Mededeling

Collapse
No announcement yet.

HELP, mijn computer is gek geworden

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • HELP, mijn computer is gek geworden

    Zoals de titel al aangeeft is er iets aan de hand met mij PC. Nadat ik Windows XP opnieuw geinstalleerd heb, doet hij ontzettend raar. Firefox opent sommige websites niet, Internet Explorer geeft allemaal popups e.d.

    Ik heb Hitman Pro laten draaien, zonder succes. Deze heb ik daarna verwijderd. Ik draai NOD32 en Sygate Personal Firewall Pro.

    Dit is mijn Hijackthis log:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:18:03, on 10-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Download Mover\DLMov.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 127.255.255.255 newsleecher.com
    O1 - Hosts: 127.255.255.255 www.newsleecher.com
    O1 - Hosts: 72.55.172.157 secure.newsleecher.com
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [443056b6] rundll32.exe "C:\WINDOWS\system32\ekftppmm.dll",b
    O4 - HKLM\..\Run: [BM4703652a] Rundll32.exe "C:\WINDOWS\system32\rrlftjew.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: DLMov.lnk = C:\Program Files\Download Mover\DLMov.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    
    --
    End of file - 6745 bytes

  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      Na het opnieuw opstarten kreeg ik een tweetal errors:

      1
      Code:
      De toepassing of DLL-bestand C:\WINDOWS\system32\rrlftjew.dll is geen geldige Windows-kopie. Controleer dit op uw installatiediskette.
      2
      Code:
      Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\rrlftjew.dll
      %1 is geen geldige Win32-toepassing.
      De log van Anti-malware scan
      Code:
      Malwarebytes' Anti-Malware 1.12
      Database versie: 738
      
      Scan type: Snelle Scan
      Objecten gescand: 32951
      Verstreken tijd: 3 minute(s), 14 second(s)
      
      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 2
      Registersleutels geïnfecteerd: 13
      Registerwaarden geïnfecteerd: 3
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 6
      
      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)
      
      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\ekftppmm.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\fccddDSj.dll (Trojan.Vundo) -> Unloaded module successfully.
      
      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2fa7c49-713d-4b20-83d8-0bc0b69c727a} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{a2fa7c49-713d-4b20-83d8-0bc0b69c727a} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      
      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\443056b6 (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4703652a (Trojan.Agent) -> Quarantined and deleted successfully.
      
      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccdddsj -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccdddsj  -> Quarantined and deleted successfully.
      
      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)
      
      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\ekftppmm.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\mmpptfke.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\fccddDSj.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\jSDddccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jSDddccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\rrlftjew.dll (Trojan.Agent) -> Delete on reboot.
      En een nieuwe Hijackthis log:
      Code:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:00:40, on 10-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal
      
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sygate\SPF\smc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Unlocker\UnlockerAssistant.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Download Mover\DLMov.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O1 - Hosts: 127.255.255.255 newsleecher.com
      O1 - Hosts: 127.255.255.255 www.newsleecher.com
      O1 - Hosts: 72.55.172.157 secure.newsleecher.com
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: {a5c12d40-1895-c47b-f6e4-32075379743b} - {b3479735-7023-4e6f-b74c-598104d21c5a} - C:\WINDOWS\system32\coxlnwld.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: DLMov.lnk = C:\Program Files\Download Mover\DLMov.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
      O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
      O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O20 - Winlogon Notify: ddcYqrRj - ddcYqrRj.dll (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
      
      --
      End of file - 7026 bytes

      Comment


      • #4
        Start Hijackthis en vink alleen de volgende regels aan:
        O2 - BHO: {a5c12d40-1895-c47b-f6e4-32075379743b} - {b3479735-7023-4e6f-b74c-598104d21c5a} - C:\WINDOWS\system32\coxlnwld.dll
        O20 - Winlogon Notify: ddcYqrRj - ddcYqrRj.dll (file missing)

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

        Comment


        • #5
          Log 1:
          Code:
          ---RVAXO.exe Updated: [b]2008-05-10[/b]---first run--- 
          [b]Uninstallers:[/b] 
           
          [b]Files found:[/b] 
          C:\WINDOWS\BM4703652a.xml
          C:\WINDOWS\BM4703652a.txt
          C:\WINDOWS\system32\ddcYqrRj.dll__DELETE_ON_REBOOT
          C:\WINDOWS\system32\jSDddccf.ini2
          C:\WINDOWS\pskt.ini 
          C:\WINDOWS\system32\clkcnt.txt 
           
          [b]Folders Found:[/b] 
           
          Hosts-file was reset, If you use a custom hosts file please replace it... 
           
