Mededeling

Collapse
No announcement yet.

HELP, mijn computer is gek geworden

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    HELP, mijn computer is gek geworden

    Zoals de titel al aangeeft is er iets aan de hand met mij PC. Nadat ik Windows XP opnieuw geinstalleerd heb, doet hij ontzettend raar. Firefox opent sommige websites niet, Internet Explorer geeft allemaal popups e.d.

    Ik heb Hitman Pro laten draaien, zonder succes. Deze heb ik daarna verwijderd. Ik draai NOD32 en Sygate Personal Firewall Pro.

    Dit is mijn Hijackthis log:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:03, on 10-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Download Mover\DLMov.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 127.255.255.255 newsleecher.com
O1 - Hosts: 127.255.255.255 www.newsleecher.com
O1 - Hosts: 72.55.172.157 secure.newsleecher.com
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [443056b6] rundll32.exe "C:\WINDOWS\system32\ekftppmm.dll",b
O4 - HKLM\..\Run: [BM4703652a] Rundll32.exe "C:\WINDOWS\system32\rrlftjew.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DLMov.lnk = C:\Program Files\Download Mover\DLMov.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6745 bytes
    Labels: Geen
    • Citaat
  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    Post ook een nieuw logje van Hijackthis
    • Citaat

    Comment

    • #3
      Na het opnieuw opstarten kreeg ik een tweetal errors:

      1
      Code:
      De toepassing of DLL-bestand C:\WINDOWS\system32\rrlftjew.dll is geen geldige Windows-kopie. Controleer dit op uw installatiediskette.
      2
      Code:
      Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\rrlftjew.dll
%1 is geen geldige Win32-toepassing.
      De log van Anti-malware scan
      Code:
      Malwarebytes' Anti-Malware 1.12
Database versie: 738

Scan type: Snelle Scan
Objecten gescand: 32951
Verstreken tijd: 3 minute(s), 14 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 2
Registersleutels geïnfecteerd: 13
Registerwaarden geïnfecteerd: 3
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 6

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\ekftppmm.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\fccddDSj.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2fa7c49-713d-4b20-83d8-0bc0b69c727a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2fa7c49-713d-4b20-83d8-0bc0b69c727a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\443056b6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4703652a (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccdddsj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccdddsj  -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\ekftppmm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mmpptfke.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccddDSj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jSDddccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jSDddccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrlftjew.dll (Trojan.Agent) -> Delete on reboot.
      En een nieuwe Hijackthis log:
      Code:
      Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:40, on 10-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Download Mover\DLMov.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 127.255.255.255 newsleecher.com
O1 - Hosts: 127.255.255.255 www.newsleecher.com
O1 - Hosts: 72.55.172.157 secure.newsleecher.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {a5c12d40-1895-c47b-f6e4-32075379743b} - {b3479735-7023-4e6f-b74c-598104d21c5a} - C:\WINDOWS\system32\coxlnwld.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DLMov.lnk = C:\Program Files\Download Mover\DLMov.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ddcYqrRj - ddcYqrRj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7026 bytes
      • Citaat

      Comment

      • #4
        Start Hijackthis en vink alleen de volgende regels aan:
        O2 - BHO: {a5c12d40-1895-c47b-f6e4-32075379743b} - {b3479735-7023-4e6f-b74c-598104d21c5a} - C:\WINDOWS\system32\coxlnwld.dll
        O20 - Winlogon Notify: ddcYqrRj - ddcYqrRj.dll (file missing)
        Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log
        • Citaat

        Comment

        • #5
          Log 1:
          Code:
          ---RVAXO.exe Updated: [b]2008-05-10[/b]---first run--- 
[b]Uninstallers:[/b] 
 
[b]Files found:[/b] 
C:\WINDOWS\BM4703652a.xml
C:\WINDOWS\BM4703652a.txt
C:\WINDOWS\system32\ddcYqrRj.dll__DELETE_ON_REBOOT
C:\WINDOWS\system32\jSDddccf.ini2
C:\WINDOWS\pskt.ini 
C:\WINDOWS\system32\clkcnt.txt 
 
[b]Folders Found:[/b] 
 
Hosts-file was reset, If you use a custom hosts file please replace it... 
 
