Mededeling

Collapse
No announcement yet.

spam problemen door beschermingstool

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • spam problemen door beschermingstool

    Geachte,

    Na het opstarten van mijn pc en het openen van IE (wat ongelooflijk zeer traag gaat,wat normaal zeker het geval niet is) komt er spam om mijn scherm:
    zoals: je pc gaat traag, download dit programme en alles gaat weer sneller
    nog andere programma's, al om je pc beter te maken en te beschermen.
    problemen die visueel op het scherm komen zijn:
    (1) Advanced cleaneste om je pc grafisch te scannen
    (2) microsoft visual C++ -- Runtime Library -- Buffer overrun deteced
    (3) Porno
    (4) registry defender.com
    (5) ...

    nu heb ik gegoogeld achter een oplossing voor mijn klein probleembje:
    jullie zijn de experts, dus kunnen je me aub helpen
    MVG
    Steven



    Logfile of HijackThis v1.99.1
    Scan saved at 10:31:24, on 11/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LevelOne\Common\RaUI.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\5BHLV1NP\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {38E129A5-FC0C-4641-B71D-54F4C5383B48} - C:\WINDOWS\system32\yaywusTJ.dll
    O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\tuvVPICs.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [f0e6a401] rundll32.exe "C:\WINDOWS\system32\kglvkywc.dll",b
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BMf3d5979d] Rundll32.exe "C:\WINDOWS\system32\fypseeen.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: Levelone Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://194.78.112.62/Rawflow.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156007354828
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: tuvVPICs - C:\WINDOWS\SYSTEM32\tuvVPICs.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    Last edited by XRayCat; 11-05-08, 11:16.

  • #2
    Hoi,

    Ik ga even voor je kijken.

    Met vriendelijke groet,
    Blackbird
    Met vriendelijke groet,
    Blackbird

    Comment


    • #3
      Hoi,

      Download de nieuwste versie van HijackThis hier: http://download.bleepingcomputer.com...HJTInstall.exe
      Dubbelklik HJTInstall.exe om HijackThis te installeren.
      Standaard zal HijackThis in de Program Files\Trendmicro map geînstalleerd worden en een snelkoppeling zal op uw bureaublad komen te staan.

      HijackThis zal openen na het installeren.
      Klik nu op Do a system scan and save a logfile.
      Er zal een kladblokbestand openen. Post dit in je volgende reactie.

      Met vriendelijke groet,
      Blackbird
      Met vriendelijke groet,
      Blackbird

      Comment


      • #4
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 17:37:55, on 12/05/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\IoctlSvc.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\LevelOne\Common\RaUI.exe
        C:\Program Files\SpywareGuard\sgmain.exe
        C:\PROGRA~1\Grisoft\AVG7\avgw.exe
        C:\Program Files\SpywareGuard\sgbhp.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Outlook Express\msimn.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
        O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [BMf3d5979d] Rundll32.exe "C:\WINDOWS\system32\avqvecym.dll",s
        O4 - HKLM\..\Run: [f0e6a401] rundll32.exe "C:\WINDOWS\system32\mmnochyl.dll",b
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
        O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
        O4 - Global Startup: Levelone Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://194.78.112.62/Rawflow.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156007354828
        O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

        --
        End of file - 7110 bytes

        Comment


        • #5
          Hoi,

          1. Start HijackThis opnieuw en kies voor Do a system scan only.
          Vink de volgende regels, indien aanwezig, aan:
          O4 - HKLM\..\Run: [BMf3d5979d] Rundll32.exe "C:\WINDOWS\system32\avqvecym.dll",s
          O4 - HKLM\..\Run: [f0e6a401] rundll32.exe "C:\WINDOWS\system32\mmnochyl.dll",b
          O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
          O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
          Sluit nu eerst alle vensters!
          Klik hierna onderin op Fix Checked.
          Sluit HijackThis hierna af.