          --------------RVAXO.exe last run--------------- 
          [b]Not deleted items:[/b] 
           
          --------------RVAXO.exe finished----------------
          Log 2
          Code:
           ======C:\WINDOWS====
          ----a-w                 0 2008-05-10 21:01:57  C:\WINDOWS\0.log
          --s-a-w             2,048 2008-05-10 21:01:34  C:\WINDOWS\bootstat.dat
          ----a-w                 0 2008-04-21 15:06:05  C:\WINDOWS\control.ini
          ----a-w               416 2008-04-24 10:45:46  C:\WINDOWS\MAXLINK.INI
          ----a-w             1,169 2008-04-25 16:40:44  C:\WINDOWS\mozver.dat
          ----a-w                69 2008-04-28 09:39:14  C:\WINDOWS\NeroDigital.ini
          ----a-w                 0 2008-04-22 18:11:18  C:\WINDOWS\nsreg.dat
          ----a-w           103,386 2008-05-10 20:58:35  C:\WINDOWS\ntbtlog.txt
          ----a-w             4,207 2008-04-21 15:05:57  C:\WINDOWS\ODBCINST.INI
          ----a-w             8,192 2008-04-21 15:08:11  C:\WINDOWS\REGLOCS.OLD
          ----a-w             7,278 2008-05-10 20:56:49  C:\WINDOWS\SchedLgU.Txt
          ----a-w               165 2008-04-24 10:47:49  C:\WINDOWS\setup.iss
          ----a-w                 0 2008-04-21 16:58:46  C:\WINDOWS\Sti_Trace.log
          ----a-w               231 2008-04-21 16:57:47  C:\WINDOWS\system.ini
          ----a-w                36 2008-04-21 15:04:03  C:\WINDOWS\vb.ini
          ----a-w                37 2008-04-21 15:04:03  C:\WINDOWS\vbaddin.ini
          ----a-w               159 2008-05-10 21:01:56  C:\WINDOWS\wiadebug.log
          ----a-w                49 2008-05-10 21:01:54  C:\WINDOWS\wiaservc.log
          ----a-w               674 2008-05-07 09:08:40  C:\WINDOWS\win.ini
          ---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\WindowsShell.Manifest
          ----a-w         1,601,262 2008-05-10 20:56:42  C:\WINDOWS\WindowsUpdate.log
          ----a-w           316,640 2008-04-25 19:06:10  C:\WINDOWS\WMSysPr9.prx
          ----a-w           299,552 2008-04-21 15:06:02  C:\WINDOWS\WMSysPrx.prx
          
