Mededeling

Collapse
No announcement yet.

obfuskated

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • obfuskated

    Goedemiddag,

    Elke keer wanneer ik de computer opstart vind avg het volgende: obfuskated
    Kan iemand mij helpen deze te verwijderen?

    Hierbij de log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:32:00, on 24-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\All Users\Application Data\xktkfubm\nknqzsxi.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vinden.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [WWQ0LtKHuP] C:\Documents and Settings\All Users\Application Data\xktkfubm\nknqzsxi.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206823032062
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206913015_1718b8757d7bbee3cf237b9e0a116fd7&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 8113 bytes


    Alvast vriendelijk bedankt.

  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Policies\Explorer\Run: [WWQ0LtKHuP] C:\Documents and Settings\All Users\Application Data\xktkfubm\nknqzsxi.exe


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.

    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    @ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    "C:\Documents and Settings\All Users\Application Data\xktkfubm\nknqzsxi.exe") DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted successfully>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt
    EXIT

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    Comment


    • #3
      Bij del.bat krijg ik nu:

      Deleting files
      "C:\Documents and Settings\All Users\Application Data\xktkfubm\nknqzsxi.exe" deleted successfully

      Comment


      • #4
        hijack

        Bij Hijackthis krijg ik:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 14:41:57, on 25-4-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\system32\VTTimer.exe
        C:\WINDOWS\system32\VTtrayp.exe
        C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
        C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vinden.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
        O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
        O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
        O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
        O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
        O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
        O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
        O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
        O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
        O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206823032062
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206913015_1718b8757d7bbee3cf237b9e0a116fd7&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

        --
        End of file - 7870 bytes

        Bedankt voor je hulp en hoop dat alles nu goed is???

        Groetjes Kees

        Comment


        • #5
          Ziet er goed uit Kees.
          Eventueel kan je deze map nog verwijderen: C:\Documents and Settings\All Users\Application Data\xktkfubm

          Zijn er nog problemen?

          Comment


          • #6
            Het probleem was weg totdat ik vanavond ipv iex browser de firefox browser opstarte toen kwam er gelijk weer een melding van AVG met de melding

            Comment


            • #7
              Welke melding?
              Probleem is er nog steeds?

              Comment


              • #8
                Vanmorgen nog niet weer de melding gehad,maar gister was de melding:

                zurmjyny.exe en AVG gaf ook de melding obfuskated erbij

                Enig idee?

                Comment


                • #9
                  Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
                  Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
                  Als het tooltje klaar is, opent er een logfile (combofix.txt).
                  Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                  Comment


                  • #10
                    Log Hijack

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 13:13:27, on 26-4-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\SOUNDMAN.EXE
                    C:\WINDOWS\system32\VTTimer.exe
                    C:\WINDOWS\system32\VTtrayp.exe
                    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
                    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    C:\WINDOWS\system32\HPZipm12.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                    C:\WINDOWS\system32\notepad.exe
                    C:\WINDOWS\explorer.exe
                    C:\Program Files\Windows Live\Messenger\usnsvc.exe
                    C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                    C:\Program Files\Grisoft\AVG7\avgcc.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vinden.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
                    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                    O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
                    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
                    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
                    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
                    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
                    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206823032062
                    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206913015_1718b8757d7bbee3cf237b9e0a116fd7&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

                    --
                    End of file - 7859 bytes


                    Log Combofix:

                    ComboFix 08-04-24.1 - Eigenaar 2008-04-26 13:07:11.1 - NTFSx86
                    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.654 [GMT 2:00]
                    Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
                    Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
                    * Nieuw herstelpunt werd aangemaakt
                    .

                    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                    .

                    C:\WINDOWS\system32\npWGPXyb.ini
                    C:\WINDOWS\system32\npWGPXyb.ini2

                    .
                    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))
                    .

