Mededeling

Collapse
No announcement yet.

Malware op pc: virusscanner, AdAware en Spybot zijn niet afdoende!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Malware op pc: virusscanner, AdAware en Spybot zijn niet afdoende!

    AUB Help, mijn pc bevat hardnekkige malware. Het runnen van AdAware 2007 en Spybot biedt geen soelaas. NOD32 meldt als bedreiging:

    - Win32/Adware.Virtumonde applicatie (met verschillende bestanden, waaronder C:\windows\system32\cbXPhHax.dll)
    - Variant van Win32/Adware.WinFixer applicatie (Bestand: C:\windows\temp\pkff.tmp)
    - Win32/Adware.AVSystemCare applicatie (bestand: C:\windows\temp\pk100.tmp)

    Bij voorbaat dank,
    Johan

    HIER ONDER DE LOGFILE VAN HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:22:21, on 19-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    D:\Blokker Bestelsoftware\Agent.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    D:\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} - C:\WINDOWS\system32\opnOgeCt.dll (file missing)
    O2 - BHO: (no name) - {7F0E3BD4-0023-4D85-AC40-049AC7784F10} - C:\WINDOWS\system32\cbXPhHax.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {AC13DE0F-80D2-4D3D-A56A-35E4F9A49004} - C:\WINDOWS\system32\byXRhFvs.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BFD4F716-D71E-4200-81DB-E5EDA21529C4} - C:\WINDOWS\system32\fccbCuuS.dll (file missing)
    O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "D:\Blokker Bestelsoftware\Agent.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BM4ff4a650] Rundll32.exe "C:\WINDOWS\system32\aeygiluy.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [E06NXLRD_3350343] "D:\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13618d1796b2ac0b7220/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128091259156
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://activex.microsoft.com/activex/controls/museum/MSSurVid.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: opnOgeCt - opnOgeCt.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 13390 bytes

  • #2
    Download MBAM (Malwarebytes' Anti-Malware) via hier of hier.
    • Dubbelklik op mbam-setup.exe om het programma te installeren.
      • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
      • Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
      • Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
      • De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
      • Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

      Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
      Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    Groet,
    Pimmerd

    Comment


    • #3
      Logs van MBAM en HiJack

      Pimmerd, hierbij de logs van MBAM en HiJack, na het runnen van MBAM.

      Thanks so far.
      Johan van der Spoel


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 0:19:25, on 22-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\Eset\nod32kui.exe
      D:\Blokker Bestelsoftware\Agent.exe
      C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      D:\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      C:\Program Files\SPAMfighter\sfus.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\msiexec.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: (no name) - {AC13DE0F-80D2-4D3D-A56A-35E4F9A49004} - C:\WINDOWS\system32\byXRhFvs.dll (file missing)
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: (no name) - {B2EBD49D-3210-48D7-B6F7-1156BCB757EC} - (no file)
      O2 - BHO: (no name) - {BFD4F716-D71E-4200-81DB-E5EDA21529C4} - C:\WINDOWS\system32\fccbCuuS.dll (file missing)
      O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "D:\Blokker Bestelsoftware\Agent.exe"
      O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [E06NXLRD_3350343] "D:\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2006 DVD\EDICT.EXE" -m
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
      O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13618d1796b2ac0b7220/netzip/RdxIE601.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128091259156
      O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://activex.microsoft.com/activex/controls/museum/MSSurVid.cab
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O20 - Winlogon Notify: opnOgeCt - opnOgeCt.dll (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

      --
      End of file - 13329 bytes




      Malwarebytes' Anti-Malware 1.12
      Database versie: 775

      Scan type: Snelle Scan
      Objecten gescand: 44003
      Verstreken tijd: 7 minute(s), 4 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 1
      Registersleutels geïnfecteerd: 16
      Registerwaarden geïnfecteerd: 2
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 19

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\cbXPhHax.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ebd49d-3210-48d7-b6f7-1156bcb757ec} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{b2ebd49d-3210-48d7-b6f7-1156bcb757ec} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{79e9bb14-a5f2-46e0-b996-fb3d571dd3e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4ff4a650 (Trojan.Agent) -> Quarantined and deleted successfully.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxphhax -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxphhax -> Delete on reboot.

