Mededeling

Collapse
No announcement yet.

grote problemen

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    grote problemen

    gisteren in deze gepost http://www.nucia.eu/forum/showthread.php?p=340458#post340458
    toch nog even laptop gestart gekregen en vlug een hijack gemaakt
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:53:46, on 1/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    E:\iTunesHelper.exe
    C:\Program Files\Pando Networks\Pando\Pando.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Ringo\Hub.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be.8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\,WWWWW),)W),WW))W,.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] F:\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Service Defender] C:\WINDOWS\system32\,WWWWW),)W),WW))W,.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Ringo Launcher.lnk = C:\Program Files\Ringo\Hub.exe
    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Translate with &Babylon - res://F:\Babylon\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://games.bigfishgames.com/en_ricochetlostworlds/online/ReflexiveWebGameLoader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.chat-united.com/controls/msnchat45.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
    O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 9727 bytes

    post deze weer via pc want weet niet of laptop lang uithoud
    groetjes tina


    ps:is weer zo ver staat nog onderaan
    technische informatie (mogelijk in engels )
    ***stop:0x00000077(0xc000000E,0x00000000,0x048R7000) bezig met starten fysieke geheugendump
    Last edited by tinaa; 01-05-08, 09:18. Reden: fout herhaald zich
    groeten Tinaa
    Labels: Geen
    • Citaat
  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd
    • Citaat

    Comment

    • #3
      hier dan mijn combofix log
      ComboFix 08-04-29.5 - Administrator 2008-05-01 20:58:17.5 - FAT32x86
      Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))
      .

      2008-05-01 20:27 . 2008-05-01 20:27 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-05-01 20:22 . 2008-05-01 20:22 <DIR> d--hs---- C:\FOUND.025
      2008-04-30 20:21 . 2008-04-30 20:21 <DIR> d--hs---- C:\FOUND.024
      2008-04-29 23:13 . 2008-04-29 23:13 <DIR> d--hs---- C:\FOUND.023
      2008-04-27 15:23 . 2008-04-27 15:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Awem
      2008-04-27 07:33 . 2008-04-27 07:33 <DIR> d--hs---- C:\FOUND.022
      2008-04-26 09:34 . 2008-04-26 09:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
      2008-04-22 18:06 . 2008-04-22 18:06 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Menu Start
      2008-04-22 16:30 . 2008-04-22 16:30 <DIR> d-------- C:\WINDOWS\provisioning
      2008-04-22 16:30 . 2008-04-22 16:30 <DIR> d-------- C:\WINDOWS\peernet
      2008-04-22 14:23 . 2004-08-04 09:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
      2008-04-22 12:33 . 2008-04-22 12:33 <DIR> d-------- C:\WINDOWS\system32\URTTemp
      2008-04-18 23:29 . 2008-04-18 23:29 <DIR> d-------- C:\Program Files\Project64 1.6
      2008-04-18 20:33 . 2008-04-18 20:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\funkitron

