Ga naar inhoud

[OPGELOST] mogelijke besmetting


Aanbevolen berichten

beste mensen,

ik kreeg net het volgende logje binnen.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:13:45, on 28-1-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

D:\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Labtec\WebCam10\WebCam10.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll

O3 - Toolbar: ekxdvft - {D7257984-3F99-4D51-87C6-4D5E111DEBA9} - C:\WINDOWS\ekxdvft.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PcSync] D:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O21 - SSODL: adsoowf - {ABF011E1-51EE-4815-B9A4-691EEC5AA9C9} - C:\WINDOWS\adsoowf.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 7664 bytes

is er hier echt iets mis?

de eigenaar van de pc denkt zelf van wel, de taakbalk doet namelijk erg vreemd. (verdwijnen van snelstarten en niet terug kunnen plaatsen) en nog andere dingen.

met

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

lijkt iets niet helemaal goed (volgens een site)

bedankt voor de hulp.

Mv.Gr

Yannick

Link naar reactie
Delen op andere sites


Hoi Yannick,

Dat moet de klassieker "Privacy is in danger" zijn. Heeft de betrokkene geen last van pop-ups, e.d. ?

Laat hem alvast met dit beginnen :

Download Combofix.exe en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll

O3 - Toolbar: ekxdvft - {D7257984-3F99-4D51-87C6-4D5E111DEBA9} - C:\WINDOWS\ekxdvft.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O21 - SSODL: adsoowf - {ABF011E1-51EE-4815-B9A4-691EEC5AA9C9} - C:\WINDOWS\adsoowf.dll

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Post dan het log van Combofix en een nieuw log van HJT in een volgend bericht.

Link naar reactie
Delen op andere sites


Hallo Kape

ik zal het vanmiddag eens uitproberen maar wat jij verwoord hebt klopt ook wel ik zal nog wel een prtscreentje maken van wat er achter op mijn bureaublad komt te verschijnen;) dan staat er iets van "Spyware found on your computer blablabla" en dat staat dan geheel over mijn achtergrond......!

vriendelijk bedankt alvast je hoort nog van mij

Link naar reactie
Delen op andere sites

Beste Kape..,, hier heb jij mijn COmbofix log-je! :P

ComboFix 08-01-29.3 - Stefan 2008-01-31 23:24:52.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.219 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Stefan\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\dat.txt

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\search_res.txt

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://softworldnetwork.com

.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))

.

2008-01-28 14:12 . 2008-01-28 14:12 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-28 07:13 . 2008-01-28 07:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-01-27 23:15 . 2008-01-28 14:12 <DIR> d-------- C:\Program Files\Advanced Spyware Remover Pro

2008-01-27 23:15 . 2006-01-01 01:04 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll

2008-01-27 20:54 . 2008-01-27 20:54 <DIR> d-------- C:\Program Files\AWS

2008-01-27 20:42 . 2008-01-27 13:56 299,008 --a------ C:\WINDOWS\dntpkwolxs.dll

2008-01-27 20:42 . 2008-01-27 13:56 286,720 --a------ C:\WINDOWS\adsoowf.dll

2008-01-27 20:42 . 2008-01-27 13:56 204,800 --a------ C:\WINDOWS\ekxdvft.dll

2008-01-27 20:42 . 2008-01-27 13:56 90,112 --a------ C:\WINDOWS\ffvrdgt.exe

2008-01-27 20:25 . 2008-01-31 19:12 <DIR> d-------- C:\Program Files\GameSpy Arcade

2008-01-27 19:49 . 2008-01-27 20:03 <DIR> d-------- C:\Program Files\Fox

2008-01-27 19:49 . 2008-01-27 19:56 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

2008-01-27 19:49 . 2008-01-27 19:56 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll

2008-01-27 19:49 . 2008-01-27 19:56 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

2008-01-20 14:17 . 2008-01-20 14:17 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\SAMSUNG

2008-01-18 16:37 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-01-18 16:36 . 2008-01-18 16:37 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-01-18 16:36 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys

2008-01-18 16:36 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys

2008-01-18 16:36 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys

2008-01-18 16:36 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys

2008-01-18 16:36 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys

2008-01-18 16:36 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys

2008-01-18 16:36 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys

2008-01-18 16:36 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-01-18 16:36 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-18 16:35 . 2008-01-18 16:35 <DIR> d-------- C:\Program Files\Samsung