--------------RVAXO.exe last run--------------- 
[b]Not deleted items:[/b] 
 
--------------RVAXO.exe finished----------------
          Log 2
          Code:
           ======C:\WINDOWS====
----a-w                 0 2008-05-10 21:01:57  C:\WINDOWS\0.log
--s-a-w             2,048 2008-05-10 21:01:34  C:\WINDOWS\bootstat.dat
----a-w                 0 2008-04-21 15:06:05  C:\WINDOWS\control.ini
----a-w               416 2008-04-24 10:45:46  C:\WINDOWS\MAXLINK.INI
----a-w             1,169 2008-04-25 16:40:44  C:\WINDOWS\mozver.dat
----a-w                69 2008-04-28 09:39:14  C:\WINDOWS\NeroDigital.ini
----a-w                 0 2008-04-22 18:11:18  C:\WINDOWS\nsreg.dat
----a-w           103,386 2008-05-10 20:58:35  C:\WINDOWS\ntbtlog.txt
----a-w             4,207 2008-04-21 15:05:57  C:\WINDOWS\ODBCINST.INI
----a-w             8,192 2008-04-21 15:08:11  C:\WINDOWS\REGLOCS.OLD
----a-w             7,278 2008-05-10 20:56:49  C:\WINDOWS\SchedLgU.Txt
----a-w               165 2008-04-24 10:47:49  C:\WINDOWS\setup.iss
----a-w                 0 2008-04-21 16:58:46  C:\WINDOWS\Sti_Trace.log
----a-w               231 2008-04-21 16:57:47  C:\WINDOWS\system.ini
----a-w                36 2008-04-21 15:04:03  C:\WINDOWS\vb.ini
----a-w                37 2008-04-21 15:04:03  C:\WINDOWS\vbaddin.ini
----a-w               159 2008-05-10 21:01:56  C:\WINDOWS\wiadebug.log
----a-w                49 2008-05-10 21:01:54  C:\WINDOWS\wiaservc.log
----a-w               674 2008-05-07 09:08:40  C:\WINDOWS\win.ini
---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\WindowsShell.Manifest
----a-w         1,601,262 2008-05-10 20:56:42  C:\WINDOWS\WindowsUpdate.log
----a-w           316,640 2008-04-25 19:06:10  C:\WINDOWS\WMSysPr9.prx
----a-w           299,552 2008-04-21 15:06:02  C:\WINDOWS\WMSysPrx.prx