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-26 18:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NeptunesAdve
      2008-03-26 18:13 --------- d-----w C:\Program Files\ReflexiveArcade
      2008-03-17 08:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Pirateville
      2008-03-08 11:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Montecristo
      2008-03-06 13:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\IM
      2008-03-06 13:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail
      2008-03-05 15:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cerasus.media
      2008-01-20 22:48 13,312 --sha-w C:\Program Files\Thumbs.db
      2007-10-22 11:41 28,764,616 ----a-w C:\Program Files\FileFormatConverters.exe
      2007-08-11 15:58 123,145 ----a-w C:\Program Files\Uninstal.exe
      2007-07-29 19:31 74,304 ----a-w C:\Program Files\Uninstall.ini
      2007-07-29 19:31 285,556 ----a-w C:\Program Files\Uninstall.exe
      2007-07-10 14:57 4,079,616 ----a-w C:\Program Files\Lottso2.exe
      2007-07-10 14:54 114,939 ----a-w C:\Program Files\INSTALL.LOG
      2007-07-10 14:54 1,447 ----a-w C:\Program Files\install.sss
      2007-07-02 03:13 92,728 ----a-w C:\Program Files\Bass.dll
      2007-07-02 03:13 9,662 ----a-w C:\Program Files\pogo.ico
      2007-07-02 03:13 766 ----a-w C:\Program Files\lottso.ico
      2007-07-02 03:13 741,376 ----a-w C:\Program Files\Launch.exe
      2007-07-02 03:13 626,688 ----a-w C:\Program Files\msvcr80.dll
      2007-07-02 03:13 548,864 ----a-w C:\Program Files\msvcp80.dll
      2007-07-02 03:13 490 ----a-w C:\Program Files\Microsoft.VC80.CRT.manifest
      2007-07-02 03:13 15,559 ----a-w C:\Program Files\Readme.txt
      2007-07-02 03:13 1,578 ----a-w C:\Program Files\Pogo Games.lnk
      2007-06-13 08:56 392 ----a-w C:\Program Files\Snelkoppeling naar IncrediMail.lnk
      2007-05-17 13:55 108,330 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\firstlsp.reg.dat
      2005-01-19 11:49 19,456 ----a-w C:\Program Files\ingrid.doc
      2003-12-19 18:36 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 13:01 598920]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]
      "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CPATR10"="C:\PROGRA~1\EzButton\CPATR10.EXE" [2002-03-25 17:26 147456]
      "B'sCLiP"="C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe" [2004-01-08 19:10 1392640]
      "AtiPTA"="atiptaxx.exe" [2001-12-21 23:58 307200 C:\WINDOWS\system32\atiptaxx.exe]
      "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2001-10-19 20:46 118784]
      "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]
      "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
      "avgnt"="C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" [2007-04-02 10:35 327720]
      "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
      "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-12 02:18 1838592]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "Babylon Client"="F:\Babylon\Babylon.exe" [ ]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
      "iTunesHelper"="E:\iTunesHelper.exe" [2007-03-14 19:05 257088]
      "Service Defender"="C:\WINDOWS\system32\" [2004-02-01 16:38 0]

      C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-23 17:30:33 113664]
      Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-23 17:30:33 113664]
      Ringo Launcher.lnk - C:\Program Files\Ringo\Hub.exe [2008-01-12 16:53:37 759344]
      Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-000000000002}\SC_Acrobat.exe [2007-06-21 16:10:06 25214]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
      backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Poort voor Symantec Fax Starter Edition.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk
      backup=C:\WINDOWS\pss\Poort voor Symantec Fax Starter Edition.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^RAMASST.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\RAMASST.lnk
      backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "C:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\IncrediMail\\BIN\\ImpCnt.exe"=

      R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2006-11-22 14:30]
      R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 01:07]
      R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-02-27 15:18]
      R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe" [2007-04-04 11:57]
      R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe" [2007-02-26 11:33]
      R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys [2004-01-08 16:41]
      R2 DPortIO;Dritek Port I/O Driver;C:\WINDOWS\system32\Drivers\DPortIO.sys [2001-04-12 16:04]
      S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]

      *Newly Created Service* - CATCHME
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-03-25 04:59:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-01 21:02:39
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scannen van verborgen processen ...

      C:\WINDOWS\Explorer.EXE [220] 0xFDECD7A8

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-05-01 21:04:33
      ComboFix3.txt 2007-09-19 06:16:40
      ComboFix-quarantined-files.txt 2008-05-01 19:04:10
      ComboFix2.txt 2008-05-01 18:43:20

      Pre-Run: 1,093,091,328 bytes beschikbaar
      Post-Run: 1,058,832,384 bytes beschikbaar

      WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
      C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