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\ajxcnota.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\atoncxja.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\byXRhFvs.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\svFhRXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\svFhRXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\cbXPhHax.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\xaHhPXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\xaHhPXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\toiotinw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wnitoiot.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
      C:\Documents and Settings\SPOEL\Local Settings\Temp\aohdhrlk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\SPOEL\Local Settings\Temp\jmnfwlqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\SPOEL\Local Settings\Temp\pjgwwvbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\SPOEL\Local Settings\Temp\qigqfuue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\SPOEL\Local Settings\Temp\ydlckaia.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\SPOEL\Local Settings\Temporary Internet Files\Content.IE5\IV2JPQ8C\hctp[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\SPOEL\Local Settings\Temporary Internet Files\Content.IE5\NMHBEBVL\glas[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nnnmnnnN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

      Comment


      • #4
        Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
        - Start Spybot
        - Ga naar Mode > selecteer Advanced Mode
        - Ga naar Tools en klik op het Resident-icoon in de lijst
        - Haal het vinkje weg bij Resident TeaTimer en klik OK
        - Herstart de computer
        - Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
        Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

        Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

        O2 - BHO: (no name) - {AC13DE0F-80D2-4D3D-A56A-35E4F9A49004} - C:\WINDOWS\system32\byXRhFvs.dll (file missing)
        O2 - BHO: (no name) - {B2EBD49D-3210-48D7-B6F7-1156BCB757EC} - (no file)
        O2 - BHO: (no name) - {BFD4F716-D71E-4200-81DB-E5EDA21529C4} - C:\WINDOWS\system32\fccbCuuS.dll (file missing)
        O20 - Winlogon Notify: opnOgeCt - opnOgeCt.dll (file missing)

        Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

        Download dit bestand: zoek.exe
        Dubbelklik het, na een tijdje opent er een logje.
        Post de inhoud van dit logje in je volgende bericht.
        Groet,
        Pimmerd

        Comment


        • #5
          Logje van Zoek.exe

          Pimmerd, hierbij de resultaten van het logje.

          Overigens, na het dubbelklikken van resetteatimer moest ik nog twee keer een toets in drukken om de 'dos-box' te laten doorlopen. Ik neem aan dat hiermee de entries zijn verwijderd.

