Mededeling

Collapse
No announcement yet.

trojandownloader.xs

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    trojandownloader.xs

    Dit programma zit sinds een paar dagen op mijn computer, en zorgt ervoor dat ik niet eens meer fatsoenlijk kan surfen of mailen. Iedere paar minuten wordt vanuit de taakbalk een foutmelding gegeven (geel driehoekje met zwart uitroepteken) en meteen daarna start automatisch een site waarop geprobeerd wordt mij "antispyspider" te verkopen.
    Zelfs tijdens het typen van dit berichtje is deze pagina 5x veranderd en is mijn berichtje verdwenen.

    Het installeren van antispyware heeft niets opgeleverd (Ashampoo, AVG, Adware alert, Fixed, Spyware fighter). De trojan wordt niet gevonden.
    Verder is de computer super traag geworden.

    Wie helpt, want ik word hier gek van!

    Mijn log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:32:16, on 25-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Fixed\ucookw.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Fixed] C:\Program Files\Fixed\SysRep.exe
    O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\Fixed\ucookw.exe" -start
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195841934312
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O24 - Desktop Component 0: (no name) - http://www.babybrabbel.nl/dynban/babybanner/1130589900/3/1/1/255/165/165/0/148/206/fabian.png

    --
    End of file - 8103 bytes
    Labels: Geen
    • Citaat
  • #2
    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Fixed] C:\Program Files\Fixed\SysRep.exe
    O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\Fixed\ucookw.exe" -start
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.
    • Citaat

    Comment

    • #3
      He wat snel, super hoor!

      Hier mijn log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 9:47:40, on 26-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\drivers\KodakCCS.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\SPYWAREfighter\spftray.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\SPYWAREfighter\spfprc.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
      D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
      O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195841934312
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - (no file)
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      O24 - Desktop Component 0: (no name) - http://www.babybrabbel.nl/dynban/babybanner/1130589900/3/1/1/255/165/165/0/148/206/fabian.png

      --
      End of file - 7404 bytes
      • Citaat

      Comment

      • #4
        We moeten wat dieper graven.

        Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
        Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
        Als het tooltje klaar is, opent er een logfile (combofix.txt).
        Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
        • Citaat

        Comment

        • #5
          ComboFix 08-04-24.1 - Breur 2008-04-26 23:17:32.2 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.167 [GMT 2:00]
          Gestart vanuit: C:\Documents and Settings\Breur\Bureaublad\ComboFix.exe
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))
          .