          2. Start nu je computer opnieuw op. (Belangrijk!)

          3. Open een kladblokbestand.
          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

          @ECHO OFF
          IF EXIST log.txt DEL log.txt
          ECHO Deleting files>>log.txt
          FOR %%g in (
          "C:\WINDOWS\system32\avqvecym.dll"
          "C:\WINDOWS\system32\mmnochyl.dll") DO (
          IF EXIST %%g (
          ATTRIB -r -s -h %%g
          DEL %%g
          IF EXIST %%g (
          ECHO %%g not deleted>>log.txt
          ) ELSE (
          ECHO %%g deleted>>log.txt)
          ) ELSE (
          ECHO %%g not found>>log.txt))
          START NOTEPAD.EXE log.txt

          Ga naar Bestand - Opslaan als.
          Bij "Opslaan in" kies je: Bureaublad
          Bij "Bestandsnaam" zet je: del.bat
          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
          Klik op de knop Opslaan.
          Voer del.bat uit, door erop te dubbelklikken.
          Post de inhoud van de logfile die opent.

          4. Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
          Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
          Als het tooltje klaar is, opent er een logfile (combofix.txt).
          Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

          Post ook een nieuwe HijackThislog tesamen met het logje van de batch.
          Met vriendelijke groet,
          Blackbird

          Comment


          • #6
            hallo, ik heb nauw gezet u instructies gevolgd,
            dit is het resultaat:

            logbestand van det.bat :
            Deleting files
            "C:\WINDOWS\system32\avqvecym.dll" not found
            "C:\WINDOWS\system32\mmnochyl.dll" not found

            logbestand van combofix:
            ComboFix 08-05-12.1 - Steven 2008-05-13 21:34:31.1 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1600 [GMT 2:00]
            Gestart vanuit: C:\Documents and Settings\Steven\Mijn documenten\Mijn ontvangen bestanden\ComboFix007.exe
            * Nieuw herstelpunt werd aangemaakt

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\Program Files\myglobalsearch
            C:\Program Files\myglobalsearch\bar\History\search
            C:\WINDOWS\cookies.ini
            C:\WINDOWS\pskt.ini
            C:\WINDOWS\system32\cbduiopf.dll
            C:\WINDOWS\system32\cwykvlgk.ini
            C:\WINDOWS\system32\fypseeen.dll
            C:\WINDOWS\system32\hywquhem.ini
            C:\WINDOWS\system32\jdubkbip.ini
            C:\WINDOWS\system32\JTsuwyay.ini
            C:\WINDOWS\system32\JTsuwyay.ini2
            C:\WINDOWS\system32\lyhconmm.ini
            C:\WINDOWS\system32\mcrh.tmp
            C:\WINDOWS\system32\mehuqwyh.dll
            C:\WINDOWS\system32\nhaomqmi.ini
            C:\WINDOWS\system32\nhfnislb.ini
            C:\WINDOWS\system32\tdgyuffk.dll
            C:\WINDOWS\system32\tuvVPICs.dll
            C:\WINDOWS\system32\voyhhtpo.ini
            C:\WINDOWS\system32\winsys.exe
            C:\WINDOWS\system32\yaywusTJ.dll

            .
            (((((((((((((((((((( Bestanden Gemaakt van 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))
            .

            2008-05-11 11:14 . 2008-05-11 11:14 <DIR> d-------- C:\Program Files\spyad
            2008-05-11 11:14 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
            2008-05-11 11:08 . 2008-05-13 17:34 <DIR> d-------- C:\Program Files\SpywareGuard
            2008-05-11 11:01 . 2008-05-11 11:06 <DIR> d-------- C:\Program Files\SpywareBlaster
            2008-05-11 11:01 . 2008-05-13 18:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
            2008-05-09 14:19 . 2008-05-09 14:19 <DIR> d-------- C:\Program Files\NeroInstall.bak
            2008-05-09 14:09 . 2008-05-09 14:09 <DIR> d-------- C:\Program Files\Nero
            2008-05-06 20:24 . 2008-05-06 20:24 <DIR> d-------- C:\Program Files\VobSub
            2008-04-24 17:20 . 2008-05-13 17:45 109,787 --a------ C:\WINDOWS\BMf3d5979d.xml
            2008-04-20 09:58 . 2008-05-06 22:17 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Azureus
            2008-04-20 09:58 . 2008-04-20 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
            2008-04-20 09:57 . 2008-04-20 10:57 <DIR> d-------- C:\Program Files\Azureus