                    2008-04-24 18:08 . 2008-04-24 18:08 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\AdwareAlert
                    2008-04-24 17:21 . 2008-04-24 17:21 <DIR> d-------- C:\Program Files\Trend Micro
                    2008-04-24 14:17 . 2008-04-24 14:40 <DIR> d-------- C:\Program Files\Windows Live Safety Center
                    2008-04-23 12:08 . 2008-04-23 12:08 69 --a------ C:\WINDOWS\NeroDigital.ini
                    2008-04-16 19:01 . 2008-04-16 19:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
                    2008-04-16 19:00 . 2008-04-16 19:00 <DIR> d-------- C:\Program Files\MSXML 4.0
                    2008-04-16 14:02 . 2008-04-16 14:02 0 --a------ C:\WINDOWS\nsreg.dat
                    2008-04-16 09:59 . 2008-04-16 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
                    2008-04-15 18:08 . 2008-04-15 18:08 96,577 --a------ C:\WINDOWS\hpqins16.dat
                    2008-04-15 17:22 . 2008-04-15 17:22 69,419 --a------ C:\Documents and Settings\Eigenaar\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
                    2008-04-15 17:22 . 2008-04-15 17:22 2,098 --a------ C:\Documents and Settings\Eigenaar\Application Data\HPSU_48BitScanUpdate.log
                    2008-04-15 17:22 . 2008-04-15 17:22 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
                    2008-04-15 17:22 . 2008-04-15 17:22 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
                    2008-04-15 17:17 . 2008-04-15 17:17 80,997 --a------ C:\Documents and Settings\Eigenaar\Application Data\Update_HP_RedboxHprblog_HPSU.log
                    2008-04-15 17:17 . 2008-04-15 17:17 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
                    2008-04-15 10:49 . 2008-04-15 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
                    2008-04-15 10:48 . 2008-04-15 10:48 <DIR> d-------- C:\Program Files\Common Files\HP
                    2008-04-15 10:46 . 2008-04-15 10:46 <DIR> d-------- C:\Program Files\Hewlett-Packard
                    2008-04-15 10:44 . 2008-04-15 10:44 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
                    2008-04-15 10:44 . 2005-03-08 06:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
                    2008-04-15 10:44 . 2005-03-08 06:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
                    2008-04-15 10:43 . 2005-03-08 06:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
                    2008-04-15 10:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
                    2008-04-15 10:43 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
                    2008-04-15 10:41 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
                    2008-04-15 10:41 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
                    2008-04-15 10:41 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
                    2008-04-15 10:41 . 2007-08-09 09:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
                    2008-04-15 10:41 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
                    2008-04-15 10:41 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
                    2008-04-15 10:39 . 2008-04-15 10:49 <DIR> d-------- C:\Program Files\HP
                    2008-04-15 10:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
                    2008-04-15 10:39 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
                    2008-04-15 10:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
                    2008-04-15 10:39 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
                    2008-04-15 10:38 . 2008-04-15 12:38 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\HP
                    2008-04-15 10:38 . 2008-04-15 10:51 113,346 --a------ C:\WINDOWS\hpoins07.dat
                    2008-04-15 10:38 . 2005-05-24 08:50 21,124 --------- C:\WINDOWS\hpomdl07.dat
                    2008-04-13 16:29 . 2008-01-28 16:25 1,723,944 --a------ C:\WINDOWS\system32\Teletekst.scr
                    2008-04-13 16:27 . 2008-04-13 16:27 <DIR> d-------- C:\Program Files\Teletekstbrowser
                    2008-04-13 16:27 . 2008-04-13 16:27 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Teletekst
                    2008-04-13 16:27 . 2008-04-13 16:27 86 --a------ C:\WINDOWS\Teletekst.ini
                    2008-04-06 14:12 . 2008-04-06 14:12 <DIR> d-------- C:\Program Files\Lavalys
                    2008-04-05 18:48 . 2008-04-18 18:47 <DIR> d-------- C:\Program Files\SlimTV
                    2008-04-04 20:57 . 2008-04-04 20:57 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
                    2008-04-04 20:57 . 2008-04-04 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
                    2008-04-04 20:52 . 2008-04-04 20:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
                    2008-04-04 13:45 . 2008-04-04 13:46 1,320 --a------ C:\trackers.lst
                    2008-04-04 13:45 . 2008-04-04 13:46 369 --a------ C:\WINDOWS\maketorrent.ini
                    2008-04-04 13:33 . 2008-04-04 13:33 <DIR> d--hs---- C:\WINDOWS\ftpcache
                    2008-04-04 10:20 . 2008-04-04 10:20 196,608 --a------ C:\WINDOWS\system32\avisynth.dll
                    2008-04-04 10:19 . 2008-04-04 10:19 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
                    2008-04-03 23:13 . 2008-04-03 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
                    2008-04-03 19:57 . 2008-04-03 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Awem
                    2008-04-03 18:03 . 2008-04-03 20:30 <DIR> d-------- C:\Program Files\Zylom Games
                    2008-04-03 17:16 . 2008-04-03 17:31 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Legends of pirates
                    2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Eigenaar\Saved Games
                    2008-04-03 09:20 . 2008-04-09 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
                    2008-04-01 19:01 . 2008-04-01 19:01 <DIR> d-------- C:\Program Files\Webroot
                    2008-04-01 19:01 . 2008-04-01 19:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
                    2008-04-01 19:01 . 2008-04-01 19:01 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Webroot
                    2008-04-01 19:01 . 2008-04-01 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
                    2008-04-01 19:01 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
                    2008-04-01 19:01 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
                    2008-04-01 19:01 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
                    2008-04-01 19:01 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
                    2008-04-01 19:01 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
                    2008-04-01 16:35 . 2008-04-25 14:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                    2008-04-01 16:34 . 2008-04-24 18:23 <DIR> d-------- C:\Program Files\Trojan Remover