 Entries:               23  (21)
 Directories:            0  Files:            23
 Bytes:          2,346,319  Blocks:        4,594
 ======C:\WINDOWS\system32=====
----a-w               261 2008-04-21 15:07:33  C:\WINDOWS\System32\$winnt$.inf
----a-w            16,832 2008-04-21 15:06:03  C:\WINDOWS\System32\amcompat.tlb
---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\cdplayer.exe.manifest
----a-w             2,845 2008-04-21 15:06:05  C:\WINDOWS\System32\CONFIG.NT
------w            91,712 2008-05-10 16:56:37  C:\WINDOWS\System32\ekftppmm.dll
----a-w            21,748 2008-04-21 15:04:04  C:\WINDOWS\System32\emptyregdb.dat
------w           281,600 2008-05-10 16:56:38  C:\WINDOWS\System32\fccddDSj.dll
----a-w             2,112 2008-05-10 09:06:36  C:\WINDOWS\System32\fgcqfoaw.exe
----a-w         1,556,912 2008-04-28 10:17:36  C:\WINDOWS\System32\FNTCACHE.DAT
----a-w                 0 2008-04-21 17:00:12  C:\WINDOWS\System32\h323log.txt
----a-w           298,104 2008-04-24 17:04:12  C:\WINDOWS\System32\imon.dll
--sh--w         1,516,439 2008-05-09 08:24:19  C:\WINDOWS\System32\jbttdyif.ini
--sha-w           204,732 2008-05-10 16:57:19  C:\WINDOWS\System32\jSDddccf.ini
----a-w             6,300 2008-05-06 12:05:35  C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
---ha-r               488 2008-04-21 15:05:26  C:\WINDOWS\System32\logonui.exe.manifest
----a-w             2,112 2008-05-07 07:57:29  C:\WINDOWS\System32\mckvgbaj.exe
----a-w             2,112 2008-05-09 08:27:42  C:\WINDOWS\System32\mqxakvpu.exe
---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\ncpa.cpl.manifest
----a-w            23,392 2008-04-21 15:06:03  C:\WINDOWS\System32\nscompat.tlb
---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\nwc.cpl.manifest
----a-w            53,608 2008-05-02 10:40:49  C:\WINDOWS\System32\perfc009.dat
----a-w            70,426 2008-05-02 10:40:49  C:\WINDOWS\System32\perfc013.dat
----a-w           383,254 2008-05-02 10:40:49  C:\WINDOWS\System32\perfh009.dat
----a-w           444,960 2008-05-02 10:40:49  C:\WINDOWS\System32\perfh013.dat
----a-w           955,856 2008-05-02 10:40:48  C:\WINDOWS\System32\PerfStringBackup.INI
------w           100,416 2008-05-10 16:56:38  C:\WINDOWS\System32\rrlftjew.dll
----a-w           818,420 2008-05-10 10:18:24  C:\WINDOWS\System32\RVAXO.bat
---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\sapi.cpl.manifest
----a-w               253 2008-04-25 19:05:48  C:\WINDOWS\System32\spupdwxp.log
----a-w                 0 2008-05-10 09:20:53  C:\WINDOWS\System32\tesseract.log
----a-w           138,760 2008-04-26 21:47:32  C:\WINDOWS\System32\TZLog.log
----a-w           151,566 2008-04-24 10:48:01  C:\WINDOWS\System32\UninstIPP.isu
----a-w           102,976 2008-05-09 08:27:43  C:\WINDOWS\System32\uywchxsx.dll
--sh--w         1,514,689 2008-05-10 09:02:27  C:\WINDOWS\System32\vyuxkmjx.ini
----a-w           108,608 2008-05-07 07:51:30  C:\WINDOWS\System32\whwxtlkx.dll
---ha-r               488 2008-04-21 15:05:26  C:\WINDOWS\System32\WindowsLogon.manifest
----a-w            25,065 2008-04-21 15:41:47  C:\WINDOWS\System32\wmpscheme.xml
----a-w            13,700 2008-04-25 19:10:11  C:\WINDOWS\System32\wpa.bak
----a-w            13,700 2008-05-09 08:21:30  C:\WINDOWS\System32\wpa.dbl
---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\wuaucpl.cpl.manifest

 Entries:               40  (30)
 Directories:            0  Files:            40
 Bytes:          8,928,191  Blocks:       17,457
 ======C:\WINDOWS\system32\drivers=====
----a-w           512,096 2008-04-24 17:04:12  C:\WINDOWS\System32\drivers\amon.sys
----a-w            15,864 2008-05-05 18:46:32  C:\WINDOWS\System32\drivers\mbam.sys
----a-w            27,048 2008-05-05 18:46:36  C:\WINDOWS\System32\drivers\mbamcatchme.sys
----a-w            15,424 2008-04-24 17:04:11  C:\WINDOWS\System32\drivers\nod32drv.sys