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-05-13 15:33 --------- d-----w C:\Documents and Settings\Steven\Application Data\AVG7
            2008-05-11 08:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
            2008-05-11 08:09 --------- d-----w C:\Program Files\BearShare
            2008-05-11 08:08 --------- d-----w C:\Program Files\Hitman Pro
            2008-05-11 08:07 --------- d-----w C:\Documents and Settings\Steven\Application Data\Lavasoft
            2008-05-11 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-05-09 12:12 --------- d-----w C:\Program Files\Common Files\Nero
            2008-05-09 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
            2008-04-03 15:57 --------- d-----w C:\Program Files\Common Files\Adobe
            2008-03-31 17:57 --------- d-----w C:\Program Files\Java
            2008-03-18 19:04 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
            2008-03-18 19:04 --------- d-----w C:\Program Files\Windows Live
            2008-03-18 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
            2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
            2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
            2007-12-26 20:14 9 ----a-w C:\Documents and Settings\Steven\Application Data\mdb.bin
            2003-03-21 12:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
            "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe]
            "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-08 01:24 7557120]
            "nwiz"="nwiz.exe" [2006-03-08 01:24 1519616 C:\WINDOWS\system32\nwiz.exe]
            "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-22 08:46 208896]
            "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-22 08:46 69632]
            "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-08 01:24 86016]
            "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
            "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:41 579584]
            "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
            "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 10:39 219136]

            C:\Documents and Settings\Steven\Menu Start\Programma's\Opstarten\
            SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Levelone Wireless Utility.lnk - C:\Program Files\LevelOne\Common\RaUI.exe [2006-08-02 14:41:00 585728]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyp32]
            winjyp32.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
            "VIDC.VDOM"= vdowave.drv

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
            "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
            "C:\\StubInstaller.exe"=
            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
            "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
            "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
            "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
            "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
            "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
            "C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
            "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
            "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
            "C:\\Program Files\\Azureus\\Azureus.exe"=

            S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys

            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-05-13 18:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
            .
            **************************************************************************

            catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-05-13 21:38:40
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\IoctlSvc.exe
            C:\Program Files\Canon\CAL\CALMAIN.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\Program Files\SpywareGuard\sgbhp.exe
            .
            **************************************************************************
            .
            Voltooingstijd: 2008-05-13 21:41:29 - machine was rebooted
            ComboFix-quarantined-files.txt 2008-05-13 19:41:26

            Pre-Run: 139,366,625,280 bytes beschikbaar
            Post-Run: 143,301,115,904 bytes beschikbaar

            150 --- E O F --- 2008-05-11 09:18:44

            + hijackThis bestand:
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 21:45:19, on 13/05/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\IoctlSvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Canon\CAL\CALMAIN.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\WINDOWS\system32\RUNDLL32.EXE
            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
            C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\LevelOne\Common\RaUI.exe
            C:\Program Files\SpywareGuard\sgmain.exe
            C:\Program Files\SpywareGuard\sgbhp.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Outlook Express\msimn.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\Program Files\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
            O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
            O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
            O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
            O4 - Global Startup: Levelone Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://194.78.112.62/Rawflow.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156007354828
            O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
            O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
            O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

            --
            End of file - 7184 bytes


            toch bedankt voor de moeite allezins

            Comment


            • #7
              Hoi,

              1. Start de computer opnieuw op, maar dan in veilige modus.

              2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

              File::
              C:\WINDOWS\BMf3d5979d.xml
              C:\WINDOWS\BMf3d5979d.txt

              Registry::
              [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyp32]

              Sla dit op op je Bureaublad als CFScript.txt

              Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



              Dit zal ComboFix doen herstarten.
              Start opnieuw op als daarom gevraagd wordt,
              en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

              3. Start je computer nu opnieuw op, maar nu weer in normale modus.

              4. Ga naar Virustotal.com.
              Upload het volgende bestand: C:\WINDOWS\choice.exe
              Verzend het bestand.
              Wacht totdat het resultaat klaar is. Kopieer/plak dit in je volgende bericht.