          2008-04-26 23:13 . 2008-04-26 23:13 <DIR> d-------- C:\WINDOWS\LastGood
          2008-04-25 23:31 . 2008-04-25 23:31 <DIR> d-------- C:\Program Files\Trend Micro
          2008-04-21 22:52 . 2008-04-21 22:52 <DIR> d-------- C:\Program Files\Common Files\Application
          2008-04-21 22:51 . 2008-04-21 22:52 <DIR> d-------- C:\Program Files\SPYWAREfighter
          2008-04-21 22:48 . 2008-04-23 08:47 <DIR> d-------- C:\Program Files\Fixed
          2008-04-21 22:48 . 2008-04-21 22:48 <DIR> d-------- C:\Program Files\Common Files\Fixed
          2008-04-21 22:48 . 2008-04-21 22:49 260,384 --a------ C:\Documents and Settings\Breur\Application Data\setup_nl[1].exe
          2008-04-21 22:36 . 2008-04-21 22:37 <DIR> d-------- C:\Documents and Settings\Breur\Application Data\AdwareAlert
          2008-04-21 22:35 . 2008-04-21 22:36 <DIR> d-------- C:\Program Files\AdwareAlert
          2008-04-21 07:46 . 2008-04-21 07:46 <DIR> d-------- C:\Documents and Settings\Breur\Application Data\Grisoft
          2008-04-21 07:46 . 2008-04-21 07:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2008-04-21 07:46 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
          2008-04-20 20:15 . 2008-04-20 20:15 118 --a------ C:\WINDOWS\system32\MRT.INI
          2008-04-20 19:40 . 2008-04-20 19:40 <DIR> d-------- C:\Program Files\Ashampoo
          2008-04-20 19:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
          2008-04-20 19:22 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
          2008-04-20 19:22 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
          2008-04-20 19:13 . 2008-04-20 19:13 <DIR> d-------- C:\Documents and Settings\Breur\DoctorWeb
          2008-04-20 18:15 . 2008-04-20 18:15 <DIR> d-------- C:\Documents and Settings\Breur\Application Data\fixed
          2008-04-20 18:10 . 2008-04-20 18:10 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\fixed
          2008-04-20 17:50 . 2008-04-20 17:50 57,546 --a------ C:\WINDOWS\promogif3.gif
          2008-04-20 17:50 . 2008-04-20 17:50 24,351 --a------ C:\WINDOWS\promogif1.gif
          2008-04-20 17:50 . 2008-04-20 17:50 24,066 --a------ C:\WINDOWS\promogif2.gif
          2008-04-20 17:50 . 2008-04-20 17:50 1,296 --a------ C:\WINDOWS\homepage.html
          2008-04-20 17:50 . 2008-04-20 17:50 509 --a------ C:\WINDOWS\promo6.html
          2008-04-20 17:50 . 2008-04-20 17:50 502 --a------ C:\WINDOWS\promo4.html
          2008-04-20 17:50 . 2008-04-20 17:50 480 --a------ C:\WINDOWS\promo5.html
          2008-04-20 17:50 . 2008-04-20 17:50 285 --a------ C:\WINDOWS\promo3.html
          2008-04-20 17:50 . 2008-04-20 17:50 285 --a------ C:\WINDOWS\promo2.html
          2008-04-20 17:50 . 2008-04-20 17:50 285 --a------ C:\WINDOWS\promo1.html
          2008-04-20 17:42 . 2008-04-20 17:42 29 --a------ C:\WINDOWS\system32\tffigiif.tmp
          2008-04-20 17:41 . 2008-04-20 17:41 151,552 --a------ C:\Documents and Settings\LocalService\Application Data\951192718.exe
          2008-04-20 17:41 . 2008-04-20 17:41 32,768 --a------ C:\WINDOWS\system32\sockins32.dll
          2008-04-20 17:41 . 2008-04-20 17:50 1,950 --a------ C:\WINDOWS\index.html

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-04-26 21:10 --------- d-----w C:\Program Files\eMule
          2008-04-26 20:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-04-25 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
          2008-04-24 21:52 --------- d-----w C:\Program Files\Picasa2
          2008-04-24 20:15 --------- d-----w C:\Program Files\Spyware Doctor
          2008-04-21 14:33 --------- d-----w C:\Program Files\Windows Live Safety Center
          2008-04-20 17:18 --------- d-----w C:\Documents and Settings\Breur\Application Data\Skype
          2008-04-04 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2008-04-04 12:48 --------- d-----w C:\Program Files\Zylom Games
          2008-03-21 12:35 --------- d-----w C:\Program Files\Google
          2008-03-21 12:35 --------- d-----w C:\Documents and Settings\Breur\Application Data\Zylom
          2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
          2008-03-07 12:10 88,888 ----a-w C:\Documents and Settings\Breur\Application Data\GDIPFONTCACHEV1.DAT
          2008-03-03 07:46 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-02-21 13:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll
          2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
          2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
          2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
          .