2008-01-18 16:35 . 2008-01-18 16:35 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-01-05 15:17 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-01-05 15:17 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-01-05 15:17 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-01-05 15:17 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-01-05 15:17 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-01-05 15:17 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-01-05 15:17 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-01-05 15:17 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-01-05 15:17 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-01-05 15:16 . 2008-01-05 15:17 <DIR> d-------- C:\WINDOWS\system32\nl-nl

2008-01-05 15:14 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2008-01-04 20:47 . 2004-08-04 01:03 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2008-01-04 20:47 . 2004-08-04 01:03 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2008-01-04 20:43 . 2008-01-04 20:43 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2008-01-04 20:43 . 2008-01-04 20:43 <DIR> d-------- C:\Program Files\Common Files\Labtec

2008-01-04 20:43 . 2007-03-06 17:54 527,136 --a------ C:\WINDOWS\system32\LVUI2RC.dll

2008-01-04 20:43 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS

2008-01-04 20:43 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll

2008-01-04 20:43 . 2007-03-06 17:50 264,992 --a------ C:\WINDOWS\system32\lvcodec2.dll

2008-01-04 20:43 . 2007-03-06 17:54 215,840 --a------ C:\WINDOWS\system32\LVUI2.dll

2008-01-04 20:43 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll

2008-01-04 20:43 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini

2008-01-04 20:43 . 2007-03-06 17:54 41,376 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2008-01-04 20:43 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg

2008-01-04 20:36 . 2008-01-04 20:42 <DIR> d-------- C:\Program Files\Labtec

2008-01-03 17:47 . 2008-01-03 17:47 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\dvdcss

2007-12-25 22:43 . 2001-08-11 11:47 159,811 --a------ C:\WINDOWS\system32\wnaspi32.dll

2007-12-22 01:14 . 1998-10-07 20:16 148,480 --a------ C:\WINDOWS\UNWISE.EXE

2007-12-09 12:44 . 2007-12-09 12:44 <DIR> d-------- C:\Program Files\Codemasters

2007-12-06 00:54 . 2007-12-06 00:55 <DIR> d-------- C:\Program Files\MyVideoDaily2

2007-12-06 00:54 . 2008-01-27 21:35 <DIR> d-------- C:\Program Files\MyDailyVideo

2007-12-06 00:27 . 2007-12-06 00:27 <DIR> d-------- C:\Program Files\AviSynth 2.5

2007-12-06 00:27 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll

2007-12-06 00:27 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe

2007-12-06 00:27 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll

2007-12-06 00:27 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll

2007-12-06 00:27 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe

2007-12-06 00:27 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe

2007-12-06 00:27 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-12-06 00:27 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll

2007-12-06 00:27 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe

2007-12-06 00:27 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll

2007-12-06 00:15 . 2007-12-06 00:15 <DIR> d-------- C:\Program Files\eRightSoft

2007-12-03 13:01 . 2007-12-03 13:01 <DIR> d-------- C:\Documents and Settings\Stefan\.netbeans

2007-12-03 12:56 . 2007-12-03 12:57 <DIR> d-------- C:\Program Files\netbeans-5.5.1

2007-12-02 14:07 . 2007-12-02 14:08 95 --a------ C:\WINDOWS\system32\productregistry

2007-12-02 14:06 . 2007-12-02 14:06 <DIR> d-------- C:\Sun

2007-12-02 13:42 . 2007-12-02 14:04 <DIR> d-------- C:\Documents and Settings\Stefan\.SunDownloadManager

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-30 20:54 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-01-28 22:55 --------- d-----w C:\Documents and Settings\Stefan\Application Data\FrostWire

2008-01-28 15:09 --------- d-----w C:\Program Files\PokerStars

2008-01-28 06:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-27 22:07 --------- d-----w C:\Program Files\Rockstar Games

2008-01-22 22:54 --------- d-----w C:\Program Files\Image-Line

2007-12-29 15:30 --------- d-----w C:\Program Files\EA Sports

2007-12-22 00:14 --------- d-----w C:\Program Files\Native Instruments

2007-12-22 00:13 2,740 ----a-w C:\Program Files\Absynth 1.3 prefs.ini

2007-12-18 20:48 --------- d-----w C:\Program Files\MSN Messenger

2007-12-03 15:23 --------- d-----w C:\Program Files\FrostWire

2007-12-03 11:48 --------- d-----w C:\Program Files\Java

2007-12-03 11:44 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-11-29 14:25 --------- d-----w C:\Program Files\AAS