           Entries:               23  (21)
           Directories:            0  Files:            23
           Bytes:          2,346,319  Blocks:        4,594
           ======C:\WINDOWS\system32=====
          ----a-w               261 2008-04-21 15:07:33  C:\WINDOWS\System32\$winnt$.inf
          ----a-w            16,832 2008-04-21 15:06:03  C:\WINDOWS\System32\amcompat.tlb
          ---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\cdplayer.exe.manifest
          ----a-w             2,845 2008-04-21 15:06:05  C:\WINDOWS\System32\CONFIG.NT
          ------w            91,712 2008-05-10 16:56:37  C:\WINDOWS\System32\ekftppmm.dll
          ----a-w            21,748 2008-04-21 15:04:04  C:\WINDOWS\System32\emptyregdb.dat
          ------w           281,600 2008-05-10 16:56:38  C:\WINDOWS\System32\fccddDSj.dll
          ----a-w             2,112 2008-05-10 09:06:36  C:\WINDOWS\System32\fgcqfoaw.exe
          ----a-w         1,556,912 2008-04-28 10:17:36  C:\WINDOWS\System32\FNTCACHE.DAT
          ----a-w                 0 2008-04-21 17:00:12  C:\WINDOWS\System32\h323log.txt
          ----a-w           298,104 2008-04-24 17:04:12  C:\WINDOWS\System32\imon.dll
          --sh--w         1,516,439 2008-05-09 08:24:19  C:\WINDOWS\System32\jbttdyif.ini
          --sha-w           204,732 2008-05-10 16:57:19  C:\WINDOWS\System32\jSDddccf.ini
          ----a-w             6,300 2008-05-06 12:05:35  C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
          ---ha-r               488 2008-04-21 15:05:26  C:\WINDOWS\System32\logonui.exe.manifest
          ----a-w             2,112 2008-05-07 07:57:29  C:\WINDOWS\System32\mckvgbaj.exe
          ----a-w             2,112 2008-05-09 08:27:42  C:\WINDOWS\System32\mqxakvpu.exe
          ---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\ncpa.cpl.manifest
          ----a-w            23,392 2008-04-21 15:06:03  C:\WINDOWS\System32\nscompat.tlb
          ---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\nwc.cpl.manifest
          ----a-w            53,608 2008-05-02 10:40:49  C:\WINDOWS\System32\perfc009.dat
          ----a-w            70,426 2008-05-02 10:40:49  C:\WINDOWS\System32\perfc013.dat
          ----a-w           383,254 2008-05-02 10:40:49  C:\WINDOWS\System32\perfh009.dat
          ----a-w           444,960 2008-05-02 10:40:49  C:\WINDOWS\System32\perfh013.dat
          ----a-w           955,856 2008-05-02 10:40:48  C:\WINDOWS\System32\PerfStringBackup.INI
          ------w           100,416 2008-05-10 16:56:38  C:\WINDOWS\System32\rrlftjew.dll
          ----a-w           818,420 2008-05-10 10:18:24  C:\WINDOWS\System32\RVAXO.bat
          ---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\sapi.cpl.manifest
          ----a-w               253 2008-04-25 19:05:48  C:\WINDOWS\System32\spupdwxp.log
          ----a-w                 0 2008-05-10 09:20:53  C:\WINDOWS\System32\tesseract.log
          ----a-w           138,760 2008-04-26 21:47:32  C:\WINDOWS\System32\TZLog.log
          ----a-w           151,566 2008-04-24 10:48:01  C:\WINDOWS\System32\UninstIPP.isu
          ----a-w           102,976 2008-05-09 08:27:43  C:\WINDOWS\System32\uywchxsx.dll
          --sh--w         1,514,689 2008-05-10 09:02:27  C:\WINDOWS\System32\vyuxkmjx.ini
          ----a-w           108,608 2008-05-07 07:51:30  C:\WINDOWS\System32\whwxtlkx.dll
          ---ha-r               488 2008-04-21 15:05:26  C:\WINDOWS\System32\WindowsLogon.manifest
          ----a-w            25,065 2008-04-21 15:41:47  C:\WINDOWS\System32\wmpscheme.xml
          ----a-w            13,700 2008-04-25 19:10:11  C:\WINDOWS\System32\wpa.bak
          ----a-w            13,700 2008-05-09 08:21:30  C:\WINDOWS\System32\wpa.dbl
          ---ha-r               749 2008-04-21 15:05:22  C:\WINDOWS\System32\wuaucpl.cpl.manifest
          
           Entries:               40  (30)
           Directories:            0  Files:            40
           Bytes:          8,928,191  Blocks:       17,457
           ======C:\WINDOWS\system32\drivers=====
          ----a-w           512,096 2008-04-24 17:04:12  C:\WINDOWS\System32\drivers\amon.sys
          ----a-w            15,864 2008-05-05 18:46:32  C:\WINDOWS\System32\drivers\mbam.sys
          ----a-w            27,048 2008-05-05 18:46:36  C:\WINDOWS\System32\drivers\mbamcatchme.sys
          ----a-w            15,424 2008-04-24 17:04:11  C:\WINDOWS\System32\drivers\nod32drv.sys
          
           Entries:                4  (4)
           Directories:            0  Files:             4
           Bytes:            570,432  Blocks:        1,116
           =======C:\Program Files=====
           Entries:                0  (0)
           Directories:            0  Files:             0
           Bytes:                  0  Blocks:            0
           =======C:=====
          ----a-w                 0 2008-04-21 15:06:05  C:\AUTOEXEC.BAT
          --sha-r               211 2008-04-25 17:04:29  C:\boot.ini
          ----a-w                 0 2008-04-21 15:06:05  C:\CONFIG.SYS
          ----a-w               407 2008-05-10 21:00:44  C:\firstrun6.log
          --sha-w       535,351,296 2008-05-10 21:01:33  C:\hiberfil.sys
          ----a-w               164 2008-05-07 09:08:13  C:\install.dat
          --sha-r                 0 2008-04-21 15:06:05  C:\IO.SYS
          --sha-r                 0 2008-04-21 15:06:05  C:\MSDOS.SYS
          --sha-r            47,564 2008-04-25 16:58:13  C:\NTDETECT.COM
          --sha-r           251,184 2008-04-25 16:58:13  C:\ntldr
          --sha-w       805,306,368 2008-05-10 21:01:32  C:\pagefile.sys
          ----a-w               542 2008-05-10 21:03:02  C:\RVAXO-results.log
          ----a-w             5,965 2008-05-10 21:03:02  C:\RVAXO-Vfind.log
          ----a-w             6,374 2008-04-28 10:15:14  C:\WPI_Software_Log.txt
          