              Doe dit ook met het volgende bestand:
              C:\Program Files\Common Files\keyhelp.ocx


              Post dus de volgende logs: de log van ComboFix, de logs van Virustotal.com en een nieuwe HijackThislog.
              Met vriendelijke groet,
              Blackbird

              Comment


              • #8
                het log van combofix:

                ComboFix 08-05-12.1 - Steven 2008-05-14 19:29:22.2 - NTFSx86 MINIMAL
                Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1787 [GMT 2:00]
                Gestart vanuit: C:\Documents and Settings\Steven\Bureaublad\ComboFix007.exe
                Command switches used :: C:\Documents and Settings\Steven\Bureaublad\CFScript.txt

                WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                FILE ::
                C:\WINDOWS\BMf3d5979d.txt
                C:\WINDOWS\BMf3d5979d.xml
                .

                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                C:\WINDOWS\BMf3d5979d.txt
                C:\WINDOWS\BMf3d5979d.xml

                .
                (((((((((((((((((((( Bestanden Gemaakt van 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))
                .

                2008-05-11 11:14 . 2008-05-11 11:14 <DIR> d-------- C:\Program Files\spyad
                2008-05-11 11:14 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
                2008-05-11 11:08 . 2008-05-13 17:34 <DIR> d-------- C:\Program Files\SpywareGuard
                2008-05-11 11:01 . 2008-05-11 11:06 <DIR> d-------- C:\Program Files\SpywareBlaster
                2008-05-11 11:01 . 2008-05-13 18:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                2008-05-09 14:19 . 2008-05-09 14:19 <DIR> d-------- C:\Program Files\NeroInstall.bak
                2008-05-09 14:09 . 2008-05-09 14:09 <DIR> d-------- C:\Program Files\Nero
                2008-05-06 20:24 . 2008-05-06 20:24 <DIR> d-------- C:\Program Files\VobSub
                2008-04-20 09:58 . 2008-05-06 22:17 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Azureus
                2008-04-20 09:58 . 2008-04-20 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
                2008-04-20 09:57 . 2008-04-20 10:57 <DIR> d-------- C:\Program Files\Azureus

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-05-14 17:11 --------- d-----w C:\Documents and Settings\Steven\Application Data\AVG7
                2008-05-11 08:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
                2008-05-11 08:09 --------- d-----w C:\Program Files\BearShare
                2008-05-11 08:08 --------- d-----w C:\Program Files\Hitman Pro
                2008-05-11 08:07 --------- d-----w C:\Documents and Settings\Steven\Application Data\Lavasoft
                2008-05-11 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2008-05-09 12:12 --------- d-----w C:\Program Files\Common Files\Nero
                2008-05-09 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
                2008-04-03 15:57 --------- d-----w C:\Program Files\Common Files\Adobe
                2008-03-31 17:57 --------- d-----w C:\Program Files\Java
                2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
                2008-03-18 19:04 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
                2008-03-18 19:04 --------- d-----w C:\Program Files\Windows Live
                2008-03-18 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
                2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
                2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
                2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
                2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
                2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
                2007-12-26 20:14 9 ----a-w C:\Documents and Settings\Steven\Application Data\mdb.bin
                2003-03-21 12:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx
                1998-08-24 10:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
                .

                ((((((((((((((((((((((((((((( [email protected]_21.41.18.25 )))))))))))))))))))))))))))))))))))))))))
                .
                - 2008-05-13 19:38:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                + 2008-05-14 17:28:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
                "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
                "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
                "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe]
                "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-08 01:24 7557120]
                "nwiz"="nwiz.exe" [2006-03-08 01:24 1519616 C:\WINDOWS\system32\nwiz.exe]
                "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-22 08:46 208896]
                "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-22 08:46 69632]
                "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-08 01:24 86016]
                "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
                "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
                "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:41 579584]
                "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
                "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
                "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 10:39 219136]