                    2008-04-01 16:34 . 2008-04-01 16:34 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Simply Super Software
                    2008-04-01 16:34 . 2008-04-01 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
                    2008-04-01 16:34 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
                    2008-04-01 16:34 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
                    2008-04-01 16:34 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
                    2008-04-01 16:34 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
                    2008-04-01 16:34 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
                    2008-03-31 14:55 . 2008-03-31 14:55 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Media Player Classic
                    2008-03-31 14:54 . 2008-03-31 14:54 <DIR> d-------- C:\Program Files\VideoLAN
                    2008-03-31 14:53 . 2008-03-31 14:53 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
                    2008-03-30 23:38 . 2008-03-30 23:38 <DIR> d-------- C:\Documents and Settings\Eigenaar\LimeWire Store Purchased
                    2008-03-30 23:38 . 2008-03-30 23:38 <DIR> d-------- C:\Documents and Settings\Eigenaar\LimeWire Shared
                    2008-03-30 23:38 . 2008-03-31 14:30 <DIR> d-------- C:\Documents and Settings\Eigenaar\LimeWire Saved
                    2008-03-30 23:38 . 2008-03-31 14:36 <DIR> d-------- C:\Documents and Settings\Eigenaar\Incomplete
                    2008-03-30 23:38 . 2008-04-09 20:05 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\LimeWirePlus
                    2008-03-30 23:37 . 2008-03-30 23:37 <DIR> d-------- C:\WINDOWS\Sun
                    2008-03-30 23:37 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                    2008-03-30 23:36 . 2008-03-30 23:37 <DIR> d-------- C:\Program Files\Java
                    2008-03-30 23:35 . 2008-03-30 23:35 <DIR> d-------- C:\Program Files\Common Files\Java
                    2008-03-30 23:34 . 2008-03-30 23:38 <DIR> d-------- C:\Program Files\LimeWire Plus
                    2008-03-30 16:29 . 2008-03-30 16:29 <DIR> d-------- C:\WINDOWS\vbSkinner
                    2008-03-30 16:26 . 2008-03-30 17:42 <DIR> d-------- C:\Program Files\PFConfig
                    2008-03-30 14:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
                    2008-03-30 14:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
                    2008-03-30 14:43 . 2008-03-30 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Enkord
                    2008-03-30 14:22 . 2008-03-30 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
                    2008-03-30 14:01 . 2005-08-03 13:48 389,120 --a------ C:\WINDOWS\Adventure Inlay.scr
                    2008-03-30 13:53 . 2005-01-07 00:00 57,344 --a------ C:\WINDOWS\system32\Big Kahuna Reef.scr
                    2008-03-30 13:50 . 2008-04-03 13:40 14 --a------ C:\WINDOWS\popcinfo.dat
                    2008-03-30 13:49 . 2008-04-05 14:47 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Zylom
                    2008-03-30 13:47 . 2008-03-30 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
                    2008-03-30 13:40 . 2008-04-26 12:33 <DIR> dr-h----- C:\$VAULT$.AVG
                    2008-03-30 13:06 . 2008-03-30 13:21 <DIR> d-------- C:\Program Files\WinRARi
                    2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\uTorrent
                    2008-03-29 23:47 . 2008-03-29 23:47 268 --ah----- C:\sqmdata01.sqm
                    2008-03-29 23:47 . 2008-03-29 23:47 244 --ah----- C:\sqmnoopt01.sqm
                    2008-03-29 23:29 . 2008-03-29 23:29 268 --ah----- C:\sqmdata00.sqm
                    2008-03-29 23:29 . 2008-03-29 23:29 244 --ah----- C:\sqmnoopt00.sqm
                    2008-03-29 23:28 . 2008-03-29 23:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
                    2008-03-29 23:27 . 2008-03-29 23:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
                    2008-03-29 23:27 . 2008-03-29 23:27 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
                    2008-03-29 22:20 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
                    2008-03-29 22:19 . 2008-04-17 20:25 <DIR> d-------- C:\Documents and Settings\Eigenaar\Contacts
                    2008-03-29 22:18 . 2008-03-29 22:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
                    2008-03-29 22:18 . 2008-03-29 22:18 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
                    2008-03-29 22:18 . 2006-10-16 17:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
                    2008-03-29 22:14 . 2008-03-29 23:48 <DIR> d-------- C:\Program Files\Windows Live
                    2008-03-29 22:14 . 2008-03-29 22:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
                    2008-03-29 22:13 . 2008-03-29 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
                    2008-03-29 22:02 . 2006-06-01 20:49 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
                    2008-03-29 22:02 . 2006-06-01 20:49 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
                    2008-03-29 21:28 . 2008-03-29 21:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
                    2008-03-29 21:28 . 2008-04-26 11:20 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\AVG7
                    2008-03-29 21:28 . 2008-03-29 21:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
                    2008-03-29 21:28 . 2008-03-29 21:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
                    2008-03-29 21:27 . 2008-03-29 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2008-04-15 15:16 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
                    2008-03-29 14:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
                    2008-03-29 14:44 --------- d-----w C:\Program Files\S3
                    2008-03-29 14:43 --------- d-----w C:\Program Files\Realtek Sound Manager
                    2008-03-29 14:43 --------- d-----w C:\Program Files\Realtek AC97
                    2008-03-29 14:43 --------- d-----w C:\Program Files\AvRack
                    2008-03-29 14:42 --------- d-----w C:\Program Files\Common Files\InstallShield
                    2008-03-29 14:17 --------- d-----w C:\Program Files\microsoft frontpage
                    2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
                    2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
                    2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
                    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
                    2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
                    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
                    .