           Entries:               14  (7)
           Directories:            0  Files:            14
           Bytes:       1,340,970,075  Blocks:    2,619,086
           ======C:\Documents and Settings\Frank en Ellen\Application Data======
          --sha-w                62 2008-04-21 16:57:31  C:\Documents and Settings\Frank en Ellen\Application Data\desktop.ini
          
           Entries:                1  (0)
           Directories:            0  Files:             1
           Bytes:                 62  Blocks:            1
           ======C:\Documents and Settings\Frank en Ellen======
          ---ha-w         3,670,016 2008-05-10 20:56:48  C:\Documents and Settings\Frank en Ellen\NTUSER.DAT
          ---ha-w            94,208 2008-05-10 21:02:59  C:\Documents and Settings\Frank en Ellen\ntuser.dat.LOG
          --sh--w               188 2008-05-10 20:56:48  C:\Documents and Settings\Frank en Ellen\ntuser.ini
          
           Entries:                3  (0)
           Directories:            0  Files:             3
           Bytes:          3,764,412  Blocks:        7,353
           ======C:\WINDOWS\Downloaded Program Files====
          ---h--w                65 2008-04-21 15:05:26  C:\WINDOWS\Downloaded Program Files\desktop.ini
          
           Entries:                1  (0)
           Directories:            0  Files:             1
           Bytes:                 65  Blocks:            1
           =============

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\System32\ekftppmm.dll
            C:\WINDOWS\System32\fccddDSj.dll
            C:\WINDOWS\System32\fgcqfoaw.exe
            C:\WINDOWS\System32\jbttdyif.ini
            C:\WINDOWS\System32\jSDddccf.ini
            C:\WINDOWS\System32\mckvgbaj.exe
            C:\WINDOWS\System32\mqxakvpu.exe
            C:\WINDOWS\System32\rrlftjew.dll
            C:\WINDOWS\System32\uywchxsx.dll
            C:\WINDOWS\System32\vyuxkmjx.ini
            C:\WINDOWS\System32\whwxtlkx.dll) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              Code:
              Deleting files
              C:\WINDOWS\System32\ekftppmm.dll deleted
              C:\WINDOWS\System32\fccddDSj.dll deleted
              C:\WINDOWS\System32\fgcqfoaw.exe deleted
              C:\WINDOWS\System32\jbttdyif.ini deleted
              C:\WINDOWS\System32\jSDddccf.ini deleted
              C:\WINDOWS\System32\mckvgbaj.exe deleted
              C:\WINDOWS\System32\mqxakvpu.exe deleted
              C:\WINDOWS\System32\rrlftjew.dll deleted
              C:\WINDOWS\System32\uywchxsx.dll deleted
              C:\WINDOWS\System32\vyuxkmjx.ini deleted
              C:\WINDOWS\System32\whwxtlkx.dll deleted

              Comment


              • #8
                Ik denk dat we inmiddels bijna alles verwijderd hebben

                Download Deckard's System Scanner naar je Bureaublad.
                • Sluit alle toepassingen en vensters.
                • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
                • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
                • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

                Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
                - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
                Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
                Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

                Comment


                • #9
                  Nadat DSS.exe heeft gescand e.d. geeft hij deze error, en komt er geen logfile:

                  In dss.exe is een fout opgetreden en moet worden afgesloten. Onze excuses voor dit ongemak.

                  Met daar onder zo'n Rapport verzenden en Niet verzenden knop.

                  Ik merk trouwens niets meer van de problemen die ik eerst had, bedankt!

                  Comment


                  • #10
                    Download Combofix eens en maak daar een logje mee, post dat in je volgende bericht.

                    Comment


                    • #11
                      Code:
                      ComboFix 08-05-11.1 - Frank en Ellen 2008-05-12 12:08:45.1 - NTFSx86
                      Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1043.18.203 [GMT 2:00]
                      Gestart vanuit: C:\Documents and Settings\Frank en Ellen\Bureaublad\ComboFix.exe
                       * Nieuw herstelpunt werd aangemaakt
                       * Resident AV is active
                      
                      
                      [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
                      .
                      
                      ((((((((((((((((((((   Bestanden Gemaakt van 2008-04-12 to 2008-05-12  ))))))))))))))))))))))))))))))
                      .
                      
