Mededeling

Collapse
No announcement yet.

virus die niet verwijderd kan worden. OpnkiGvT

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virus die niet verwijderd kan worden. OpnkiGvT

    Hallo,

    Sinds vandaag geeft mijn virusprogramma een melding dat hij een virus heeft gevonden.
    C:windows/system32/OpnkiGvT.dll

    Ik kan hem op geen manier verwijderen.
    Verschillende scanners eroverheen gehaald, veilige modus maar zonder resultaat.
    Ook het systeem ondervindt hier problemen van.
    PC start niet of moeilijk op, internet start niet of zeer moeilijk op (traag)
    Wellicht hebben jullie de oplossing voor dit probleem.
    Ik heb een log bijgevoegd.
    Alvast bedankt...

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:05:44, on 27-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\Ati2evxx.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\windows\system32\PnkBstrA.exe
    C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\windows\system32\rundll32.exe
    C:\windows\system32\Rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\windows\system32\ctfmon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C060FE2-B3CA-47DD-B68E-BD1A6E297226} - C:\windows\system32\byXOfgDw.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: {41fbf772-7dcf-70b9-fa34-00f77cf6331c} - {c1336fc7-7f00-43af-9b07-fcd7277fbf14} - C:\windows\system32\lflajxxi.dll
    O2 - BHO: (no name) - {FA51D6C5-01DF-494C-B30B-44F1F9FCA1F2} - C:\windows\system32\opnkiGvT.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [f061b3fa] rundll32.exe "C:\windows\system32\pfbracgq.dll",b
    O4 - HKLM\..\Run: [BMf3528066] Rundll32.exe "C:\windows\system32\uxhedhpt.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204913394953
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208066918234
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: byXOfgDw - C:\windows\SYSTEM32\byXOfgDw.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {5C060FE2-B3CA-47DD-B68E-BD1A6E297226} - C:\windows\system32\byXOfgDw.dll
    O2 - BHO: {41fbf772-7dcf-70b9-fa34-00f77cf6331c} - {c1336fc7-7f00-43af-9b07-fcd7277fbf14} - C:\windows\system32\lflajxxi.dll
    O2 - BHO: (no name) - {FA51D6C5-01DF-494C-B30B-44F1F9FCA1F2} - C:\windows\system32\opnkiGvT.dll
    O4 - HKLM\..\Run: [f061b3fa] rundll32.exe "C:\windows\system32\pfbracgq.dll",b
    O4 - HKLM\..\Run: [BMf3528066] Rundll32.exe "C:\windows\system32\uxhedhpt.dll",s
    O20 - Winlogon Notify: byXOfgDw - C:\windows\SYSTEM32\byXOfgDw.dll


    Klik daarna op "Fix checked" en sluit HijackThis af.


    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Gedaan wat je zei.. Na het herstarten van de pc kwam dezelfde melding weer van genoemd virus.

      Hier de log.

      ComboFix 08-04-26.5 - Administrator 2008-04-27 20:12:09.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.608 [GMT 2:00]
      Gestart vanuit: C:\Documents and Settings\Administrator\Mijn documenten\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      * Resident AV is active


      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\windows\pskt.ini
      C:\windows\system32\byXOfgDw.dll
      C:\windows\system32\dllcache\spoolsv.exe
      C:\windows\system32\khfGASJB.dll
      C:\windows\system32\lflajxxi.dll
      C:\windows\system32\pfbracgq.dll
      C:\WINDOWS\system32\qgcarbfp.ini
      C:\WINDOWS\system32\TvGiknpo.ini
      C:\WINDOWS\system32\TvGiknpo.ini2
      C:\windows\system32\uxhedhpt.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))
      .