          ((((((((((((((((((((((((((((( [email protected]_22.51.00,96 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-04-26 19:18:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
          + 2008-04-26 21:09:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
          - 2008-04-20 17:56:36 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
          + 2008-04-26 21:02:10 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
          - 2008-04-20 17:56:36 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat
          + 2008-04-26 21:02:10 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat
          - 2008-04-20 17:56:36 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
          + 2008-04-26 21:02:10 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
          - 2008-04-20 17:56:36 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat
          + 2008-04-26 21:02:10 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 11:03 68856]
          "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-04-21 22:22 7173360]
          "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-25 01:19 77824]
          "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
          "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
          HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]
          Kodak EasyShare software.lnk - D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GencTurK RootKit]
          @="Service"

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\Messenger\\msmsgs.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

          R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 17:17]
          R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 10:23]
          R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
          R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
          S3 usbaucmd;usbaucmd;C:\WINDOWS\system32\drivers\usbaucmd.sys


          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
          rundll32 sockins32.dll,InitModule
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-04-26 21:10:10 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
          - C:\Program Files\AdwareAlert\AdwareAlert.ex
          - C:\Program Files\AdwareAlert
          .
          **************************************************************************

          catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-04-26 23:18:34
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 89

          **************************************************************************
          .
          Voltooingstijd: 2008-04-26 23:20:38
          ComboFix-quarantined-files.txt 2008-04-26 21:19:53
          ComboFix2.txt 2008-04-26 20:51:22

          Pre-Run: 6,165,831,680 bytes beschikbaar
          Post-Run: 6,155,083,776 bytes beschikbaar

          132 --- E O F --- 2008-04-26 21:12:30



          En de hijackThis log:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 23:22:28, on 26-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\WINDOWS\system32\drivers\KodakCCS.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Winamp\winampa.exe
          C:\Program Files\SPYWAREfighter\spftray.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
          D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
          C:\Program Files\SPYWAREfighter\spfprc.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\notepad.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
          O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
          O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
          O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
          O4 - Global Startup: Kodak EasyShare software.lnk = D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
          O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
          O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
          O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195841934312
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - (no file)
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
          O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
          O24 - Desktop Component 0: (no name) - http://www.babybrabbel.nl/dynban/babybanner/1130589900/3/1/1/255/165/165/0/148/206/fabian.png

          --
          End of file - 6743 bytes


          Tot nu toe geen zelf-openende programma's meer gehad . Wél had ik na het opnieuw opstarten van de computer, nog steeds dat knalrode buroblad met de viruswaarschuwing erop. Het gele embleempje rechtsonderin is ook verdwenen.
          Oh ja, ik heb tijdens de eerste keer Combofix een vastloper gehad, en moest de computer toen handmatig opnieuw opstarten. Daarna heb ik hem nog een keer gedraaid en toen ging het wel goed, en daar is deze log dan ook van.

          Ik hoop echt dat het probleem nu over is, op wat restjes na die er ongetwijfeld zullen zitten. En ik vind het echt super dat je me wilt helpen .
          • Citaat

          Comment

          • #6
            Sluit alle open vensters.
            Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
            O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab


            Klik daarna op "Fix checked" en sluit HijackThis af.

            Open een kladblokbestand.
            Kopieer de ondestaande code, en plak deze in het kladblokbestand.
            Sla het kladblokbestand op als CFScript.txt
            Code:
            FILE::
C:\WINDOWS\promogif3.gif
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\homepage.html
C:\WINDOWS\promo6.html
C:\WINDOWS\promo4.html
C:\WINDOWS\promo5.html
C:\WINDOWS\promo3.html
C:\WINDOWS\promo2.html
C:\WINDOWS\promo1.html
C:\WINDOWS\system32\tffigiif.tmp
C:\Documents and Settings\LocalService\Application Data\951192718.exe
C:\WINDOWS\system32\sockins32.dll
C:\WINDOWS\index.html

FOLDERLOOK::
C:\Documents and Settings\Breur\Application Data\fixed
C:\Documents and Settings\All Users\Application Data\fixed

REGISTRY::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GencTurK RootKit]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{66186F05-BBBB-4a39-864F-72D84615C679}"=-
            Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

            ComboFix zal opnieuw starten.
            Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
            Post de inhoud van de logfile.
            • Citaat

