Mededeling

Collapse
No announcement yet.

Spyware-problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Spyware-problemen

    Hey, ik heb sinds enkele dagen problemen met spyware, allerlei verschijnende pop-ups die reclame maken voor anti-spyware programma's.

    Enkele voorbeelden:

    1) Ik krijg een 'Security System Warning' voor C:\WINDOWS\wml.exe
    2) Ook waarschuwingen voor 'trojandownloader.xs'
    3) Er verschijnt rechts beneden ook regelmatig een geel driehoekje dat aanduidt dat mijn pc in gevaar is.
    4) Enkele site's waar ik naartoe wordt geleid: entiremedianet.com & antispyware-reviews.biz.

    Na het scannen met Ad-Aware en Spybot blijf ik al deze boodschappen krijgen.

    Ik heb daarom een logje gemaakt, ik hoop dat jullie mij kunnen helpen.

    Alvast bedankt!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:14:13, on 12/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Steven\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
    C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\ApvxdWin.exe
    C:\Documents and Settings\All Users\Application Data\nefktylo\xuhmpune.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS\system32\jelorozu.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\MSAC-FD1\MSstat.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
    C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.skynet.be/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.;<local>;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\windows\regedit /s C:\pav.reg,C:\windows\System32\pavdr.exe,C:\windows\System32\userinit.exe,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: vnbptxlf - {919B3C27-233D-444D-B0AC-922C27BEF052} - C:\WINDOWS\vnbptxlf.dll (file missing)
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [807cab6a] rundll32.exe "C:\WINDOWS\system32\wtdnoqgy.dll",b
    O4 - HKCU\..\Run: [Ohat] C:\Documents and Settings\Roland\Application Data\kb?e.exe
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Roland\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [kmhiqakt] C:\WINDOWS\system32\tupwtglu.exe
    O4 - HKCU\..\Run: [wlsjzwxg] C:\WINDOWS\system32\mpuzipwh.exe
    O4 - HKCU\..\Run: [enwidqgj] C:\WINDOWS\system32\jelorozu.exe
    O4 - HKLM\..\Policies\Explorer\Run: [cpn6uZSxPu] C:\Documents and Settings\All Users\Application Data\nefktylo\xuhmpune.exe
    O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Mr. Bookmaker.com Poker - {0932285F-432B-42b0-B960-7946B1950802} - C:\Program Files\MrBookmakerMPP\MPPoker.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
    O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file)
    O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Documents and Settings\Steven\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 10538 bytes

  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    F2 - REG:system.ini: UserInit=C:\windows\regedit /s C:\pav.reg,C:\windows\System32\pavdr.exe,C:\windows\System32\userinit.exe,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: vnbptxlf - {919B3C27-233D-444D-B0AC-922C27BEF052} - C:\WINDOWS\vnbptxlf.dll (file missing)
    O4 - HKLM\..\Run: [807cab6a] rundll32.exe "C:\WINDOWS\system32\wtdnoqgy.dll",b
    O4 - HKCU\..\Run: [Ohat] C:\Documents and Settings\Roland\Application Data\kb?e.exe
    O4 - HKCU\..\Run: [kmhiqakt] C:\WINDOWS\system32\tupwtglu.exe
    O4 - HKCU\..\Run: [wlsjzwxg] C:\WINDOWS\system32\mpuzipwh.exe
    O4 - HKCU\..\Run: [enwidqgj] C:\WINDOWS\system32\jelorozu.exe
    O4 - HKLM\..\Policies\Explorer\Run: [cpn6uZSxPu] C:\Documents and Settings\All Users\Application Data\nefktylo\xuhmpune.exe
    O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file)
    O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file)

    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

    Herstart je computer.

    Post na de herstart een nieuw logje van Hijackthis ter controle

    Comment


    • #3
      Eerst en voor zeer bedankt voor de vlugge reactie!

      Blijkbaar krijg ik nu reclame pop-ups van c5.zedo.com, de oorspronkelijke pop-ups blijven nu wel achterwege.