      2008-04-27 19:05 . 2008-04-27 19:05 <DIR> d-------- C:\Program Files\Trend Micro
      2008-04-27 12:32 . 2008-04-27 20:04 109,756 --a------ C:\WINDOWS\BMf3528066.xml
      2008-04-26 22:19 . 2008-04-27 18:11 <DIR> d--hs---- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-04-26 20:58 . 2008-04-26 20:58 20 --a------ C:\WINDOWS\SIERRA.INI
      2008-04-26 20:50 . 2008-04-26 20:50 283,136 --a------ C:\WINDOWS\system32\opnkiGvT.dll
      2008-04-26 20:46 . 2008-04-26 20:46 <DIR> d-------- C:\Program Files\Play+Smile
      2008-04-26 20:46 . 2005-04-14 16:33 3,638 --ah----- C:\WINDOWS\ps.ico
      2008-04-25 21:15 . 2008-04-25 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ascentive
      2008-04-25 21:14 . 1998-06-24 01:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
      2008-04-25 21:14 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
      2008-04-25 20:19 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
      2008-04-25 20:19 . 2007-08-10 12:56 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
      2008-04-25 20:19 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
      2008-04-25 20:19 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx
      2008-04-24 10:20 . 2008-04-24 10:20 15,636 --a------ C:\pittbull.jpg
      2008-04-21 17:54 . 2008-04-21 17:54 0 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT_TU_65193.LOG
      2008-04-21 17:53 . 2008-04-21 17:53 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_34490.LOG
      2008-04-21 17:52 . 2008-04-21 17:52 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_55043.LOG
      2008-04-21 15:02 . 2008-04-21 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
      2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
      2008-04-21 14:54 . 2008-04-21 14:57 <DIR> d-------- C:\Program Files\ATI Technologies
      2008-04-19 23:51 . 2008-04-19 23:52 21,406 --a------ C:\kapitein kaas.jpg
      2008-04-16 22:16 . 2008-04-16 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
      2008-04-14 09:27 . 2008-04-14 09:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
      2008-04-14 09:11 . 2008-04-14 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
      2008-04-14 09:03 . 2008-04-14 09:02 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
      2008-04-14 08:54 . 2008-04-14 08:54 <DIR> d-------- C:\Program Files\Google
      2008-04-14 07:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-04-14 07:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-04-11 18:25 . 2008-04-11 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
      2008-04-08 12:19 . 2008-04-08 12:20 <DIR> d-------- C:\Program Files\QuickTime
      2008-04-08 10:32 . 2008-04-08 10:32 <DIR> d-------- C:\WINDOWS\system32\Adobe
      2008-04-08 10:32 . 2008-04-14 09:02 505,128 --a------ C:\WINDOWS\system32\msvcp71.dll
      2008-04-08 10:25 . 2008-04-08 10:25 0 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT_TU_64503.LOG
      2008-04-08 10:23 . 2008-04-08 10:23 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_56824.LOG
      2008-04-08 10:22 . 2008-04-08 10:22 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_88742.LOG
      2008-04-05 12:26 . 2008-04-16 22:07 <DIR> d-------- C:\Casino
      2008-04-05 11:21 . 2008-04-21 14:40 10 --a------ C:\WINDOWS\WININIT.INI
      2008-04-05 11:13 . 2008-04-05 11:13 64,194 --a------ C:\WINDOWS\BricoPackUninst.cmd
      2008-04-05 11:12 . 2008-04-05 11:12 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
      2008-04-05 11:00 . 2008-04-05 11:13 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
      2008-04-05 10:59 . 2008-04-05 10:59 <DIR> d-------- C:\WINDOWS\BricoPacks
      2008-04-04 23:17 . 2008-04-26 23:00 <DIR> d-------- C:\Incomplete
      2008-04-04 23:15 . 2008-04-20 11:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
      2008-04-04 23:12 . 2008-04-04 23:13 <DIR> d-------- C:\Program Files\LimeWire
      2008-04-04 13:30 . 2008-04-04 13:30 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
      2008-04-04 09:25 . 2008-04-04 09:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
      2008-04-03 21:39 . 2008-04-03 21:39 27,648 --a------ C:\Vissenfamilie.doc
      2008-04-03 14:32 . 2008-04-03 14:32 215,144 --a------ C:\WINDOWS\patchw32.dll
      2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
      2008-04-03 12:22 . 2008-04-03 12:22 <DIR> d-------- C:\WINDOWS\system32\AGEIA
      2008-04-03 12:22 . 2008-04-03 12:23 <DIR> d-------- C:\Program Files\AGEIA Technologies
      2008-04-03 11:22 . 2008-04-03 11:22 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
      2008-04-03 11:22 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
      2008-04-02 10:51 . 2008-04-02 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
      2008-03-31 17:06 . 2008-04-16 22:52 <DIR> d-------- C:\Program Files\PartyGaming
      2008-03-31 09:33 . 2008-03-31 14:52 <DIR> d-------- C:\Program Files\Yahoo!
      2008-03-29 07:19 . 2008-03-29 07:19 9,801,728 --a------ C:\WINDOWS\system32\atioglx2.dll
      2008-03-29 06:40 . 2008-03-29 06:40 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll
      2008-03-29 06:05 . 2008-03-29 06:05 372,736 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
      2008-03-29 05:56 . 2008-03-29 05:56 172,032 --a------ C:\WINDOWS\system32\atipdlxx.dll
      2008-03-29 05:56 . 2008-03-29 05:56 126,976 --a------ C:\WINDOWS\system32\Oemdspif.dll
      2008-03-29 05:55 . 2008-03-29 05:55 126,976 --a------ C:\WINDOWS\system32\ati2evxx.dll
      2008-03-29 05:55 . 2008-03-29 05:55 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