          Thanks again
          Johan



          ======C:\WINDOWS====
          ----a-w 0 2008-05-22 17:56:51 C:\WINDOWS\0.log
          ----a-w 494 2008-04-20 15:27:10 C:\WINDOWS\Addodemo.ini
          ----a-w 102,560 2008-04-23 17:29:38 C:\WINDOWS\BM4ff4a650.txt
          ----a-w 109,734 2008-04-25 14:04:07 C:\WINDOWS\BM4ff4a650.xml
          --s-a-w 2,048 2008-05-22 17:56:25 C:\WINDOWS\bootstat.dat
          ------r 127,034 2008-03-31 17:03:11 C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
          ----a-w 306,564 2008-05-18 07:30:47 C:\WINDOWS\comsetup.log
          ----a-w 191 2008-04-23 09:58:57 C:\WINDOWS\cookies.ini
          ----a-w 342 2008-04-20 15:27:10 C:\WINDOWS\EDUPAK3.INI
          ----a-w 13,246 2008-04-20 15:27:16 C:\WINDOWS\Edurom29.isu
          ----a-w 49 2008-03-13 18:46:13 C:\WINDOWS\entpack.ini
          ----a-w 1,009,900 2008-05-18 07:30:47 C:\WINDOWS\FaxSetup.log
          ----a-w 158,274 2008-05-18 07:30:47 C:\WINDOWS\iis6.log
          ----a-w 1,355 2008-04-09 20:46:18 C:\WINDOWS\imsins.BAK
          ----a-w 1,374 2008-05-18 07:30:47 C:\WINDOWS\imsins.log
          ----a-w 12,690 2008-03-29 13:50:09 C:\WINDOWS\KB926239.log
          ----a-w 17,875 2008-04-09 20:46:12 C:\WINDOWS\KB941693.log
          ----a-w 11,869 2008-04-09 20:44:33 C:\WINDOWS\KB945553.log
          ----a-w 19,784 2008-04-09 20:46:04 C:\WINDOWS\KB947864-IE7.log
          ----a-w 11,884 2008-04-09 20:45:42 C:\WINDOWS\KB948590.log
          ----a-w 13,515 2008-04-09 20:46:18 C:\WINDOWS\KB948881.log
          ----a-w 13,882 2008-05-18 07:30:47 C:\WINDOWS\KB950749.log
          ----a-w 556 2008-04-24 13:21:24 C:\WINDOWS\lexstat.ini
          ----a-w 10,512 2008-03-29 13:49:34 C:\WINDOWS\MSCompPackV1.log
          ----a-w 51,211 2008-05-18 07:30:47 C:\WINDOWS\msgsocm.log
          ----a-w 69 2008-05-20 16:44:16 C:\WINDOWS\NeroDigital.ini
          ----a-w 186,994 2008-05-18 07:30:47 C:\WINDOWS\ntdtcsetup.log
          ----a-w 519,114 2008-05-18 07:30:47 C:\WINDOWS\ocgen.log
          ----a-w 51,093 2008-05-18 07:30:47 C:\WINDOWS\ocmsn.log
          ----a-w 22 2008-04-26 02:46:38 C:\WINDOWS\pskt.ini
          ----a-w 1,409 2008-04-03 14:25:39 C:\WINDOWS\QTFont.for
          ---ha-w 54,156 2008-05-22 17:56:35 C:\WINDOWS\QTFont.qfn
          ----a-w 32,570 2008-05-22 17:55:14 C:\WINDOWS\SchedLgU.Txt
          ----a-w 887,463 2008-05-20 16:59:41 C:\WINDOWS\setupapi.log
          ----a-w 87,235 2008-03-31 07:18:39 C:\WINDOWS\spupdsvc.log
          ----a-w 227 2008-04-23 16:59:12 C:\WINDOWS\system.ini
          ----a-w 397,671 2008-05-18 07:30:47 C:\WINDOWS\tsoc.log
          ----a-w 2,553 2008-04-22 18:45:53 C:\WINDOWS\unins000.dat
          ----a-w 691,545 2008-04-22 18:10:48 C:\WINDOWS\unins000.exe
          ----a-w 93,047 2008-04-09 20:45:56 C:\WINDOWS\updspapi.log
          ----a-w 159 2008-05-22 17:56:50 C:\WINDOWS\wiadebug.log
          ----a-w 49 2008-05-22 17:56:50 C:\WINDOWS\wiaservc.log
          ----a-w 634 2008-04-23 16:59:12 C:\WINDOWS\win.ini
          ----a-w 1,206,474 2008-05-22 17:55:17 C:\WINDOWS\WindowsUpdate.log
          ----a-w 385 2008-04-23 10:57:08 C:\WINDOWS\wininit.ini
          ----a-w 51,809 2008-03-29 13:48:10 C:\WINDOWS\WMFDist11.log
          ----a-w 34,486 2008-03-29 13:49:20 C:\WINDOWS\wmp11.log
          ----a-w 201,875 2008-04-20 18:56:22 C:\WINDOWS\wmsetup.log
          ----a-w 5,889 2008-03-29 13:49:20 C:\WINDOWS\wmsetup10.log
          ----a-w 12,745 2008-03-29 13:47:02 C:\WINDOWS\Wudf01000Inst.log