                      2008-05-12 09:48 . 2008-05-12 09:48	<DIR>	d--------	C:\Deckard
                      2008-05-10 23:01 . 2008-05-11 10:15	<DIR>	d--------	C:\RVAXO
                      2008-05-10 22:59 . 2008-05-10 12:18	818,420	--a------	C:\WINDOWS\system32\RVAXO.bat
                      2008-05-10 22:59 . 2001-10-01 14:51	69,632	--a------	C:\WINDOWS\system32\remove.exe
                      2008-05-10 22:58 . 2008-04-21 17:03	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Sjablonen
                      2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Onlangs geopend
                      2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Netwerkprinteromgeving
                      2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--------	C:\Documents and Settings\Administrator\Mijn documenten
                      2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	dr-------	C:\Documents and Settings\Administrator\Menu Start
                      2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--------	C:\Documents and Settings\Administrator\Favorieten
                      2008-05-10 22:58 . 2008-04-21 18:57	<DIR>	d--------	C:\Documents and Settings\Administrator\Bureaublad
                      2008-05-10 22:58 . 2008-05-10 22:58	<DIR>	d--------	C:\Documents and Settings\Administrator
                      2008-05-10 22:58 . 2008-05-12 12:08	1,024	--ah-----	C:\Documents and Settings\Administrator\ntuser.dat.LOG
                      2008-05-10 18:52 . 2008-05-10 18:52	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
                      2008-05-10 18:52 . 2008-05-10 18:52	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Malwarebytes
                      2008-05-10 18:52 . 2008-05-10 18:52	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
                      2008-05-10 18:52 . 2008-05-05 20:46	27,048	--a------	C:\WINDOWS\system32\drivers\mbamcatchme.sys
                      2008-05-10 18:52 . 2008-05-05 20:46	15,864	--a------	C:\WINDOWS\system32\drivers\mbam.sys
                      2008-05-10 16:23 . 2008-05-10 23:04	<DIR>	dr-h-----	C:\Documents and Settings\Frank en Ellen\Onlangs geopend
                      2008-05-10 13:07 . 2008-05-10 13:07	<DIR>	d--------	C:\Program Files\Trend Micro
                      2008-05-07 11:25 . 2008-05-10 13:17	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Lavasoft
                      2008-05-07 11:08 . 2008-05-07 11:08	164	--a------	C:\install.dat
                      2008-05-07 11:07 . 2008-05-10 13:17	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
                      2008-05-07 11:07 . 2008-05-10 13:17	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-05-07 11:06 . 2005-08-25 18:19	115,920	--a------	C:\WINDOWS\system32\MSINET.OCX
                      2008-05-07 11:03 . 2008-05-10 11:27	<DIR>	d--------	C:\Temp
                      2008-05-07 11:03 . 2008-05-07 11:03	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Prevx
                      2008-05-07 11:00 . 2008-05-07 11:00	<DIR>	d--------	C:\Program Files\SurfRight
                      2008-05-07 11:00 . 2008-05-07 11:00	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SurfRight
                      2008-05-07 10:56 . 2008-05-07 10:56	<DIR>	d--------	C:\WINDOWS\system32\GroupPolicy
                      2008-05-07 10:56 . 2008-05-10 13:18	<DIR>	d--------	C:\Program Files\Hitman Pro
                      2008-05-06 17:25 . 2008-05-06 17:26	<DIR>	d--------	C:\Program Files\mp3DirectCut
                      2008-05-06 17:23 . 2008-05-06 17:23	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Thinstall
                      2008-05-06 14:41 . 2008-03-01 15:05	6,066,176	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll
                      2008-05-06 14:41 . 2007-04-17 11:32	2,455,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dat
                      2008-05-06 14:41 . 2007-03-08 07:11	1,032,192	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll.mui
                      2008-05-06 14:41 . 2008-03-01 15:05	459,264	-----c---	C:\WINDOWS\system32\dllcache\msfeeds.dll
                      2008-05-06 14:41 . 2008-03-01 15:05	383,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dll
                      2008-05-06 14:41 . 2008-03-01 15:05	267,776	-----c---	C:\WINDOWS\system32\dllcache\iertutil.dll
                      2008-05-06 14:41 . 2008-03-01 15:05	63,488	-----c---	C:\WINDOWS\system32\dllcache\icardie.dll