      2008-03-29 05:55 . 2008-03-29 05:55 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
      2008-03-29 05:54 . 2008-03-29 05:54 536,576 --a------ C:\WINDOWS\system32\ati2evxx.exe
      2008-03-29 05:52 . 2008-03-29 05:52 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
      2008-03-29 05:39 . 2008-03-29 05:39 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
      2008-03-29 05:36 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
      2008-03-29 05:36 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
      2008-03-29 05:36 . 2008-03-29 05:36 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
      2008-03-29 05:24 . 2008-03-29 05:24 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll
      2008-03-29 05:23 . 2008-03-29 05:23 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll
      2008-03-29 05:21 . 2008-03-29 05:21 393,216 --a------ C:\WINDOWS\system32\atikvmag.dll
      2008-03-29 05:19 . 2008-03-29 05:19 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
      2008-03-29 05:18 . 2008-03-29 05:18 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
      2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
      2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-27 18:48 7,963,680 --sha-w C:\windows\system32\drivers\fidbox.dat
      2008-04-27 18:43 111,860 --sha-w C:\windows\system32\drivers\fidbox.idx
      2008-04-27 17:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
      2008-04-26 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-26 19:15 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
      2008-04-21 15:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-21 15:20 --------- d-----w C:\Program Files\SpywareBlaster
      2008-04-16 20:15 --------- d-----w C:\Program Files\Uniblue
      2008-04-16 20:15 --------- d-----w C:\Program Files\Magic Video Converter
      2008-04-03 10:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-03-29 06:21 2,873,856 ----a-w C:\windows\system32\drivers\ati2mtag.sys
      2008-03-25 10:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
      2008-03-21 07:50 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
      2008-03-21 07:34 --------- d-----w C:\Program Files\DAEMON Tools Lite
      2008-03-21 07:28 717,296 ----a-w C:\windows\system32\drivers\sptd.sys
      2008-03-21 07:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
      2008-03-20 08:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
      2008-03-18 20:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue
      2008-03-18 16:11 --------- d-----w C:\Program Files\uTorrent
      2008-03-16 10:37 --------- d-----w C:\Program Files\SystemRequirementsLab
      2008-03-14 16:52 --------- d-----w C:\Program Files\Microsoft Private Folder 1.0
      2008-03-14 11:28 --------- d-----w C:\Program Files\Windows Defender
      2008-03-13 22:11 75,248 ----a-w C:\windows\zllsputility.exe
      2008-03-13 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-03-13 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailFrontier
      2008-03-13 20:45 --------- d-----w C:\Program Files\Lavasoft
      2008-03-13 20:32 --------- d-----w C:\Program Files\Zone Labs
      2008-03-13 20:02 45,768 ----a-w C:\windows\system32\drivers\MiniIcpt.sys
      2008-03-11 21:36 --------- d-----w C:\Program Files\MSXML 4.0
      2008-03-11 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-03-10 11:13 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-03-10 09:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
      2008-03-10 09:31 --------- d-----w C:\Program Files\Common Files\Nero
      2008-03-10 09:29 --------- d-----w C:\Program Files\Nero
      2008-03-10 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2008-03-10 07:58 --------- d-----w C:\Program Files\K-Lite Codec Pack
      2008-03-09 23:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
      2008-03-09 23:41 --------- d-----w C:\Program Files\VideoLAN
      2008-03-08 23:55 --------- d-----w C:\Program Files\MSXML 6.0
      2008-03-08 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Earthsim
      2008-03-08 17:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Earthsim
      2008-03-07 22:21 --------- d-----w C:\Program Files\MSBuild
      2008-03-07 22:16 --------- d-----w C:\Program Files\Reference Assemblies
      2008-03-07 22:13 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-03-07 21:57 --------- d-----w C:\Program Files\Java
      2008-03-07 21:55 --------- d-----w C:\Program Files\Common Files\Java
      2008-03-07 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-07 21:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
      2008-03-07 21:20 --------- d-----w C:\Program Files\CCleaner
      2008-03-07 21:07 --------- d-----w C:\Program Files\TuneUp Utilities 2008
      2008-03-07 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
      2008-03-07 21:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
      2008-03-07 21:00 --------- d-----w C:\Program Files\inKline Global
      2008-03-07 20:38 --------- d-----w C:\Program Files\HP
      2008-03-07 20:21 --------- d-----w C:\Program Files\Microsoft.NET
      2008-03-07 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2008-03-07 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
      2008-03-07 17:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
      2008-03-07 17:36 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-03-07 17:29 --------- d-----w C:\Program Files\Intel
      2008-03-07 16:23 --------- d-----w C:\Program Files\microsoft frontpage
      .