            Comment

            • #7
              Combo Fix log:
              ComboFix 08-04-24.1 - Breur 2008-04-27 21:57:15.3 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.231 [GMT 2:00]
              Gestart vanuit: C:\Documents and Settings\Breur\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Breur\Bureaublad\CFScript.txt
              * Nieuw herstelpunt werd aangemaakt

              FILE ::
              C:\Documents and Settings\LocalService\Application Data\951192718.exe
              C:\WINDOWS\homepage.html
              C:\WINDOWS\index.html
              C:\WINDOWS\promo1.html
              C:\WINDOWS\promo2.html
              C:\WINDOWS\promo3.html
              C:\WINDOWS\promo4.html
              C:\WINDOWS\promo5.html
              C:\WINDOWS\promo6.html
              C:\WINDOWS\promogif1.gif
              C:\WINDOWS\promogif2.gif
              C:\WINDOWS\promogif3.gif
              C:\WINDOWS\system32\sockins32.dll
              C:\WINDOWS\system32\tffigiif.tmp
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Documents and Settings\LocalService\Application Data\951192718.exe
              C:\WINDOWS\homepage.html
              C:\WINDOWS\index.html
              C:\WINDOWS\promo1.html
              C:\WINDOWS\promo2.html
              C:\WINDOWS\promo3.html
              C:\WINDOWS\promo4.html
              C:\WINDOWS\promo5.html
              C:\WINDOWS\promo6.html
              C:\WINDOWS\promogif1.gif
              C:\WINDOWS\promogif2.gif
              C:\WINDOWS\promogif3.gif
              C:\WINDOWS\system32\sockins32.dll
              C:\WINDOWS\system32\tffigiif.tmp

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))
              .

              2008-04-26 23:34 . 2008-04-26 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
              2008-04-25 23:31 . 2008-04-25 23:31 <DIR> d-------- C:\Program Files\Trend Micro
              2008-04-21 22:52 . 2008-04-21 22:52 <DIR> d-------- C:\Program Files\Common Files\Application
              2008-04-21 22:51 . 2008-04-21 22:52 <DIR> d-------- C:\Program Files\SPYWAREfighter
              2008-04-21 22:48 . 2008-04-23 08:47 <DIR> d-------- C:\Program Files\Fixed
              2008-04-21 22:48 . 2008-04-21 22:48 <DIR> d-------- C:\Program Files\Common Files\Fixed
              2008-04-21 22:48 . 2008-04-21 22:49 260,384 --a------ C:\Documents and Settings\Breur\Application Data\setup_nl[1].exe
              2008-04-21 22:36 . 2008-04-21 22:37 <DIR> d-------- C:\Documents and Settings\Breur\Application Data\AdwareAlert
              2008-04-21 22:35 . 2008-04-21 22:36 <DIR> d-------- C:\Program Files\AdwareAlert
              2008-04-21 07:46 . 2008-04-21 07:46 <DIR> d-------- C:\Documents and Settings\Breur\Application Data\Grisoft
              2008-04-21 07:46 . 2008-04-21 07:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2008-04-21 07:46 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
              2008-04-20 20:15 . 2008-04-20 20:15 118 --a------ C:\WINDOWS\system32\MRT.INI
              2008-04-20 19:40 . 2008-04-20 19:40 <DIR> d-------- C:\Program Files\Ashampoo
              2008-04-20 19:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
              2008-04-20 19:22 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
              2008-04-20 19:22 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
              2008-04-20 19:13 . 2008-04-20 19:13 <DIR> d-------- C:\Documents and Settings\Breur\DoctorWeb
              2008-04-20 18:15 . 2008-04-20 18:15 <DIR> d-------- C:\Documents and Settings\Breur\Application Data\fixed
              2008-04-20 18:10 . 2008-04-20 18:10 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\fixed