 Entries:                4  (4)
 Directories:            0  Files:             4
 Bytes:            570,432  Blocks:        1,116
 =======C:\Program Files=====
 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0
 =======C:=====
----a-w                 0 2008-04-21 15:06:05  C:\AUTOEXEC.BAT
--sha-r               211 2008-04-25 17:04:29  C:\boot.ini
----a-w                 0 2008-04-21 15:06:05  C:\CONFIG.SYS
----a-w               407 2008-05-10 21:00:44  C:\firstrun6.log
--sha-w       535,351,296 2008-05-10 21:01:33  C:\hiberfil.sys
----a-w               164 2008-05-07 09:08:13  C:\install.dat
--sha-r                 0 2008-04-21 15:06:05  C:\IO.SYS
--sha-r                 0 2008-04-21 15:06:05  C:\MSDOS.SYS
--sha-r            47,564 2008-04-25 16:58:13  C:\NTDETECT.COM
--sha-r           251,184 2008-04-25 16:58:13  C:\ntldr
--sha-w       805,306,368 2008-05-10 21:01:32  C:\pagefile.sys
----a-w               542 2008-05-10 21:03:02  C:\RVAXO-results.log
----a-w             5,965 2008-05-10 21:03:02  C:\RVAXO-Vfind.log
----a-w             6,374 2008-04-28 10:15:14  C:\WPI_Software_Log.txt

 Entries:               14  (7)
 Directories:            0  Files:            14
 Bytes:       1,340,970,075  Blocks:    2,619,086
 ======C:\Documents and Settings\Frank en Ellen\Application Data======
--sha-w                62 2008-04-21 16:57:31  C:\Documents and Settings\Frank en Ellen\Application Data\desktop.ini

 Entries:                1  (0)
 Directories:            0  Files:             1
 Bytes:                 62  Blocks:            1
 ======C:\Documents and Settings\Frank en Ellen======
---ha-w         3,670,016 2008-05-10 20:56:48  C:\Documents and Settings\Frank en Ellen\NTUSER.DAT
---ha-w            94,208 2008-05-10 21:02:59  C:\Documents and Settings\Frank en Ellen\ntuser.dat.LOG
--sh--w               188 2008-05-10 20:56:48  C:\Documents and Settings\Frank en Ellen\ntuser.ini

 Entries:                3  (0)
 Directories:            0  Files:             3
 Bytes:          3,764,412  Blocks:        7,353
 ======C:\WINDOWS\Downloaded Program Files====
---h--w                65 2008-04-21 15:05:26  C:\WINDOWS\Downloaded Program Files\desktop.ini

 Entries:                1  (0)
 Directories:            0  Files:             1
 Bytes:                 65  Blocks:            1
 =============
          • Citaat

          Comment

          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\System32\ekftppmm.dll
            C:\WINDOWS\System32\fccddDSj.dll
            C:\WINDOWS\System32\fgcqfoaw.exe
            C:\WINDOWS\System32\jbttdyif.ini
            C:\WINDOWS\System32\jSDddccf.ini
            C:\WINDOWS\System32\mckvgbaj.exe
            C:\WINDOWS\System32\mqxakvpu.exe
            C:\WINDOWS\System32\rrlftjew.dll
            C:\WINDOWS\System32\uywchxsx.dll
            C:\WINDOWS\System32\vyuxkmjx.ini
            C:\WINDOWS\System32\whwxtlkx.dll) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.
            • Citaat

            Comment

            • #7
              Code:
              Deleting files
C:\WINDOWS\System32\ekftppmm.dll deleted
C:\WINDOWS\System32\fccddDSj.dll deleted
C:\WINDOWS\System32\fgcqfoaw.exe deleted
C:\WINDOWS\System32\jbttdyif.ini deleted
C:\WINDOWS\System32\jSDddccf.ini deleted
C:\WINDOWS\System32\mckvgbaj.exe deleted
C:\WINDOWS\System32\mqxakvpu.exe deleted
C:\WINDOWS\System32\rrlftjew.dll deleted
C:\WINDOWS\System32\uywchxsx.dll deleted
C:\WINDOWS\System32\vyuxkmjx.ini deleted
C:\WINDOWS\System32\whwxtlkx.dll deleted
              • Citaat