          Entries: 50 (48)
          Directories: 0 Files: 50
          Bytes: 6,516,616 Blocks: 12,753
          ======C:\WINDOWS\system32=====
          ----a-w 16,832 2008-03-29 13:49:17 C:\WINDOWS\System32\amcompat.tlb
          ------w 272,384 2008-05-21 22:13:37 C:\WINDOWS\System32\cbXPhHax.dll
          ----a-w 272,384 2008-04-24 17:20:23 C:\WINDOWS\System32\cbXPhHax.Vdll
          ----a-w 0 2008-05-21 14:16:05 C:\WINDOWS\System32\clkcnt.txt
          ----a-w 152,384 2008-04-10 08:33:37 C:\WINDOWS\System32\FNTCACHE.DAT
          --sh--w 1,540,677 2008-04-22 19:13:51 C:\WINDOWS\System32\herkfhar.ini
          ----a-w 268 2008-05-18 13:22:09 C:\WINDOWS\System32\imon1.dat
          ----a-w 6,300 2008-04-10 14:41:30 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
          ----a-w 1,480,232 2008-03-20 17:06:36 C:\WINDOWS\System32\LegitCheckControl.DLL
          ----a-w 12,632 2008-04-23 11:07:58 C:\WINDOWS\System32\lsdelete.exe
          ----a-w 4,546 2008-03-31 18:24:18 C:\WINDOWS\System32\lvcoinst.log
          ----a-w 16,863,864 2008-05-09 21:35:04 C:\WINDOWS\System32\MRT.exe
          ----a-w 206 2008-05-18 07:29:54 C:\WINDOWS\System32\MRT.INI
          ----a-w 518,944 2008-03-25 04:50:28 C:\WINDOWS\System32\msexch40.dll
          ----a-w 326,432 2008-03-25 04:50:30 C:\WINDOWS\System32\msexcl40.dll
          ----a-w 722 2008-04-08 10:14:14 C:\WINDOWS\System32\MsiExec.exe.log
          ----a-w 1,516,568 2008-03-25 04:50:34 C:\WINDOWS\System32\msjet40.dll
          ----a-w 355,112 2008-03-25 04:50:40 C:\WINDOWS\System32\msjetoledb40.dll
          ----a-w 183,072 2008-03-25 04:51:56 C:\WINDOWS\System32\msjint40.dll
          ----a-w 60,192 2008-03-25 04:50:42 C:\WINDOWS\System32\msjter40.dll
          ----a-w 248,608 2008-03-25 04:50:42 C:\WINDOWS\System32\msjtes40.dll
          ----a-w 219,936 2008-03-25 04:50:44 C:\WINDOWS\System32\msltus40.dll
          ----a-w 355,104 2008-03-25 04:50:45 C:\WINDOWS\System32\mspbde40.dll
          ----a-w 432,928 2008-03-25 04:50:47 C:\WINDOWS\System32\msrd2x40.dll
          ----a-w 322,336 2008-03-25 04:50:49 C:\WINDOWS\System32\msrd3x40.dll
          ----a-w 559,904 2008-03-25 04:50:52 C:\WINDOWS\System32\msrepl40.dll
          ----a-w 264,992 2008-03-25 04:50:55 C:\WINDOWS\System32\mstext40.dll
          ----a-w 838,432 2008-03-25 04:50:57 C:\WINDOWS\System32\mswdat10.dll
          ----a-w 621,344 2008-03-25 04:51:56 C:\WINDOWS\System32\mswstr10.dll
          ----a-w 355,104 2008-03-25 04:50:58 C:\WINDOWS\System32\msxbde40.dll
          ----a-w 23,392 2008-03-29 13:49:17 C:\WINDOWS\System32\nscompat.tlb
          ----a-w 64,372 2008-04-12 17:46:51 C:\WINDOWS\System32\perfc009.dat
          ----a-w 84,272 2008-04-12 17:46:51 C:\WINDOWS\System32\perfc013.dat
          ----a-w 409,232 2008-04-12 17:46:51 C:\WINDOWS\System32\perfh009.dat
          ----a-w 474,788 2008-04-12 17:46:51 C:\WINDOWS\System32\perfh013.dat
          ----a-w 998,926 2008-04-12 17:46:51 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 57,344 2008-03-28 21:37:26 C:\WINDOWS\System32\QuickTime.qts
          ----a-w 90,112 2008-03-28 21:37:26 C:\WINDOWS\System32\QuickTimeVR.qtx
          ----a-w 97,856 2008-04-23 13:55:47 C:\WINDOWS\System32\skhvhfvm.dll
          --sha-w 205,866 2008-04-22 19:30:21 C:\WINDOWS\System32\SuuCbccf.ini
          --sha-w 205,866 2008-04-22 19:28:35 C:\WINDOWS\System32\SuuCbccf.ini2
          ----a-w 66 2008-03-28 20:19:29 C:\WINDOWS\System32\sysmwwod.dll
          ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
          ----a-w 13,646 2008-05-18 07:16:08 C:\WINDOWS\System32\wpa.dbl
          --sha-w 358,895 2008-05-21 22:15:44 C:\WINDOWS\System32\xaHhPXbc.ini
          --sha-w 358,895 2008-05-21 22:14:29 C:\WINDOWS\System32\xaHhPXbc.ini2

          Entries: 46 (41)
          Directories: 0 Files: 46
          Bytes: 33,091,343 Blocks: 64,653
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 8,320 2008-04-23 11:07:59 C:\WINDOWS\System32\drivers\AWRTRD.sys
          ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
          ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
          ----a-w 9,344 2008-04-23 11:08:00 C:\WINDOWS\System32\drivers\NSDriver.sys