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-04-27 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
              2008-04-27 19:38 --------- d-----w C:\Program Files\eMule
              2008-04-26 21:34 --------- d-----w C:\Program Files\Zylom Games
              2008-04-26 21:34 --------- d-----w C:\Documents and Settings\Breur\Application Data\Zylom
              2008-04-26 20:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
              2008-04-24 21:52 --------- d-----w C:\Program Files\Picasa2
              2008-04-24 20:15 --------- d-----w C:\Program Files\Spyware Doctor
              2008-04-21 14:33 --------- d-----w C:\Program Files\Windows Live Safety Center
              2008-04-20 17:18 --------- d-----w C:\Documents and Settings\Breur\Application Data\Skype
              2008-04-04 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
              2008-03-21 12:35 --------- d-----w C:\Program Files\Google
              2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
              2008-03-07 12:10 88,888 ----a-w C:\Documents and Settings\Breur\Application Data\GDIPFONTCACHEV1.DAT
              2008-03-03 07:46 --------- d-----w C:\Program Files\Common Files\Adobe
              2008-02-21 13:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll
              2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
              2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
              2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
              .

              ((((((((((((((((((((((((((((( [email protected]_22.51.00,96 )))))))))))))))))))))))))))))))))))))))))
              .
              - 2008-04-26 19:18:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
              + 2008-04-27 19:36:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
              - 2008-04-20 17:56:36 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
              + 2008-04-26 21:02:10 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
              - 2008-04-20 17:56:36 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat
              + 2008-04-26 21:02:10 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat
              - 2008-04-20 17:56:36 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
              + 2008-04-26 21:02:10 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
              - 2008-04-20 17:56:36 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat
              + 2008-04-26 21:02:10 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 11:03 68856]
              "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-04-21 22:22 7173360]
              "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-25 01:19 77824]
              "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
              "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
              HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]
              Kodak EasyShare software.lnk - D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "C:\\Program Files\\Messenger\\msmsgs.exe"=
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
              "C:\\Program Files\\eMule\\emule.exe"=

              R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 17:17]
              R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 10:23]
              R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
              R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
              S3 usbaucmd;usbaucmd;C:\WINDOWS\system32\drivers\usbaucmd.sys

              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-04-27 19:38:26 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
              - C:\Program Files\AdwareAlert\AdwareAlert.ex
              - C:\Program Files\AdwareAlert
              .
              **************************************************************************

              catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-04-27 21:59:13
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 89

              **************************************************************************
              .
              Voltooingstijd: 2008-04-27 22:01:27
              ComboFix-quarantined-files.txt 2008-04-27 20:01:01
              ComboFix2.txt 2008-04-26 21:20:39
              ComboFix3.txt 2008-04-26 20:51:22

              Pre-Run: 5,990,453,248 bytes beschikbaar
              Post-Run: 6,061,625,344 bytes beschikbaar

              148 --- E O F --- 2008-04-26 23:00:22


              Het opstarten van de computer ging lekker snel, en geen vervelend rood buroblad meer, en ook geen pop-ups of iets dergelijks, of foutmeldingen tijdens het opstarten (die had ik de laatste tijd steeds vaker).

              Mijn complimenten ook voor de duidelijke uitleg, ik heb er niet zoveel verstand van maar kon het makkelijk volgen. Klasse, ik ben er echt heel blij mee!
              • Citaat

              Comment

              • #8
                Graag gedaan hoor.

                Installeer een virusscanner (1), update deze en laat de volledige computer scannen.
                Wordt er wat gevonden dan laat he dit verwijderen.
                Herstart de computer en maak een nieuwe hijackthislog.