              Comment

              • #8
                Ik denk dat we inmiddels bijna alles verwijderd hebben

                Download Deckard's System Scanner naar je Bureaublad.
                • Sluit alle toepassingen en vensters.
                • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
                • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
                • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

                Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
                - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
                Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
                Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
                • Citaat

                Comment

                • #9
                  Nadat DSS.exe heeft gescand e.d. geeft hij deze error, en komt er geen logfile:

                  In dss.exe is een fout opgetreden en moet worden afgesloten. Onze excuses voor dit ongemak.

                  Met daar onder zo'n Rapport verzenden en Niet verzenden knop.

                  Ik merk trouwens niets meer van de problemen die ik eerst had, bedankt!
                  • Citaat

                  Comment

                  • #10
                    Download Combofix eens en maak daar een logje mee, post dat in je volgende bericht.
                    • Citaat

                    Comment

                    • #11
                      Code:
                      ComboFix 08-05-11.1 - Frank en Ellen 2008-05-12 12:08:45.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1043.18.203 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Frank en Ellen\Bureaublad\ComboFix.exe
 * Nieuw herstelpunt werd aangemaakt
 * Resident AV is active


[color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
.

((((((((((((((((((((   Bestanden Gemaakt van 2008-04-12 to 2008-05-12  ))))))))))))))))))))))))))))))
.