      ------- Sigcheck -------

      2007-06-13 15:24 979456 1b23f40acaed86b9f6db6833d22cfdb0 C:\windows\explorer.exe
      2007-06-13 15:12 1036800 1d6245afbd3faabc16a885116be1874d C:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2007-06-13 15:24 979456 1b23f40acaed86b9f6db6833d22cfdb0 C:\windows\system32\dllcache\explorer.exe
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA51D6C5-01DF-494C-B30B-44F1F9FCA1F2}]
      2008-04-26 20:50 283136 --a------ C:\windows\system32\opnkiGvT.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-04 14:00 15360]
      "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
      "Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOfgDw]
      byXOfgDw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
      --a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "CTFMON.EXE"=C:\windows\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "PRONoMgr.exe"=c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=

      R2 Prvflder;Prvflder;C:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 09:22]
      R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\windows\System32\svchost.exe [2004-08-04 14:00]
      S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 01:11]
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\windows\System32\TuneUpDefragService.exe [2008-03-07 23:07]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a37220c-fb05-11dc-a24f-0007e9ab8b40}]
      \Shell\AutoRun\command - G:\AutoTransfer.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-04-25 15:26:20 C:\windows\Tasks\1-Click Maintenance.job"
      - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
      "2008-04-27 18:49:04 C:\windows\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      "2008-04-16 21:02:49 C:\windows\Tasks\Uniblue SpyEraser.job"
      - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-27 20:47:56
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\windows\explorer.exe
      -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
      C:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-04-27 20:50:41 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-04-27 18:50:27