      Dit is het logje na het heropstarten:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:47:20, on 12/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
      C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Documents and Settings\Steven\Ad-Aware\aawservice.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
      C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\VIA\RAID\raid_tool.exe
      C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
      C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
      C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
      C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
      c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
      C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
      C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.skynet.be/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.;<local>;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Roland\OctoshapeClient.exe" -inv:bootrun
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
      O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
      O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
      O4 - Global Startup: VPN Client.lnk = ?
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Mr. Bookmaker.com Poker - {0932285F-432B-42b0-B960-7946B1950802} - C:\Program Files\MrBookmakerMPP\MPPoker.exe (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
      O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Documents and Settings\Steven\Ad-Aware\aawservice.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
      O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
      O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
      O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
      O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

      --
      End of file - 8964 bytes

      Comment


      • #4
        Download dit bestand: zoek.exe
        Dubbelklik het, na een tijdje opent er een logje.
        Post de inhoud van dit logje in je volgende bericht

        Comment


        • #5
          ======C:\WINDOWS====
          ----a-w 0 2008-04-12 09:39:45 C:\WINDOWS\0.log
          ----a-w 460,488 2008-04-09 09:11:45 C:\WINDOWS\comsetup.log
          ----a-w 97 2008-04-11 17:40:28 C:\WINDOWS\cookies.ini
          ----a-w 1,351,643 2008-04-09 09:11:45 C:\WINDOWS\FaxSetup.log
          ----a-w 153,338 2008-04-01 17:42:54 C:\WINDOWS\HAM Uninstaller.exe
          ----a-w 213,606 2008-04-09 09:11:45 C:\WINDOWS\iis6.log
          ----a-w 1,355 2008-04-09 09:11:39 C:\WINDOWS\imsins.BAK
          ----a-w 1,355 2008-04-09 09:11:45 C:\WINDOWS\imsins.log
          ----a-w 18,411 2008-04-09 09:11:39 C:\WINDOWS\KB941693.log
          ----a-w 12,469 2008-04-09 09:08:05 C:\WINDOWS\KB945553.log
          ----a-w 20,080 2008-04-09 09:11:27 C:\WINDOWS\KB947864-IE7.log
          ----a-w 12,471 2008-04-09 09:10:02 C:\WINDOWS\KB948590.log
          ----a-w 13,779 2008-04-09 09:11:45 C:\WINDOWS\KB948881.log
          ----a-w 69,227 2008-04-09 09:11:45 C:\WINDOWS\msgsocm.log
          ----a-w 49 2008-03-28 10:59:13 C:\WINDOWS\NeroDigital.ini
          ----a-w 275,166 2008-04-11 15:40:16 C:\WINDOWS\ntbtlog.txt
          ----a-w 281,231 2008-04-09 09:11:45 C:\WINDOWS\ntdtcsetup.log
          ----a-w 693,844 2008-04-09 09:11:45 C:\WINDOWS\ocgen.log
          ----a-w 76,894 2008-04-09 09:11:45 C:\WINDOWS\ocmsn.log
          ----a-w 1,409 2008-04-01 18:51:13 C:\WINDOWS\QTFont.for
          ---ha-w 54,156 2008-04-01 18:51:13 C:\WINDOWS\QTFont.qfn
          ----a-w 32,636 2008-04-12 09:36:40 C:\WINDOWS\SchedLgU.Txt
          ----a-w 191,029 2008-04-11 15:43:06 C:\WINDOWS\setupact.log
          ----a-w 614,075 2008-04-11 14:10:13 C:\WINDOWS\setupapi.log
          ----a-w 534,966 2008-04-09 09:11:45 C:\WINDOWS\tsoc.log
          ----a-w 130,612 2008-04-09 09:11:14 C:\WINDOWS\updspapi.log
          ----a-w 1,825 2008-04-11 15:33:33 C:\WINDOWS\wcx_ftp.ini
          ----a-w 49 2008-03-24 13:58:42 C:\WINDOWS\webica.ini
          ----a-w 159 2008-04-12 09:39:58 C:\WINDOWS\wiadebug.log
          ----a-w 50 2008-04-12 09:40:02 C:\WINDOWS\wiaservc.log
          ----a-w 1,091 2008-03-20 12:59:15 C:\WINDOWS\win.ini
          ----a-w 855 2008-04-11 15:33:41 C:\WINDOWS\WINCMD.INI
          ----a-w 92,826 2008-04-12 09:40:29 C:\WINDOWS\WindowsUpdate.log
          ----a-w 205,488 2008-04-04 14:18:06 C:\WINDOWS\wmsetup.log