2008-05-12 09:48 . 2008-05-12 09:48	<DIR>	d--------	C:\Deckard
2008-05-10 23:01 . 2008-05-11 10:15	<DIR>	d--------	C:\RVAXO
2008-05-10 22:59 . 2008-05-10 12:18	818,420	--a------	C:\WINDOWS\system32\RVAXO.bat
2008-05-10 22:59 . 2001-10-01 14:51	69,632	--a------	C:\WINDOWS\system32\remove.exe
2008-05-10 22:58 . 2008-04-21 17:03	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Sjablonen
2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Onlangs geopend
2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--------	C:\Documents and Settings\Administrator\Mijn documenten
2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	dr-------	C:\Documents and Settings\Administrator\Menu Start
2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--------	C:\Documents and Settings\Administrator\Favorieten
2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--------	C:\Documents and Settings\Administrator\Bureaublad
2008-05-10 22:58 . 2008-05-10 22:58	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-05-10 22:58 . 2008-05-12 12:08	1,024	--ah-----	C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-10 18:52 . 2008-05-10 18:52	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-05-10 18:52 . 2008-05-10 18:52	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Malwarebytes
2008-05-10 18:52 . 2008-05-10 18:52	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 18:52 . 2008-05-05 20:46	27,048	--a------	C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-10 18:52 . 2008-05-05 20:46	15,864	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-05-10 16:23 . 2008-05-10 23:04	<DIR>	dr-h-----	C:\Documents and Settings\Frank en Ellen\Onlangs geopend
2008-05-10 13:07 . 2008-05-10 13:07	<DIR>	d--------	C:\Program Files\Trend Micro
2008-05-07 11:25 . 2008-05-10 13:17	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Lavasoft
2008-05-07 11:08 . 2008-05-07 11:08	164	--a------	C:\install.dat
2008-05-07 11:07 . 2008-05-10 13:17	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-05-07 11:07 . 2008-05-10 13:17	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 11:06 . 2005-08-25 18:19	115,920	--a------	C:\WINDOWS\system32\MSINET.OCX
2008-05-07 11:03 . 2008-05-10 11:27	<DIR>	d--------	C:\Temp
2008-05-07 11:03 . 2008-05-07 11:03	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Prevx
2008-05-07 11:00 . 2008-05-07 11:00	<DIR>	d--------	C:\Program Files\SurfRight
2008-05-07 11:00 . 2008-05-07 11:00	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SurfRight
2008-05-07 10:56 . 2008-05-07 10:56	<DIR>	d--------	C:\WINDOWS\system32\GroupPolicy
2008-05-07 10:56 . 2008-05-10 13:18	<DIR>	d--------	C:\Program Files\Hitman Pro
2008-05-06 17:25 . 2008-05-06 17:26	<DIR>	d--------	C:\Program Files\mp3DirectCut
2008-05-06 17:23 . 2008-05-06 17:23	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Thinstall
2008-05-06 14:41 . 2008-03-01 15:05	6,066,176	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-06 14:41 . 2007-04-17 11:32	2,455,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-06 14:41 . 2007-03-08 07:11	1,032,192	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-06 14:41 . 2008-03-01 15:05	459,264	-----c---	C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-06 14:41 . 2008-03-01 15:05	383,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-06 14:41 . 2008-03-01 15:05	267,776	-----c---	C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-06 14:41 . 2008-03-01 15:05	63,488	-----c---	C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-06 14:41 . 2008-03-01 15:05	52,224	-----c---	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-06 14:41 . 2008-02-22 12:00	13,824	-----c---	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-06 14:40 . 2008-05-06 14:41	<DIR>	d--------	C:\WINDOWS\system32\nl-nl
2008-05-06 14:37 . 2007-08-13 18:54	33,792	--a--c---	C:\WINDOWS\system32\dllcache\custsat.dll
2008-05-06 14:23 . 2008-05-06 14:24	<DIR>	d--------	C:\Program Files\Download Mover
2008-05-06 14:18 . 2008-05-06 14:19	<DIR>	d--------	C:\Program Files\NewsLeecher
2008-05-06 14:05 . 2008-05-06 14:05	<DIR>	d--------	C:\WINDOWS\Sun
2008-05-06 14:05 . 2008-05-06 14:05	<DIR>	d--------	C:\Program Files\Java
2008-05-06 14:05 . 2008-02-22 02:33	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-05-06 14:04 . 2008-05-06 14:04	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-05-02 14:10 . 2008-05-06 14:18	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Downloads