                C:\Documents and Settings\Steven\Menu Start\Programma's\Opstarten\
                SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                Levelone Wireless Utility.lnk - C:\Program Files\LevelOne\Common\RaUI.exe [2006-08-02 14:41:00 585728]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                "VIDC.VDOM"= vdowave.drv

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                "%windir%\\system32\\sessmgr.exe"=
                "C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
                "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
                "C:\\StubInstaller.exe"=
                "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
                "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
                "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
                "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
                "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
                "C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
                "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
                "C:\\Program Files\\Azureus\\Azureus.exe"=

                S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys

                *Newly Created Service* - CATCHME
                .
                Inhoud van de 'Gedeelde Taken' map
                "2008-05-13 18:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                .
                **************************************************************************

                catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-05-14 19:31:27
                Windows 5.1.2600 Service Pack 2 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                Voltooingstijd: 2008-05-14 19:32:17
                ComboFix-quarantined-files.txt 2008-05-14 17:32:15
                ComboFix2.txt 2008-05-13 19:41:30

                Pre-Run: 143,266,426,880 bytes beschikbaar
                Post-Run: 143,277,076,480 bytes beschikbaar

                129 --- E O F --- 2008-05-11 09:18:44


                Het geupload bestand :C:\WINDOWS\choice.exe

                Dit bestand is reeds gescanned:
                MD5: 2e5832d56dcc6dc7ecb1cbe9ea350b9b
                First received: 2006.06.03 17:57:30 (CET)
                Datum: 2008.02.26 11:41:54 (CET) [>78D]
                Resultaat: 1/31
                Permalink: analisis/cf1c8b4f9d560916c8786bc1860d7dd1

                Het geupload bestand: C:\Program Files\Common Files\keyhelp.ocx

                Antivirus Versie Laatst geüpdatet Resultaat
                AhnLab-V3 2008.5.10.0 2008.05.13 -
                AntiVir 7.8.0.17 2008.05.13 -
                Authentium 5.1.0.4 2008.05.14 -
                Avast 4.8.1169.0 2008.05.12 -
                AVG 7.5.0.516 2008.05.13 -
                BitDefender 7.2 2008.05.08 -
                CAT-QuickHeal 9.50 2008.05.12 -
                ClamAV 0.92.1 2008.05.13 -
                DrWeb 4.44.0.09170 2008.05.13 -
                eSafe 7.0.15.0 2008.05.12 -
                eTrust-Vet 31.4.5784 2008.05.13 -
                Ewido 4.0 2008.05.13 -
                F-Prot 4.4.2.54 2008.05.13 -
                F-Secure 6.70.13260.0 2008.05.13 -
                Fortinet 3.14.0.0 2008.05.13 -
                GData 2.0.7306.1023 2008.05.14 -
                Ikarus T3.1.1.26.0 2008.05.13 -
                Kaspersky 7.0.0.125 2008.05.13 -
                McAfee 5293 2008.05.12 -
                Microsoft 1.3408 2008.05.13 -
                NOD32v2 3095 2008.05.13 -
                Norman 5.80.02 2008.05.09 -
                Panda 9.0.0.4 2008.05.12 -
                Prevx1 V2 2008.05.14 -
                Rising 20.44.12.00 2008.05.13 -
                Sophos 4.29.0 2008.05.13 -
                Sunbelt 3.0.1114.0 2008.05.12 -
                Symantec 10 2008.05.13 -
                TheHacker 6.2.92.309 2008.05.13 -
                VBA32 3.12.6.6 2008.05.13 -
                VirusBuster 4.3.26:9 2008.05.12 -
                Webwasher-Gateway 6.6.2 2008.05.13 -
                Extra informatie
                File size: 250544 bytes
                MD5...: ce1cbfc8c17349f8ca97fd18f041ef23
                SHA1..: a40a61f201918fbc790a65704144a356a9935bcf
                SHA256: fc4afb5f25c664b853f4f02b30fd1ea531a6ca1e54cc4afd2ff9f18e6e4f9c85
                SHA512: 1d9d53d6a07ea217cfab19391a30c1b1054055fcba1718afd2f05bb0e9d5235b
                5f55544e0dd636e63b80c346932aa0343f3aa67239021f7b41239c2e01f1c4bd
                PEiD..: -
                PEInfo: PE Structure information