          Entries: 34 (33)
          Directories: 0 Files: 34
          Bytes: 5,516,729 Blocks: 10,794
          ======C:\WINDOWS\system32=====
          ----a-w 15 2008-04-12 09:48:42 C:\WINDOWS\System32\clkcnt.txt
          ----a-w 1,630,568 2008-04-09 11:23:21 C:\WINDOWS\System32\FNTCACHE.DAT
          ----a-w 38,400 2008-04-10 19:44:37 C:\WINDOWS\System32\hgGvUOee.dll
          ----a-w 90,112 2008-04-12 08:05:37 C:\WINDOWS\System32\jelorozu.exe
          ----a-w 6,300 2008-03-14 19:35:28 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
          ----a-w 12,632 2008-04-11 18:56:48 C:\WINDOWS\System32\lsdelete.exe
          ----a-w 143 2008-04-11 17:51:42 C:\WINDOWS\System32\mcrh.tmp
          ----a-w 98,304 2008-04-11 11:57:51 C:\WINDOWS\System32\mpuzipwh.exe
          ----a-w 8,627 2008-04-11 12:06:53 C:\WINDOWS\System32\PAV_FOG.OPC
          ----a-w 68,462 2008-04-11 16:00:11 C:\WINDOWS\System32\perfc009.dat
          ----a-w 87,230 2008-04-11 16:00:11 C:\WINDOWS\System32\perfc013.dat
          ----a-w 436,200 2008-04-11 16:00:11 C:\WINDOWS\System32\perfh009.dat
          ----a-w 502,700 2008-04-11 16:00:11 C:\WINDOWS\System32\perfh013.dat
          ----a-w 1,108,666 2008-04-11 16:00:02 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 3,648 2008-04-11 07:54:33 C:\WINDOWS\System32\pfipaiww.dll
          --sha-w 88,698 2008-04-12 09:54:16 C:\WINDOWS\System32\qpWGOUvw.ini
          --sha-w 88,698 2008-04-12 09:53:13 C:\WINDOWS\System32\qpWGOUvw.ini2
          --sh--w 733,796 2008-04-12 08:06:17 C:\WINDOWS\System32\rwsrrkgv.ini
          ----a-w 3,648 2008-04-12 08:07:05 C:\WINDOWS\System32\stirlrjj.dll
          ----a-w 2,722 2008-04-11 15:41:41 C:\WINDOWS\System32\tmp.reg
          ----a-w 0 2008-04-11 15:41:41 C:\WINDOWS\System32\tmp.txt
          ----a-w 102,400 2008-04-10 19:44:47 C:\WINDOWS\System32\tupwtglu.exe
          ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
          ----a-w 12,598 2008-04-12 09:40:17 C:\WINDOWS\System32\wpa.dbl
          ----a-w 86,592 2008-04-12 08:08:24 C:\WINDOWS\System32\wtdnoqgy.dll
          ----a-w 272,896 2008-04-10 19:51:34 C:\WINDOWS\System32\wvUOGWpq.dll
          --sh--w 733,856 2008-04-12 08:15:06 C:\WINDOWS\System32\ygqondtw.ini

          Entries: 27 (23)
          Directories: 0 Files: 27
          Bytes: 8,063,287 Blocks: 15,761
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 338,736 2008-04-12 09:41:46 C:\WINDOWS\System32\drivers\APPFCONT.DAT
          ----a-w 338,736 2008-04-12 09:41:46 C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
          ----a-w 1,284 2008-04-12 09:41:46 C:\WINDOWS\System32\drivers\APPFLTR.CFG
          ----a-w 1,284 2008-04-12 09:41:46 C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck

          Entries: 4 (4)
          Directories: 0 Files: 4
          Bytes: 680,040 Blocks: 1,330
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          ----a-w 0 2008-03-24 13:31:09 C:\COMLOG.txt
          --sha-w 754,974,720 2008-04-12 09:37:35 C:\pagefile.sys
          ----a-w 2,644 2008-04-11 15:44:19 C:\rapport.txt

          Entries: 3 (2)
          Directories: 0 Files: 3
          Bytes: 754,977,364 Blocks: 1,474,566
          ======C:\Documents and Settings\Roland\Application Data======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\Roland======
          ----a-w 11,272,192 2008-04-12 09:36:28 C:\Documents and Settings\Roland\ntuser.dat
          ---ha-w 344,064 2008-04-12 09:54:19 C:\Documents and Settings\Roland\NTUSER.DAT.LOG
          --sh--w 288 2008-04-12 09:36:28 C:\Documents and Settings\Roland\ntuser.ini
          ----a-w 104,990 2008-04-11 15:31:41 C:\Documents and Settings\Roland\wtge61nl.HST

          Entries: 4 (2)
          Directories: 0 Files: 4
          Bytes: 11,721,534 Blocks: 22,895
          ======C:\WINDOWS\Downloaded Program Files====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =============