                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    REGEDIT4
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
                    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
                    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [ ]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "SoundMan"="SOUNDMAN.EXE" [2005-08-17 12:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
                    "VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe]
                    "VTTrayp"="VTtrayp.exe" [2005-10-31 22:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
                    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
                    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 09:30 579584]
                    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
                    "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-24 18:23 876624]
                    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
                    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
                    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-29 21:27 219136]

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                    "VIDC.YV12"= yv12vfw.dll
                    "VIDC.HFYU"= huffyuv.dll

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
                    --a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                    "EnableFirewall"= 0 (0x0)

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                    "%windir%\\system32\\sessmgr.exe"=
                    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
                    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
                    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
                    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
                    "C:\\Program Files\\Messenger\\msmsgs.exe"=
                    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
                    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                    "C:\\Program Files\\uTorrent\\utorrent.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
                    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                    "47972:TCP"= 47972:TCP:utorrent
                    "47972:UDP"= 47972:UDP:utorrent
                    "4000:TCP"= 4000:TCP:utorrent
                    "4000:UDP"= 4000:UDP:utorrent
                    "6112:TCP"= 6112:TCP:utorrent
                    "6112:UDP"= 6112:UDP:utorrent
                    "59336:TCP"= 59336:TCP:utorrent
                    "59336:UDP"= 59336:UDP:utorrent


                    *Newly Created Service* - CATCHME
                    .
                    Inhoud van de 'Gedeelde Taken' map
                    "2008-04-24 16:08:46 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
                    - C:\Program Files\AdwareAlert\AdwareAlert.ex
                    - C:\Program Files\AdwareAlert
                    .
                    **************************************************************************

                    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2008-04-26 13:09:23
                    Windows 5.1.2600 Service Pack 2 NTFS

                    scannen van verborgen processen ...

                    scannen van verborgen autostart items ...

                    scannen van verborgen bestanden ...

                    Scan succesvol afgerond
                    verborgen bestanden: 0

                    **************************************************************************
                    .
                    Voltooingstijd: 2008-04-26 13:10:16
                    ComboFix-quarantined-files.txt 2008-04-26 11:10:11

                    Pre-Run: 32,282,152,960 bytes beschikbaar
                    Post-Run: 32,733,724,672 bytes beschikbaar

                    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
                    [boot loader]
                    timeout=2
                    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                    [operating systems]
                    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
                    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

                    245 --- E O F --- 2008-04-16 17:01:22

                    Kan ik overigens combofix altijd draaien als ik een vermoeden heb dat er iets niet pluis is?

                    Groetjes Kees

                    Comment


                    • #11
                      Zijn er nog problemen Kees?

                      ComboFix kan je best alleen gebruiken onder toezicht.

                      Comment


                      • #12
                        Ik heb net een scan gedaan met AVG en tot op heden is er niks gevonden,dus ziet er goed uit en wil je dus bij deze nogmaals bedanken voor je hulp.

                        Groetjes Kees

                        Comment


                        • #13
                          Graag gedaan Kees.
                          Ga naar Start - Uitvoeren en tik in: ComboFix /u
                          Druk op Enter.

                          Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                          De status van deze thread staat op opgelost.
                          Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                          Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                          Happy surfing again.

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X