          Entries: 4 (4)
          Directories: 0 Files: 4
          Bytes: 60,576 Blocks: 120
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          --sha-r 211 2008-04-23 16:59:12 C:\boot.ini
          --sha-w 805,306,368 2008-05-22 17:56:20 C:\pagefile.sys

          Entries: 2 (0)
          Directories: 0 Files: 2
          Bytes: 805,306,579 Blocks: 1,572,865
          ======C:\Documents and Settings\SPOEL\Application Data======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\SPOEL======
          ----a-w 1,024 2008-04-08 10:06:39 C:\Documents and Settings\SPOEL\.rnd
          ----a-w 9,437,184 2008-05-22 17:55:31 C:\Documents and Settings\SPOEL\ntuser.dat
          ---ha-w 40,960 2008-05-22 18:14:46 C:\Documents and Settings\SPOEL\NTUSER.DAT.LOG
          --sh--w 288 2008-05-22 17:55:07 C:\Documents and Settings\SPOEL\ntuser.ini

          Entries: 4 (2)
          Directories: 0 Files: 4
          Bytes: 9,479,456 Blocks: 18,515
          ======C:\WINDOWS\Downloaded Program Files====
          ----a-w 1,896,784 2008-03-12 11:51:48 C:\WINDOWS\Downloaded Program Files\JordanApplet.dll
          ----a-w 367 2008-03-20 14:10:04 C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

          Entries: 2 (2)
          Directories: 0 Files: 2
          Bytes: 1,897,151 Blocks: 3,706
          =============

          Comment


          • #6
            Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\pskt.ini
            C:\WINDOWS\System32\cbXPhHax.dll
            C:\WINDOWS\System32\herkfhar.ini
            C:\WINDOWS\System32\cbXPhHax.Vdll
            C:\WINDOWS\System32\SuuCbccf.ini
            C:\WINDOWS\System32\SuuCbccf.ini2
            C:\WINDOWS\System32\skhvhfvm.dll
            C:\WINDOWS\System32\sysmwwod.dll
            C:\WINDOWS\System32\xaHhPXbc.ini
            C:\WINDOWS\System32\xaHhPXbc.ini2
            ) DO (
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Sla het vervolgens op als fix.bat op je Bureaublad
            Kies bij Opslaan als type voor Alle bestanden.

            Dubbelklik vervolgens op Fix.bat en post de uitslag in je volgende bericht.
            Hoe is het met je problemen?
            Groet,
            Pimmerd

            Comment


            • #7
              Resultaat fix.bat

              Problemen manifesteren zich niet meer na de eerste keer runnen van MBAM. Ook NOD32 geeft sindsdien geen meldingen meer. Het lijkt goed te gaan dus.

              Hierbij de uitslag van fix.bat

              Deleting files
              C:\WINDOWS\pskt.ini deleted
              C:\WINDOWS\System32\cbXPhHax.dll deleted
              C:\WINDOWS\System32\herkfhar.ini deleted
              C:\WINDOWS\System32\cbXPhHax.Vdll deleted
              C:\WINDOWS\System32\SuuCbccf.ini deleted
              C:\WINDOWS\System32\SuuCbccf.ini2 deleted
              C:\WINDOWS\System32\skhvhfvm.dll deleted
              C:\WINDOWS\System32\sysmwwod.dll deleted
              C:\WINDOWS\System32\xaHhPXbc.ini deleted
              C:\WINDOWS\System32\xaHhPXbc.ini2 deleted


              Thanks,
              Johan

              Comment


              • #8
                Dat ziet er goed uit Johan

                De gebruikte tools mag je weer verwijderen.

                Download ATF Cleaner (by Atribune)

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
                Groet,
                Pimmerd

                Comment


                • #9
                  ATF-cleaner gedraaid

                  Pimmerd, actie met ATF-cleaner uitgevoerd. Thanks again.

                  Is de opschoonactie hiermee afgerond en is de pc malware-vrij?


                  Johan

                  Comment


                  • #10
                    Klopt Johan, het ziet er allemaal goed uit

                    Lees deze beveiligingstips eens door:
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      Bedankt voor de hulp

                      Donatie gedaan.

                      Comment


                      • #12
                        Bedankt Johan
                        Veel surfplezier.
                        Groet,
                        Pimmerd

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X