                AVG, AntiVir en Avast zijn gratis antivirusprogramma's.
                • Citaat

                Comment

                • #9
                  Oke, gedaan wat je vroeg en Avast vond nog 4 trojans! Maargoed, hier komt het logje:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 8:18:24, on 29-4-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  C:\WINDOWS\system32\drivers\KodakCCS.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\Winamp\winampa.exe
                  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
                  D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                  C:\Program Files\Alwil Software\Avast4\setup\avast.setup
                  C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  C:\WINDOWS\system32\wuauclt.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
                  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
                  O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
                  O4 - Global Startup: Kodak EasyShare software.lnk = D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
                  O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                  O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195841934312
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                  O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - (no file)
                  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
                  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                  O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                  O24 - Desktop Component 0: (no name) - http://www.babybrabbel.nl/dynban/babybanner/1130589900/3/1/1/255/165/165/0/148/206/fabian.png

                  --
                  End of file - 6199 bytes
                  • Citaat

                  Comment

                  • #10
                    Prima.
                    Zijn er nog problemen?

                    Maak een nieuwe log met ComboFix en post deze.
                    • Citaat

                    Comment

                    • #11
                      Helemaal geen problemen meer gelukkig. Ben er echt blij mee!

                      ComboFix 08-04-24.1 - Breur 2008-04-29 21:14:34.4 - NTFSx86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.224 [GMT 2:00]
                      Gestart vanuit: C:\Documents and Settings\Breur\Bureaublad\ComboFix.exe
                      .

                      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))
                      .

                      2008-04-28 20:54 . 2008-04-28 20:54 <DIR> d-------- C:\Program Files\Alwil Software
                      2008-04-28 07:46 . 2008-04-28 07:47 <DIR> d-------- C:\WINDOWS\system32\Adobe
                      2008-04-26 23:34 . 2008-04-26 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
                      2008-04-25 23:31 . 2008-04-25 23:31 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-04-21 22:51 . 2008-04-28 20:24 <DIR> d-------- C:\Program Files\SPYWAREfighter
                      2008-04-21 22:48 . 2008-04-28 21:11 <DIR> d-------- C:\Program Files\Common Files\Fixed
                      2008-04-21 22:48 . 2008-04-21 22:49 260,384 --a------ C:\Documents and Settings\Breur\Application Data\setup_nl[1].exe
                      2008-04-21 22:36 . 2008-04-21 22:37 <DIR> d-------- C:\Documents and Settings\Breur\Application Data\AdwareAlert
                      2008-04-21 07:46 . 2008-04-21 07:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                      2008-04-20 20:15 . 2008-04-20 20:15 118 --a------ C:\WINDOWS\system32\MRT.INI
                      2008-04-20 19:40 . 2008-04-20 19:40 <DIR> d-------- C:\Program Files\Ashampoo
                      2008-04-20 19:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
                      2008-04-20 19:22 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
                      2008-04-20 19:22 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
                      2008-04-20 19:13 . 2008-04-20 19:13 <DIR> d-------- C:\Documents and Settings\Breur\DoctorWeb
                      2008-04-20 18:15 . 2008-04-20 18:15 <DIR> d-------- C:\Documents and Settings\Breur\Application Data\fixed
                      2008-04-20 18:10 . 2008-04-20 18:10 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\fixed

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-04-28 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
                      2008-04-28 18:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                      2008-04-27 19:38 --------- d-----w C:\Program Files\eMule
                      2008-04-26 21:34 --------- d-----w C:\Program Files\Zylom Games
                      2008-04-26 21:34 --------- d-----w C:\Documents and Settings\Breur\Application Data\Zylom
                      2008-04-24 21:52 --------- d-----w C:\Program Files\Picasa2
                      2008-04-21 14:33 --------- d-----w C:\Program Files\Windows Live Safety Center
                      2008-04-20 17:18 --------- d-----w C:\Documents and Settings\Breur\Application Data\Skype
                      2008-04-04 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                      2008-03-21 12:35 --------- d-----w C:\Program Files\Google
                      2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
                      2008-03-07 12:10 88,888 ----a-w C:\Documents and Settings\Breur\Application Data\GDIPFONTCACHEV1.DAT
                      2008-03-03 07:46 --------- d-----w C:\Program Files\Common Files\Adobe
                      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
                      2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
                      2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
                      .