      150 --- E O F --- 2008-04-22 15:59:11


      en hier mijn hyjack this log je


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:09:19, on 1/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
      C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
      C:\WINDOWS\System32\DVDRAMSV.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
      C:\WINDOWS\system32\atiptaxx.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
      C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      E:\iTunesHelper.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Pando Networks\Pando\Pando.exe
      C:\Program Files\Ringo\Hub.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\IncrediMail\bin\IMApp.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be.8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
      O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
      O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
      O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Babylon Client] F:\Babylon\Babylon.exe -AutoStart
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Service Defender] C:\WINDOWS\system32\,WWWWW),)W),WW))W,.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
      O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Ringo Launcher.lnk = C:\Program Files\Ringo\Hub.exe
      O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
      O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Translate with &Babylon - res://F:\Babylon\Utils\BabylonIEPI.dll/Translate.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://games.bigfishgames.com/en_ricochetlostworlds/online/ReflexiveWebGameLoader.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.chat-united.com/controls/msnchat45.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
      O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
      O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
      O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
      O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

      --
      End of file - 9769 bytes
      groeten Tinaa
      • Citaat

      Comment

      • #4
        Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

        O4 - HKLM\..\Run: [Service Defender] C:\WINDOWS\system32\,WWWWW),)W),WW))W,.exe

        Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

        Download Gmer en plaats het op je bureaublad.
        - Unzip het > open de map gmer > dubbelklik op gmer.exe.
        - Ga naar het tabblad Rootkit en klik op de Scan knop.
        (Als een rootkit actief is, kan het zijn dat Gmer zal vragen om een scan uit te voeren. Sta dit toe.)
        - Als de scan klaar is klik je op de knop Copy.
        - Via CTRL+V kan je de volledige inhoud van het gmerlogje in je volgende post plakken.
        Groet,
        Pimmerd
        • Citaat

        Comment

        • #5
          hier hetgmer logje
          GMER 1.0.14.14205 - http://www.gmer.net
          Rootkit scan 2008-05-02 00:03:01
          Windows 5.1.2600 Service Pack 2


          ---- Kernel code sections - GMER 1.0.14 ----

          ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Het systeem kan het opgegeven bestand niet vinden. !
          ? C:\ComboFix\catchme.sys Het systeem kan het opgegeven pad niet vinden. !

          ---- Devices - GMER 1.0.14 ----

          Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)
          Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)

          AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira Antivir File Filter Driver Manager/AVIRA GmbH)

          Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)

          ---- EOF - GMER 1.0.14 ----
          groeten Tinaa
          • Citaat

          Comment

          • #6
            Hoe is het inmiddels met je problemen Tina?
            Groet,
            Pimmerd
            • Citaat

            Comment

            • #7
              heb nu mijn laptopke terug aangezet deze morgen okk effe aangestoken om te zien of het nog werkte en kreeg geen melding ,
              maar dat logje van gmer is dat zo kort of heb ik iets fout gedaan .
              En wat ik ook nog wilde vragen was wat haperde er nu eigenlijk aan had ik iets verkeerd gedaan of binnen gekregen
              groeten Tinaa
              • Citaat

              Comment

              • #8
                Ik snap weinig van je bericht Is het probleem nou wel of niet opgelost?
                Dat logje hoort zo kort te zijn.
                Groet,
                Pimmerd
                • Citaat

                Comment

                • #9
                  hoe je begrijpt niks van mijn berichtje ,ik schreef toch dat ik geen melding meer gekregen heb dus ik denk dat het opgelost is ,ben nu al heel de avond bezig .
                  Mijn andere vraag was wat er juist haperde dat ik dit bericht kreeg .
                  Dank vor je hulp
                  groeten Tinaa
                  • Citaat

                  Comment

                  • #10
                    Ik moet je teksten echt ontcijferen in goed Nederlands, daarom snap ik er echt niks van.

                    Je had inderdaad iets verkeerds binnen gehaalt
                    Groet,
                    Pimmerd
                    • Citaat

                    Comment

                    • #11
                      dank u wel voor je hulp en deze topic mag als opgelost gezet worden .
                      Sorry voor mijn slechte uitleg dan
                      groetjes tina
                      groeten Tinaa
                      • Citaat

                      Comment

                      • #12
                        Graag gedaan Tina
                        Groet,
                        Pimmerd
                        • Citaat

                        Comment

                        Vorige template Volgende
                        Sorry, you are not authorized to view this page
                        Working...
                        X