                      2008-05-06 14:41 . 2008-03-01 15:05	52,224	-----c---	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                      2008-05-06 14:41 . 2008-02-22 12:00	13,824	-----c---	C:\WINDOWS\system32\dllcache\ieudinit.exe
                      2008-05-06 14:40 . 2008-05-06 14:41	<DIR>	d--------	C:\WINDOWS\system32\nl-nl
                      2008-05-06 14:37 . 2007-08-13 18:54	33,792	--a--c---	C:\WINDOWS\system32\dllcache\custsat.dll
                      2008-05-06 14:23 . 2008-05-06 14:24	<DIR>	d--------	C:\Program Files\Download Mover
                      2008-05-06 14:18 . 2008-05-06 14:19	<DIR>	d--------	C:\Program Files\NewsLeecher
                      2008-05-06 14:05 . 2008-05-06 14:05	<DIR>	d--------	C:\WINDOWS\Sun
                      2008-05-06 14:05 . 2008-05-06 14:05	<DIR>	d--------	C:\Program Files\Java
                      2008-05-06 14:05 . 2008-02-22 02:33	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
                      2008-05-06 14:04 . 2008-05-06 14:04	<DIR>	d--------	C:\Program Files\Common Files\Java
                      2008-05-02 14:10 . 2008-05-06 14:18	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Downloads
                      2008-05-02 14:10 . 2008-05-06 14:20	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\NewsLeecher
                      2008-04-28 12:10 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
                      2008-04-28 12:09 . 2008-04-28 12:09	<DIR>	d--------	C:\Program Files\MSBuild
                      2008-04-28 12:09 . 2008-04-28 12:09	<DIR>	d--------	C:\Program Files\Microsoft Works
                      2008-04-28 12:07 . 2008-04-28 12:07	<DIR>	d--------	C:\Program Files\Microsoft.NET
                      2008-04-28 12:05 . 2008-04-28 12:08	<DIR>	d--------	C:\WINDOWS\SHELLNEW
                      2008-04-28 12:05 . 2008-04-28 12:05	<DIR>	dr-h-----	C:\MSOCache
                      2008-04-28 12:05 . 2008-04-28 12:14	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help
                      2008-04-28 12:03 . 2008-04-28 12:03	<DIR>	d--------	C:\Program Files\Notepad++
                      2008-04-28 12:03 . 2008-04-28 12:03	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Notepad++
                      2008-04-28 11:51 . 2008-04-28 11:51	<DIR>	d--------	C:\Program Files\Bonjour
                      2008-04-28 11:44 . 2008-04-28 11:44	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
                      2008-04-28 11:02 . 2008-05-11 13:59	69	--a------	C:\WINDOWS\NeroDigital.ini
                      2008-04-26 23:44 . 2008-04-26 23:44	<DIR>	d--------	C:\Program Files\MSXML 4.0
                      2008-04-26 19:14 . 2008-04-26 19:14	<DIR>	d--------	C:\Program Files\Google
                      2008-04-26 19:14 . 2008-05-11 12:33	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Google Updater
                      2008-04-26 19:06 . 2007-07-09 15:11	584,192	-----c---	C:\WINDOWS\system32\dllcache\rpcrt4.dll
                      2008-04-25 22:35 . 2003-02-28 18:26	139,536	--a------	C:\WINDOWS\system32\javaee.dll
                      2008-04-25 22:35 . 2003-02-28 18:26	46,352	--a------	C:\WINDOWS\setdebug.exe
                      2008-04-25 22:35 . 2003-02-28 16:54	7,315	--a------	C:\WINDOWS\system32\javasup.vxd
                      2008-04-25 22:35 . 2003-02-28 16:35	6,550	--a------	C:\WINDOWS\jautoexp.dat
                      2008-04-25 21:10 . 2008-04-25 21:10	13,700	--a------	C:\WINDOWS\system32\wpa.bak
                      2008-04-25 21:06 . 2008-04-25 21:06	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start
                      2008-04-25 21:03 . 2006-06-14 10:47	172,416	--a------	C:\WINDOWS\system32\drivers\kmixer.sys
                      2008-04-25 21:03 . 2006-02-15 02:22	142,464	--a------	C:\WINDOWS\system32\drivers\aec.sys
                      2008-04-25 21:03 . 2006-06-14 11:00	82,944	--a------	C:\WINDOWS\system32\drivers\wdmaud.sys
                      2008-04-25 21:03 . 2004-08-03 23:15	60,800	--a------	C:\WINDOWS\system32\drivers\sysaudio.sys
                      2008-04-25 21:03 . 2001-08-17 22:00	54,272	--a------	C:\WINDOWS\system32\drivers\swmidi.sys
                      2008-04-25 21:03 . 2004-08-03 23:07	52,864	--a------	C:\WINDOWS\system32\drivers\DMusic.sys
                      2008-04-25 21:03 . 2006-06-14 10:47	6,400	--a------	C:\WINDOWS\system32\drivers\splitter.sys
                      2008-04-25 21:03 . 2004-08-03 23:07	2,944	--a------	C:\WINDOWS\system32\drivers\drmkaud.sys
                      2008-04-25 19:04 . 2008-04-25 21:06	316,640	--a------	C:\WINDOWS\WMSysPr9.prx