2008-05-02 14:10 . 2008-05-06 14:20	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\NewsLeecher
2008-04-28 12:10 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-04-28 12:09 . 2008-04-28 12:09	<DIR>	d--------	C:\Program Files\MSBuild
2008-04-28 12:09 . 2008-04-28 12:09	<DIR>	d--------	C:\Program Files\Microsoft Works
2008-04-28 12:07 . 2008-04-28 12:07	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-04-28 12:05 . 2008-04-28 12:08	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2008-04-28 12:05 . 2008-04-28 12:05	<DIR>	dr-h-----	C:\MSOCache
2008-04-28 12:05 . 2008-04-28 12:14	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-28 12:03 . 2008-04-28 12:03	<DIR>	d--------	C:\Program Files\Notepad++
2008-04-28 12:03 . 2008-04-28 12:03	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Notepad++
2008-04-28 11:51 . 2008-04-28 11:51	<DIR>	d--------	C:\Program Files\Bonjour
2008-04-28 11:44 . 2008-04-28 11:44	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-04-28 11:02 . 2008-05-11 13:59	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-04-26 23:44 . 2008-04-26 23:44	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-04-26 19:14 . 2008-04-26 19:14	<DIR>	d--------	C:\Program Files\Google
2008-04-26 19:14 . 2008-05-11 12:33	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-26 19:06 . 2007-07-09 15:11	584,192	-----c---	C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-25 22:35 . 2003-02-28 18:26	139,536	--a------	C:\WINDOWS\system32\javaee.dll
2008-04-25 22:35 . 2003-02-28 18:26	46,352	--a------	C:\WINDOWS\setdebug.exe
2008-04-25 22:35 . 2003-02-28 16:54	7,315	--a------	C:\WINDOWS\system32\javasup.vxd
2008-04-25 22:35 . 2003-02-28 16:35	6,550	--a------	C:\WINDOWS\jautoexp.dat
2008-04-25 21:10 . 2008-04-25 21:10	13,700	--a------	C:\WINDOWS\system32\wpa.bak
2008-04-25 21:06 . 2008-04-25 21:06	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start
2008-04-25 21:03 . 2006-06-14 10:47	172,416	--a------	C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-25 21:03 . 2006-02-15 02:22	142,464	--a------	C:\WINDOWS\system32\drivers\aec.sys
2008-04-25 21:03 . 2006-06-14 11:00	82,944	--a------	C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-25 21:03 . 2004-08-03 23:15	60,800	--a------	C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-25 21:03 . 2001-08-17 22:00	54,272	--a------	C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-25 21:03 . 2004-08-03 23:07	52,864	--a------	C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-25 21:03 . 2006-06-14 10:47	6,400	--a------	C:\WINDOWS\system32\drivers\splitter.sys
2008-04-25 21:03 . 2004-08-03 23:07	2,944	--a------	C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-25 19:04 . 2008-04-25 21:06	316,640	--a------	C:\WINDOWS\WMSysPr9.prx
2008-04-25 19:01 . 2008-04-25 19:01	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-04-25 18:57 . 2004-07-17 11:40	19,528	--a------	C:\WINDOWS\[u]0[/u]02280_.tmp
2008-04-25 18:55 . 2008-04-25 18:55	<DIR>	d--------	C:\WINDOWS\EHome
2008-04-25 18:40 . 2008-04-25 18:40	1,169	--a------	C:\WINDOWS\mozver.dat
2008-04-24 19:22 . 2008-04-24 19:22	<DIR>	d--------	C:\Program Files\Winamp
2008-04-24 19:22 . 2008-04-24 19:22	<DIR>	d--------	C:\Program Files\Van Dale - Pocketwoordenboeken
2008-04-24 19:22 . 2008-04-24 19:22	<DIR>	d--------	C:\Program Files\Unlocker
2008-04-24 19:22 . 2008-04-24 19:22	<DIR>	d--------	C:\Program Files\Sygate
2008-04-24 19:22 . 2008-05-11 20:53	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Winamp
2008-04-24 19:22 . 2004-08-10 17:05	83,096	--a------	C:\WINDOWS\system32\SSSensor.dll
2008-04-24 19:22 . 2004-08-10 16:51	59,984	--a------	C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-24 19:22 . 2004-08-10 16:53	21,075	--a------	C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-24 19:22 . 2004-08-10 17:05	14,240	--a------	C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-24 19:22 . 2004-08-10 17:05	14,240	--a------	C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-24 19:22 . 2004-08-10 17:05	14,240	--a------	C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-24 19:22 . 2004-08-10 17:05	14,240	--a------	C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-24 19:21 . 2008-04-24 19:21	<DIR>	d--------	C:\Program Files\QuickPar
2008-04-24 19:21 . 2007-06-13 11:14	676,224	--a------	C:\WINDOWS\system32\OGACheckControl.DLL