                ( base data )
                entrypointaddress.: 0x5d319d96
                timedatestamp.....: 0x3d39c9ce (Sat Jul 20 20:36:30 2002)
                machinetype.......: 0x14c (I386)

                ( 5 sections )
                name viradd virsiz rawdsiz ntrpy md5
                .text 0x1000 0x21e16 0x22000 6.50 a8fdfe5b3a04b328c72f9689a5323602
                .rdata 0x23000 0x4a54 0x4c00 6.05 f625e1474a7140af787fc08641066a36
                .data 0x28000 0x25f4 0x1e00 4.63 7de50449f0de00fdfdd3b4171fb20b46
                .rsrc 0x2b000 0xfa08 0xfc00 5.05 be9cf84b25c0fce42eb5555871c3599d
                .reloc 0x3b000 0x33c2 0x3400 6.33 1191dac6b689d1c3f3808fc24e39d1b8

                ( 9 imports )
                > urlmon.dll: CreateURLMoniker
                > KERNEL32.dll: WideCharToMultiByte, FreeLibrary, SizeofResource, GetLastError, LoadLibraryExA, lstrcpynA, IsDBCSLeadByte, GetProcAddress, LoadLibraryA, lstrcpyA, lstrcatA, MulDiv, GetFullPathNameA, GetPrivateProfileStringA, GetFileAttributesA, GetEnvironmentVariableA, LocalAlloc, lstrcpyW, GetShortPathNameA, SearchPathA, WritePrivateProfileStringA, GetPrivateProfileSectionA, Sleep, GetModuleFileNameA, InterlockedIncrement, InterlockedDecrement, LeaveCriticalSection, EnterCriticalSection, HeapCreate, GetVersionExA, HeapSize, HeapDestroy, CloseHandle, HeapAlloc, HeapFree, HeapReAlloc, WaitForSingleObject, CreateSemaphoreA, DebugBreak, ExitProcess, GetWindowsDirectoryA, DisableThreadLibraryCalls, GetUserDefaultLCID, GlobalLock, GlobalUnlock, GlobalAlloc, FindResourceA, LoadResource, LockResource, GlobalHandle, GlobalFree, FreeResource, IsBadReadPtr, LocalFree, ReadFile, CreateFileA, lstrcmpiA, GetCurrentThreadId, GetCurrentProcess, FlushInstructionCache, lstrcmpA, lstrlenW, ReleaseSemaphore, InitializeCriticalSection, DeleteCriticalSection, lstrlenA, MultiByteToWideChar, LocalReAlloc
                > USER32.dll: OffsetRect, EqualRect, IntersectRect, wvsprintfA, IsRectEmpty, MessageBoxW, SendDlgItemMessageA, CreateDialogParamA, IsIconic, GetCursorPos, PostMessageA, LoadIconA, SetForegroundWindow, DestroyMenu, TrackPopupMenu, AppendMenuA, CreatePopupMenu, FindWindowA, CharUpperA, CharLowerA, CharUpperW, CharLowerW, CharPrevA, PtInRect, GetKeyState, GetDialogBaseUnits, IsDialogMessageA, WinHelpA, ShowWindow, CharNextA, MessageBoxA, LoadStringA, SetWindowRgn, GetWindowTextA, SetWindowTextA, DialogBoxIndirectParamA, SystemParametersInfoA, MapWindowPoints, GetDlgItem, EnumChildWindows, SetDlgItemTextA, EndDialog, SetCursor, MoveWindow, LoadCursorA, RegisterClassExA, CreateWindowExA, GetClassNameA, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableA, GetParent, GetDC, GetDesktopWindow, ReleaseDC, CallWindowProcA, GetFocus, IsChild, GetWindow, SetFocus, DefWindowProcA, FrameRect, InflateRect, BeginPaint, FillRect, GetWindowTextLengthA, UnionRect, EndPaint, GetClientRect, GetWindowRect, DestroyWindow, RedrawWindow, IsWindow, SetWindowPos, GetSysColor, RegisterWindowMessageA, GetSystemMetrics, SendMessageA, GetActiveWindow, wsprintfA, GetWindowLongA, SetWindowLongA, ShowScrollBar, GetClassInfoExA
                > GDI32.dll: GetDeviceCaps, GetObjectA, GetTextExtentPointA, GetTextMetricsA, CreateFontIndirectA, CreateRectRgnIndirect, DeleteMetaFile, CloseMetaFile, RestoreDC, GetStockObject, SetWindowOrgEx, SaveDC, CreateMetaFileA, SetViewportOrgEx, SetMapMode, LPtoDP, CreateDCA, CreateBitmap, CreatePatternBrush, SetROP2, SetBkMode, PatBlt, CreateSolidBrush, DeleteObject, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, BitBlt, SetWindowExtEx, DeleteDC
                > ADVAPI32.dll: RegEnumKeyExA, RegQueryValueExA, RegEnumValueA, RegQueryInfoKeyA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegCreateKeyExA, RegDeleteKeyA, RegOpenKeyExA
                > SHELL32.dll: ShellExecuteA
                > ole32.dll: OleLoadFromStream, CreateOleAdviseHolder, CoGetMalloc, CreateBindCtx, OleSaveToStream, WriteClassStm, CreateDataAdviseHolder, OleRegGetMiscStatus, OleRegGetUserType, OleRegEnumVerbs, CoTaskMemRealloc, CLSIDFromString, CLSIDFromProgID, OleUninitialize, OleInitialize, CreateStreamOnHGlobal, OleLockRunning, CoTaskMemAlloc, StringFromCLSID, CoTaskMemFree, CoCreateInstance
                > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
                > COMCTL32.dll: ImageList_LoadImageA, CreateToolbarEx