                      ((((((((((((((((((((((((((((( [email protected]_22.51.00,96 )))))))))))))))))))))))))))))))))))))))))
                      .
                      - 2008-04-26 19:18:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                      + 2008-04-29 17:37:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                      + 2008-03-19 17:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
                      + 2008-03-19 17:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
                      + 2008-03-19 17:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
                      + 2008-03-19 16:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
                      + 2008-03-19 17:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
                      + 2008-03-19 16:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
                      + 2008-03-19 16:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
                      + 2008-03-19 16:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
                      + 2008-03-19 16:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
                      + 2008-03-19 17:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
                      + 2008-03-19 17:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
                      + 2008-03-19 17:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
                      + 2008-03-19 17:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
                      + 2008-03-19 17:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
                      + 2008-03-19 16:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
                      + 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
                      + 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
                      + 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
                      + 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
                      + 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
                      + 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
                      + 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
                      + 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
                      + 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
                      + 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
                      - 2008-04-20 17:56:36 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
                      + 2008-04-26 21:02:10 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
                      - 2008-04-20 17:56:36 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat
                      + 2008-04-26 21:02:10 69,380 ----a-w C:\WINDOWS\system32\perfc013.dat
                      - 2008-04-20 17:56:36 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
                      + 2008-04-26 21:02:10 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
                      - 2008-04-20 17:56:36 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat
                      + 2008-04-26 21:02:10 442,004 ----a-w C:\WINDOWS\system32\perfh013.dat
                      + 2008-04-29 17:37:06 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_554.dat
                      .
                      -- Snapshot reset to current date --
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 11:03 68856]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-25 01:19 77824]
                      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
                      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
                      HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]
                      Kodak EasyShare software.lnk - D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
                      C:\Program Files\AdwareAlert\AdwareAlert.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
                      --a------ 2007-05-13 16:57 5308416 C:\Program Files\eMule\emule.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                      --a------ 2007-11-18 11:03 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                      "AntiVirusOverride"=dword:00000001

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "C:\\Program Files\\Messenger\\msmsgs.exe"=
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                      "C:\\Program Files\\eMule\\emule.exe"=

                      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
                      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
                      R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 17:17]
                      R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 10:23]
                      S3 usbaucmd;usbaucmd;C:\WINDOWS\system32\drivers\usbaucmd.sys

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2008-04-29 01:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
                      - C:\Program Files\AdwareAlert\AdwareAlert.ex
                      - C:\Program Files\AdwareAlert
                      .
                      **************************************************************************

                      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-04-29 21:17:05
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      Voltooingstijd: 2008-04-29 21:18:29
                      ComboFix-quarantined-files.txt 2008-04-29 19:18:17
                      ComboFix2.txt 2008-04-27 20:01:27
                      ComboFix3.txt 2008-04-26 21:20:39
                      ComboFix4.txt 2008-04-26 20:51:22

                      Pre-Run: 6,138,761,216 bytes beschikbaar
                      Post-Run: 6,310,576,128 bytes beschikbaar

                      144 --- E O F --- 2008-04-26 23:00:22
                      • Citaat

                      Comment

                      • #12
                        Mooi zo.

                        Ga naar Start - Uitvoeren en tik in: ComboFix /u
                        Druk op Enter.


                        Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                        De status van deze thread zet ik op opgelost.
                        Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                        Happy surfing again.
                        • Citaat

                        Comment

                        • #13
                          Oke, gedaan en CombiFix is verwijderd.

                          Heeeeel erg bedankt voor de duidelijke hulp, ik zou niet zonder m'n computertje kunnen en dat hoeft nu gelukkig ook niet. Super dat je me wilde helpen .
                          • Citaat

                          Comment

                          • #14
                            Graag gedaan Brankel.
                            • Citaat

                            Comment

                            Vorige template Volgende
                            Sorry, you are not authorized to view this page
                            Working...
                            X