2008-04-24 19:04 . 2008-05-10 13:17	<DIR>	d--------	C:\Program Files\Lavasoft
2008-04-24 19:04 . 2008-05-10 12:33	<DIR>	d--------	C:\Program Files\ESET
2008-04-24 19:04 . 2008-04-24 19:04	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 19:04 . 2008-04-24 19:04	512,096	--a------	C:\WINDOWS\system32\drivers\amon.sys
2008-04-24 19:04 . 2008-04-24 19:04	298,104	--a------	C:\WINDOWS\system32\imon.dll
2008-04-24 19:04 . 2008-04-24 19:04	15,424	--a------	C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-24 19:03 . 2008-04-24 19:03	<DIR>	d--------	C:\Program Files\CCleaner
2008-04-24 18:58 . 2008-04-28 11:51	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-04-24 18:56 . 2008-04-28 11:41	<DIR>	d--------	C:\Program Files\Nero
2008-04-24 18:56 . 2008-04-24 18:56	<DIR>	d--------	C:\Program Files\Common Files\Nero
2008-04-24 18:56 . 2008-04-24 18:56	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Nero
2008-04-24 18:56 . 2006-03-17 11:45	1,757,184	--a------	C:\WINDOWS\system32\imagX7.dll
2008-04-24 18:56 . 2006-03-17 11:45	802,816	--a------	C:\WINDOWS\system32\imagXRA7.dll
2008-04-24 18:56 . 2006-03-17 11:45	497,296	--a------	C:\WINDOWS\system32\imagXpr7.dll
2008-04-24 18:56 . 2006-03-17 14:49	368,640	--a------	C:\WINDOWS\system32\TwnLib4.dll
2008-04-24 18:56 . 2006-03-17 11:45	258,048	--a------	C:\WINDOWS\system32\imagXR7.dll
2008-04-24 13:49 . 2008-04-24 13:49	<DIR>	d--------	C:\WINDOWS\system32\bits
2008-04-24 13:49 . 2008-05-07 10:05	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2008-04-24 13:49 . 2006-09-06 17:43	22,752	--a------	C:\WINDOWS\system32\spupdsvc.exe
2008-04-24 13:10 . 2004-08-04 01:03	351,232	--a------	C:\WINDOWS\system32\winhttp.dll
2008-04-24 13:10 . 2004-08-04 01:03	18,944	--a------	C:\WINDOWS\system32\qmgrprxy.dll
2008-04-24 13:10 . 2004-08-04 01:03	8,192	---------	C:\WINDOWS\system32\bitsprx2.dll
2008-04-24 13:10 . 2004-08-04 01:03	7,168	---------	C:\WINDOWS\system32\bitsprx3.dll
2008-04-24 13:01 . 2007-07-30 19:19	549,720	--a------	C:\WINDOWS\system32\wuapi.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 15:06	---------	d-----w	C:\Program Files\microsoft frontpage
2008-04-21 15:05	558,142	----a-w	C:\WINDOWS\java\Packages\TV9NXR3X.ZIP
2008-04-21 15:05	155,995	----a-w	C:\WINDOWS\java\Packages\2OG5VB9F.ZIP
2008-03-20 08:10	1,845,376	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-01 13:05	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:05 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-13 00:23 32768]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-24 19:04 949376]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 09:58 15360]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 05:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\Frank en Ellen\Menu Start\Programma's\Opstarten\
DLMov.lnk - C:\Program Files\Download Mover\DLMov.exe [2008-05-06 14:23:20 753664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S1 ctredr15.sys;ctredr15.sys;C:\WINDOWS\system32\drivers\ctredr15.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 12:10:45
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Voltooingstijd: 2008-05-12 12:11:11
ComboFix-quarantined-files.txt  2008-05-12 10:11:07

Pre-Run: 20,409,417,728 bytes beschikbaar
Post-Run: 20,400,312,320 bytes beschikbaar

199	--- E O F ---	2008-05-10 21:23:23
                      • Citaat

                      Comment

                      • #12
                        Het lijkt mij allemaal schoon

                        Ga naar Start - Uitvoeren en geef daar het volgende in:
                        Combofix /u
                        Druk op OK.

                        Combofix wordt dan weer verwijderd.
                        • Citaat

                        Comment

                        • #13
                          Smeenk, enorm bedankt! Mijn moeder is heel blij, zegt ze.

                          Alles werkt nu zoals het hoort.
                          • Citaat

                          Comment

                          • #14
                            Graag gedaan hoor
                            • Citaat

                            Comment

                            Vorige template Volgende
                            Sorry, you are not authorized to view this page
                            Working...
                            X