                ( 4 exports )
                DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

                en de nieuwe HijackThislog:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 19:42:03, on 14/05/2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                C:\WINDOWS\system32\nvsvc32.exe
                C:\WINDOWS\system32\IoctlSvc.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Canon\CAL\CALMAIN.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\SOUNDMAN.EXE
                C:\WINDOWS\system32\RUNDLL32.EXE
                C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                C:\Program Files\Messenger\msmsgs.exe
                C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\LevelOne\Common\RaUI.exe
                C:\Program Files\SpywareGuard\sgmain.exe
                C:\Program Files\SpywareGuard\sgbhp.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                C:\Program Files\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
                O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                O4 - Global Startup: Levelone Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://194.78.112.62/Rawflow.cab
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156007354828
                O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
                O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
                O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

                --
                End of file - 7077 bytes


                Jaman wat een boeltje, is het zo erg? of standaard erg?
                hehe

                Bedankt,
                na de vorige kuur al HEEL WAT stukken beter.

                Comment


                • #9
                  Hoi,

                  Alles ziet er weer schoon uit.
                  Doe nog wel even het volgende:

                  Je Java software is verouderd.
                  Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                  Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

                  Download Java Runtime Environment (JRE) 6u6.
                  • Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
                  • Klik op de "Download" knop aan de rechterkant.
                  • Vink aan: "Accept License Agreement".
                  • De pagina zal herladen.
                  • Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                  • Na het verwijderen van alle oudere versies, herstart je pc.
                  • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                  Ga naar de Windows update site en haal alle updates op, dit ter bescherming van je pc.
                  Lees deze pagina eens door om herinfectie te voorkomen.

                  Je mag HijackThis weer verwijderen.

                  Je mag ComboFix deïnstalleren door het volgende te doen:
                  Ga naar Start > Uitvoeren en typ daar combofix /u.
                  Dit zal ComboFix doen deïnstalleren en alle, evetueel geïnfecteerde systeemherstelpunten verwijderen.


                  Succes
                  Met vriendelijke groet,
                  Blackbird

                  Comment


                  • #10
                    bedankt voor alles

                    veel succes in de toekomst

                    bye bye

                    Comment


                    • #11
                      Graag gedaan hoor.
                      Met vriendelijke groet,
                      Blackbird

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X