                      2008-04-25 19:01 . 2008-04-25 19:01	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
                      2008-04-25 18:57 . 2004-07-17 11:40	19,528	--a------	C:\WINDOWS\[u]0[/u]02280_.tmp
                      2008-04-25 18:55 . 2008-04-25 18:55	<DIR>	d--------	C:\WINDOWS\EHome
                      2008-04-25 18:40 . 2008-04-25 18:40	1,169	--a------	C:\WINDOWS\mozver.dat
                      2008-04-24 19:22 . 2008-04-24 19:22	<DIR>	d--------	C:\Program Files\Winamp
                      2008-04-24 19:22 . 2008-04-24 19:22	<DIR>	d--------	C:\Program Files\Van Dale - Pocketwoordenboeken
                      2008-04-24 19:22 . 2008-04-24 19:22	<DIR>	d--------	C:\Program Files\Unlocker
                      2008-04-24 19:22 . 2008-04-24 19:22	<DIR>	d--------	C:\Program Files\Sygate
                      2008-04-24 19:22 . 2008-05-11 20:53	<DIR>	d--------	C:\Documents and Settings\Frank en Ellen\Application Data\Winamp
                      2008-04-24 19:22 . 2004-08-10 17:05	83,096	--a------	C:\WINDOWS\system32\SSSensor.dll
                      2008-04-24 19:22 . 2004-08-10 16:51	59,984	--a------	C:\WINDOWS\system32\drivers\Teefer.sys
                      2008-04-24 19:22 . 2004-08-10 16:53	21,075	--a------	C:\WINDOWS\system32\drivers\wpsdrvnt.sys
                      2008-04-24 19:22 . 2004-08-10 17:05	14,240	--a------	C:\WINDOWS\system32\drivers\wg6n.sys
                      2008-04-24 19:22 . 2004-08-10 17:05	14,240	--a------	C:\WINDOWS\system32\drivers\wg5n.sys
                      2008-04-24 19:22 . 2004-08-10 17:05	14,240	--a------	C:\WINDOWS\system32\drivers\wg4n.sys
                      2008-04-24 19:22 . 2004-08-10 17:05	14,240	--a------	C:\WINDOWS\system32\drivers\wg3n.sys
                      2008-04-24 19:21 . 2008-04-24 19:21	<DIR>	d--------	C:\Program Files\QuickPar
                      2008-04-24 19:21 . 2007-06-13 11:14	676,224	--a------	C:\WINDOWS\system32\OGACheckControl.DLL
                      2008-04-24 19:04 . 2008-05-10 13:17	<DIR>	d--------	C:\Program Files\Lavasoft
                      2008-04-24 19:04 . 2008-05-10 12:33	<DIR>	d--------	C:\Program Files\ESET
                      2008-04-24 19:04 . 2008-04-24 19:04	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Lavasoft
                      2008-04-24 19:04 . 2008-04-24 19:04	512,096	--a------	C:\WINDOWS\system32\drivers\amon.sys
                      2008-04-24 19:04 . 2008-04-24 19:04	298,104	--a------	C:\WINDOWS\system32\imon.dll
                      2008-04-24 19:04 . 2008-04-24 19:04	15,424	--a------	C:\WINDOWS\system32\drivers\nod32drv.sys
                      2008-04-24 19:03 . 2008-04-24 19:03	<DIR>	d--------	C:\Program Files\CCleaner
                      2008-04-24 18:58 . 2008-04-28 11:51	<DIR>	d--------	C:\Program Files\Common Files\Adobe
                      2008-04-24 18:56 . 2008-04-28 11:41	<DIR>	d--------	C:\Program Files\Nero
                      2008-04-24 18:56 . 2008-04-24 18:56	<DIR>	d--------	C:\Program Files\Common Files\Nero
                      2008-04-24 18:56 . 2008-04-24 18:56	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Nero
                      2008-04-24 18:56 . 2006-03-17 11:45	1,757,184	--a------	C:\WINDOWS\system32\imagX7.dll
                      2008-04-24 18:56 . 2006-03-17 11:45	802,816	--a------	C:\WINDOWS\system32\imagXRA7.dll
                      2008-04-24 18:56 . 2006-03-17 11:45	497,296	--a------	C:\WINDOWS\system32\imagXpr7.dll
                      2008-04-24 18:56 . 2006-03-17 14:49	368,640	--a------	C:\WINDOWS\system32\TwnLib4.dll
                      2008-04-24 18:56 . 2006-03-17 11:45	258,048	--a------	C:\WINDOWS\system32\imagXR7.dll
                      2008-04-24 13:49 . 2008-04-24 13:49	<DIR>	d--------	C:\WINDOWS\system32\bits
                      2008-04-24 13:49 . 2008-05-07 10:05	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
                      2008-04-24 13:49 . 2006-09-06 17:43	22,752	--a------	C:\WINDOWS\system32\spupdsvc.exe
                      2008-04-24 13:10 . 2004-08-04 01:03	351,232	--a------	C:\WINDOWS\system32\winhttp.dll
                      2008-04-24 13:10 . 2004-08-04 01:03	18,944	--a------	C:\WINDOWS\system32\qmgrprxy.dll
                      2008-04-24 13:10 . 2004-08-04 01:03	8,192	---------	C:\WINDOWS\system32\bitsprx2.dll
                      2008-04-24 13:10 . 2004-08-04 01:03	7,168	---------	C:\WINDOWS\system32\bitsprx3.dll
                      2008-04-24 13:01 . 2007-07-30 19:19	549,720	--a------	C:\WINDOWS\system32\wuapi.dll
                      