      Pre-Run: 145,644,371,968 bytes beschikbaar
      Post-Run: 145,639,596,032 bytes beschikbaar

      271 --- E O F --- 2008-04-23 18:31:52

      Comment


      • #4
        Sorry.. En de Hijack log :

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 21:00:26, on 27-4-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\windows\System32\smss.exe
        C:\windows\system32\winlogon.exe
        C:\windows\system32\services.exe
        C:\windows\system32\lsass.exe
        C:\windows\system32\Ati2evxx.exe
        C:\windows\system32\svchost.exe
        C:\Program Files\Windows Defender\MsMpEng.exe
        C:\windows\System32\svchost.exe
        C:\windows\system32\Ati2evxx.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\windows\system32\spoolsv.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\windows\system32\PnkBstrA.exe
        C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\windows\system32\ctfmon.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
        C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
        C:\windows\explorer.exe
        C:\windows\system32\notepad.exe
        C:\Program Files\internet explorer\iexplore.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {FA51D6C5-01DF-494C-B30B-44F1F9FCA1F2} - C:\windows\system32\opnkiGvT.dll
        O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
        O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
        O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204913394953
        O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208066918234
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O20 - Winlogon Notify: byXOfgDw - byXOfgDw.dll (file missing)
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
        O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
        O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        --
        End of file - 6557 bytes

        Comment


        • #5
          **** Update ******

          Inmiddels heb ik genoemd virus kunnen verwijderen in mijn antivirusprogramma.

          Comment


          • #6
            Post een nieuwe hijackthislog.

            Comment


            • #7
              Hier de nieuwe log..

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 23:14:45, on 28-4-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16640)
              Boot mode: Normal

              Running processes:
              C:\windows\System32\smss.exe
              C:\windows\system32\winlogon.exe
              C:\windows\system32\services.exe
              C:\windows\system32\lsass.exe
              C:\windows\system32\Ati2evxx.exe
              C:\windows\system32\svchost.exe
              C:\Program Files\Windows Defender\MsMpEng.exe
              C:\windows\System32\svchost.exe
              C:\windows\system32\Ati2evxx.exe
              C:\WINDOWS\system32\ZoneLabs\vsmon.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\windows\system32\spoolsv.exe
              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
              C:\WINDOWS\system32\HPZipm12.exe
              C:\windows\system32\PnkBstrA.exe
              C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
              C:\windows\Explorer.EXE
              C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
              C:\windows\system32\ctfmon.exe
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
              C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
              C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
              O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
              O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204913394953
              O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208066918234
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
              O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
              O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
              O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
              O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe
              O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

              --
              End of file - 5850 bytes

              Comment


              • #8
                Je logje ziet er goed uit.
                Update je versie van Java.

                Meldt of er nog problemen zijn.

                Comment


                • #9
                  Hallo,

                  Ik ondervind geen problemen meer..
                  Bedankt daarvoor.

                  Je zegt dat ik mijn Java moet updaten maar als ik dat doe zie ik het volgende:

                  Gecontroleerde Java-versie
                  Gefeliciteerd!
                  U beschikt over de juiste Java-versie (Version 6 Update 5).


                  Dus zo te zien zit dit goed toch?

                  Comment


                  • #10
                    Zie http://java.sun.com/javase/downloads/index.jsp

                    Deze moet je hebben: Java Runtime Environment (JRE) 6 Update 6

                    Comment


                    • #11
                      Ok.. Bedankt Marckie voor alle hulp !!!!

                      Comment


                      • #12
                        Graag gedaan hoor.

                        Ga naar Start - Uitvoeren en tik in: ComboFix /u
                        Druk op Enter.

                        Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                        De status van deze thread zet ik op opgelost.
                        Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                        Happy surfing again.

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X