drivers\avgclean.sys
          ----a-w 26,952 2008-04-08 15:19:52 C:\WINDOWS\System32\drivers\avgmfx86.sys
          ----a-w 717,296 2008-04-06 12:27:34 C:\WINDOWS\System32\drivers\sptd.sys

          Entries: 6 (6)
          Directories: 0 Files: 6
          Bytes: 1,608,864 Blocks: 3,146
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          ----a-w 0 2008-04-02 18:07:36 C:\AUTOEXEC.BAT
          --sh--w 211 2008-04-02 18:03:48 C:\boot.ini
          ----a-w 0 2008-04-02 18:07:36 C:\CONFIG.SYS
          --sha-w 2,146,553,856 2008-04-08 14:47:02 C:\hiberfil.sys
          ----a-w 164 2008-04-07 21:25:04 C:\install.dat
          --sha-r 0 2008-04-02 18:07:36 C:\IO.SYS
          ---ha-w 459 2008-04-02 20:35:32 C:\IPH.PH
          --sha-r 0 2008-04-02 18:07:36 C:\MSDOS.SYS
          --sha-w 2,145,386,496 2008-04-08 14:46:58 C:\pagefile.sys
          ----a-w 575 2008-04-02 18:23:30 C:\RHDSetup.log
          ----a-w 937 2008-04-07 11:21:43 C:\VundoFix.txt

          Entries: 11 (5)
          Directories: 0 Files: 11
          Bytes: 4,291,942,698 Blocks: 8,382,703
          ======C:\Documents and Settings\Bob\Application Data======
          --sha-w 62 2008-04-02 19:58:12 C:\Documents and Settings\Bob\Application Data\desktop.ini

          Entries: 1 (0)
          Directories: 0 Files: 1
          Bytes: 62 Blocks: 1
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\Bob======
          ----a-w 1,024 2008-04-06 12:37:37 C:\Documents and Settings\Bob\.rnd
          ----a-w 170 2008-04-07 01:22:47 C:\Documents and Settings\Bob\default.pls
          ---ha-w 3,145,728 2008-04-08 06:02:42 C:\Documents and Settings\Bob\NTUSER.DAT
          ---ha-w 249,856 2008-04-08 16:14:54 C:\Documents and Settings\Bob\ntuser.dat.LOG
          --sh--w 188 2008-04-07 01:25:05 C:\Documents and Settings\Bob\ntuser.ini

          Entries: 5 (2)
          Directories: 0 Files: 5
          Bytes: 3,396,966 Blocks: 6,636
          ======C:\WINDOWS\Downloaded Program Files====
          ---h--w 65 2008-04-02 18:06:58 C:\WINDOWS\Downloaded Program Files\desktop.ini
          ----a-w 2,815 2008-04-02 20:34:14 C:\WINDOWS\Downloaded Program Files\install.log
          ----a-w 144 2008-03-19 16:36:24 C:\WINDOWS\Downloaded Program Files\swdir.inf
          ----a-w 206,128 2008-03-18 08:57:04 C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll
          ----a-w 38,428 2008-04-02 20:34:14 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe

          Entries: 5 (4)
          Directories: 0 Files: 5
          Bytes: 247,580 Blocks: 487
          =============

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\BMf7f65dec.txt
            C:\WINDOWS\BMf7f65dec.xml
            C:\WINDOWS\pskt.ini
            C:\WINDOWS\wininit.ini
            C:\WINDOWS\System32\IkTDdMoq.ini
            C:\WINDOWS\System32\IkTDdMoq.ini2
            C:\WINDOWS\System32\kllegadd.ini
            C:\WINDOWS\System32\mcrh.tmp
            C:\WINDOWS\System32\qejjjful.ini
            "C:\WINDOWS\Downloaded Program Files\install.log"
            "C:\WINDOWS\Downloaded Program Files\unagiuninst.exe") DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              Deleting files
              C:\WINDOWS\BMf7f65dec.txt deleted
              C:\WINDOWS\BMf7f65dec.xml deleted
              C:\WINDOWS\pskt.ini deleted
              C:\WINDOWS\wininit.ini deleted
              C:\WINDOWS\System32\IkTDdMoq.ini deleted
              C:\WINDOWS\System32\IkTDdMoq.ini2 deleted
              C:\WINDOWS\System32\kllegadd.ini deleted
              C:\WINDOWS\System32\mcrh.tmp deleted
              C:\WINDOWS\System32\qejjjful.ini deleted
              "C:\WINDOWS\Downloaded Program Files\install.log" deleted
              "C:\WINDOWS\Downloaded Program Files\unagiuninst.exe" deleted

              Comment


              • #8
                Start Hijackthis en vink alleen de volgende regels aan:
                O2 - BHO: (no name) - {76CFE5AA-7689-4D9A-93F7-6A584D42391F} - C:\WINDOWS\system32\ddcYpoME.dll (file missing)
                O2 - BHO: (no name) - {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - C:\WINDOWS\system32\ddcDwvVM.dll (file missing)
                O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                O2 - BHO: (no name) - {BD7D6902-3A3C-40E1-988A-BC189DBFEA8C} - C:\WINDOWS\system32\qoMdDTkI.dll (file missing)
                O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
                O4 - HKLM\..\Run: [f4c56e70] rundll32.exe "C:\WINDOWS\system32\ddagellk.dll",b

                Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Post nog even een nieuw logje van Hijackthis ter controle

                Comment


                • #9
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 19:42:06, on 8-4-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\RTHDCPL.EXE
                  C:\WINDOWS\system32\RUNDLL32.EXE
                  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                  C:\Program Files\AIM6\aim6.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\Program Files\DAEMON Tools Lite\daemon.exe
                  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                  C:\Program Files\Common Files\AOL\Loader\aolload.exe
                  C:\WINDOWS\system32\nvsvc32.exe
                  C:\WINDOWS\system32\IoctlSvc.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\StkSrv2K.exe
                  C:\Program Files\Viewpoint\Common\ViewpointService.exe
                  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                  C:\Program Files\AIM6\aolsoftware.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  C:\WINDOWS\system32\WgaTray.exe

                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                  O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
                  O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                  O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
                  O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
                  O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                  O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                  O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
                  O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
                  O23 - Service: Cyclon Webcam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe
                  O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

                  --
                  End of file - 8064 bytes

                  Comment


                  • #10
                    Logje ziet er weer prima uit

                    Comment


                    • #11
                      dankje wel voor alles _o_

                      Comment


                      • #12
                        Graag gedaan hoor

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X