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\cookies.ini
            C:\WINDOWS\System32\clkcnt.txt
            C:\WINDOWS\System32\hgGvUOee.dll
            C:\WINDOWS\System32\jelorozu.exe
            C:\WINDOWS\System32\mcrh.tmp
            C:\WINDOWS\System32\mpuzipwh.exe
            C:\WINDOWS\System32\pfipaiww.dll
            C:\WINDOWS\System32\qpWGOUvw.ini
            C:\WINDOWS\System32\qpWGOUvw.ini2
            C:\WINDOWS\System32\rwsrrkgv.ini
            C:\WINDOWS\System32\stirlrjj.dll
            C:\WINDOWS\System32\tmp.reg
            C:\WINDOWS\System32\tmp.txt
            C:\WINDOWS\System32\tupwtglu.exe
            C:\WINDOWS\System32\wtdnoqgy.dll
            C:\WINDOWS\System32\wvUOGWpq.dll
            C:\WINDOWS\System32\ygqondtw.ini) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              Deleting files
              C:\WINDOWS\cookies.ini deleted
              C:\WINDOWS\System32\clkcnt.txt deleted
              C:\WINDOWS\System32\hgGvUOee.dll not deleted
              C:\WINDOWS\System32\jelorozu.exe deleted
              C:\WINDOWS\System32\mcrh.tmp deleted
              C:\WINDOWS\System32\mpuzipwh.exe deleted
              C:\WINDOWS\System32\pfipaiww.dll deleted
              C:\WINDOWS\System32\qpWGOUvw.ini deleted
              C:\WINDOWS\System32\qpWGOUvw.ini2 deleted
              C:\WINDOWS\System32\rwsrrkgv.ini deleted
              C:\WINDOWS\System32\stirlrjj.dll deleted
              C:\WINDOWS\System32\tmp.reg deleted
              C:\WINDOWS\System32\tmp.txt deleted
              C:\WINDOWS\System32\tupwtglu.exe deleted
              C:\WINDOWS\System32\wtdnoqgy.dll deleted
              C:\WINDOWS\System32\wvUOGWpq.dll not deleted
              C:\WINDOWS\System32\ygqondtw.ini deleted

              Comment


              • #8
                Download VirtumundoBegone (mirror)
                Sla dit op op je bureaublad.

                Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
                Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
                Als de fix klaar is, start je de pc opnieuw op.
                Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

                Post ook een nieuw logje van Hijackthis.

                Comment


                • #9
                  Ik kan deze tool blijkbaar niet downloaden.
                  Het volgende verschijnt in en nieuw internet-venster:

                  Platinum 2007 waarschuwing:

                  Het bestand http://secured2k.home.comcast.net/~secured2k/tools/VirtumundoBeGone.exe was een tracking programma en werd verwijderd. Naam van het tracking programma: Application/Processor

                  Moet ik even mijn Panda uitschakelen om het te downloaden?

                  Mvg

                  Comment


                  • #10
                    Zelfs als ik Panda uitschakel, blijf ik dezelfde boodschap krijgen...

                    Comment


                    • #11
                      Via deze link dan:

                      Comment


                      • #12
                        Sorry hoor, het lukt echt niet.

                        Als ik op deze link klik, opent er een ZIP-bestand. Maar er blijkt vogens WinRAR niets in dit bestand te zitten

                        Dan verschijnt er een boodschap van Panda 'mogelijk ongewenst programma geneutraliseerd'
                        Last edited by stevenrsca; 12-04-08, 13:21.

                        Comment


                        • #13
                          Vervelend programma dat Panda van jouw, in plaats van het opruimen van de infecties, houdt het zich blijkbaar bezig met het opruimen van oplossingen voor infecties

                          Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
                          Unzip het.
                          Start het programma door op avenger.exe te klikken.
                          In het venster "Input Script here", plak je het volgende (vetgedrukte):


                          Files to delete:
                          C:\WINDOWS\System32\hgGvUOee.dll
                          C:\WINDOWS\System32\wvUOGWpq.dll
                          C:\WINDOWS\System32\qpWGOUvw.ini
                          C:\WINDOWS\System32\qpWGOUvw.ini2


                          Klik daarna op de knop "Execute".
                          Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                          Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

                          Comment


                          • #14
                            Sorry voor het late antwoord, maar ik was deze namiddag gaan fietsen

                            Hier het logje van avenger:

                            Logfile of The Avenger Version 2.0, (c) by Swandog46
                            http://swandog46.geekstogo.com

                            Platform: Windows XP

                            *******************

                            Script file opened successfully.
                            Script file read successfully.

                            Backups directory opened successfully at C:\Avenger

                            *******************

                            Beginning to process script file:

                            Rootkit scan active.
                            No rootkits found!

                            File "C:\WINDOWS\System32\hgGvUOee.dll" deleted successfully.
                            File "C:\WINDOWS\System32\wvUOGWpq.dll" deleted successfully.
                            File "C:\WINDOWS\System32\qpWGOUvw.ini" deleted successfully.
                            File "C:\WINDOWS\System32\qpWGOUvw.ini2" deleted successfully.

                            Completed script processing.

                            *******************

                            Finished! Terminate.

                            Comment


                            • #15
                              Post nu nog maar even een nieuw logje van Hijackthis

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X