                      .
                      (((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-04-21 15:06	---------	d-----w	C:\Program Files\microsoft frontpage
                      2008-04-21 15:05	558,142	----a-w	C:\WINDOWS\java\Packages\TV9NXR3X.ZIP
                      2008-04-21 15:05	155,995	----a-w	C:\WINDOWS\java\Packages\2OG5VB9F.ZIP
                      2008-03-20 08:10	1,845,376	----a-w	C:\WINDOWS\system32\win32k.sys
                      2008-03-01 13:05	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
                      2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
                      2008-02-20 05:39	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
                      .
                      
                      (((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                      
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
                      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
                      
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:05 344064]
                      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-13 00:23 32768]
                      "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
                      "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
                      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-24 19:04 949376]
                      "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576]
                      "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 09:58 15360]
                      "SoundMan"="SOUNDMAN.EXE" [2005-04-15 05:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
                      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
                      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
                      
                      C:\Documents and Settings\Frank en Ellen\Menu Start\Programma's\Opstarten\
                      DLMov.lnk - C:\Program Files\Download Mover\DLMov.exe [2008-05-06 14:23:20 753664]
                      
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
                      "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
                      "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      
                      S1 ctredr15.sys;ctredr15.sys;C:\WINDOWS\system32\drivers\ctredr15.sys []
                      S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
                      
                      *Newly Created Service* - CATCHME
                      .
                      **************************************************************************
                      
                      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-05-12 12:10:45
                      Windows 5.1.2600 Service Pack 2 NTFS
                      
                      scannen van verborgen processen ...
                      
                      scannen van verborgen autostart items ...
                      
                      scannen van verborgen bestanden ...
                      
                      Scan succesvol afgerond
                      verborgen bestanden: 0
                      
                      **************************************************************************
                      
                      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
                      "ImagePath"=""
                      .
                      --------------------- DLLs Geladen Onder Lopende Processen ---------------------
                      
                      PROCESS: C:\WINDOWS\system32\lsass.exe
                      -> C:\Program Files\Eset\pr_imon.dll
                      .
                      Voltooingstijd: 2008-05-12 12:11:11
                      ComboFix-quarantined-files.txt  2008-05-12 10:11:07
                      
                      Pre-Run: 20,409,417,728 bytes beschikbaar
                      Post-Run: 20,400,312,320 bytes beschikbaar
                      
                      199	--- E O F ---	2008-05-10 21:23:23

                      Comment


                      • #12
                        Het lijkt mij allemaal schoon

                        Ga naar Start - Uitvoeren en geef daar het volgende in:
                        Combofix /u
                        Druk op OK.

                        Combofix wordt dan weer verwijderd.

                        Comment


                        • #13
                          Smeenk, enorm bedankt! Mijn moeder is heel blij, zegt ze.

                          Alles werkt nu zoals het hoort.

                          Comment


                          • #14
                            Graag gedaan hoor

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X