2007-11-29 14:03 --------- d-----w C:\Program Files\Steinberg

2007-11-29 13:29 --------- d-----w C:\Program Files\Cubase VST32

2007-11-29 13:21 --------- d-----w C:\Program Files\DreamStation DXi

2007-11-29 13:18 --------- d-----w C:\Program Files\Pro-53

2007-11-29 13:15 --------- d-----w C:\Program Files\IK Multimedia

2007-11-28 12:49 --------- d-----w C:\Program Files\Absynth 1.3

2007-11-28 12:45 --------- d-----w C:\Program Files\Antares

2007-11-28 12:43 --------- d-----w C:\Program Files\SpaceSynthesizer

2007-11-28 12:43 --------- d-----w C:\Program Files\SpaceEffect

2007-11-28 12:39 118,784 ----a-w C:\WINDOWS\dsdxirmv.exe

2007-11-28 12:37 --------- d-----w C:\Documents and Settings\Stefan\Application Data\Steinberg

2007-11-28 12:34 12,172 ----a-w C:\Program Files\INSTALL.LOG

2007-11-28 12:34 --------- d-----w C:\Program Files\Sonitus-fx

2007-11-28 12:32 --------- d-----w C:\Program Files\Translator

2007-11-28 12:09 --------- d-----w C:\Program Files\Bornemark

2007-11-25 20:31 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

<pre>
----a-w         1,422,675 2007-08-28 14:38:00  C:\Documents and Settings\Stefan\Bureaublad\VST Plugins\Lexicon PSP 42 v1.0 .exe
----a-w         5,104,459 2007-08-28 14:31:58  C:\Documents and Settings\Stefan\Bureaublad\VST Plugins\gedaan\NI FM7 Synth Native instruments .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2190857-2B7C-46E1-851B-F8919A2DE836}]

2008-01-27 13:56 299008 --a------ C:\WINDOWS\dntpkwolxs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

"PcSync"="D:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 14:49 860160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06 79224]

"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 13:45 820736]

"PCSuiteTrayApplication"="D:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 14:29 176128]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 21:07 86016]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 17:48 488984]

"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 17:58 1060376]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"adsoowf"= {40151E9A-D80B-40A8-8722-304084C60E12} - C:\WINDOWS\adsoowf.dll [2008-01-27 13:56 286720]

R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-29 21:29]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-31 23:27:09

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-01-31 23:27:37

ComboFix-quarantined-files.txt 2008-01-31 22:27:23

ComboFix2.txt 2008-01-31 16:51:45

.

2008-01-09 11:44:42 --- E O F ---

Link naar reactie
Delen op andere sites


& Dit is het Hijack this Log-je :)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:41:28, on 31-1-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

D:\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Labtec\WebCam10\WebCam10.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

D:\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\MSN Messenger\livecall.exe

D:\VLC player\VLC\vlc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PcSync] D:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O21 - SSODL: adsoowf - {40151E9A-D80B-40A8-8722-304084C60E12} - C:\WINDOWS\adsoowf.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 7325 bytes

Link naar reactie
Delen op andere sites

Ey maar Kape sommige Spykrengen blijven... terug komen bijv deze

O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll

O3 - Toolbar: ekxdvft - {D7257984-3F99-4D51-87C6-4D5E111DEBA9} - C:\WINDOWS\ekxdvft.dll

O21 - SSODL: adsoowf - {ABF011E1-51EE-4815-B9A4-691EEC5AA9C9} - C:\WINDOWS\adsoowf.dll

deze blijven maar terug komen :S raar maar waar

Link naar reactie
Delen op andere sites

Hoi Berky,

Combofix heeft al een deel van je probleem opgelost. Laat ons hiermee even verder gaan.

Download: RVAXO.exe

  • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
  • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
    Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
  • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
  • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder (indien nog aanwezig) genoemd:

O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll

O21 - SSODL: adsoowf - {40151E9A-D80B-40A8-8722-304084C60E12} - C:\WINDOWS\adsoowf.dll

Klik op 'Fix checked' om de items te verwijderen.

Download ATF cleaner

Dubbelklik op ATF cleaner om het programma te starten.

Op het tabblad "Main", plaats je een vinkje bij Select All.

Klik op de knop Empty Selected.

Post de inhoud van de logfile van RVAXO en een nieuw log van HJT in je volgende bericht.

En een vraagje : heb je Pokerstars bewust gedownload en gebruik je dat programma ?

Link naar reactie
Delen op andere sites

Okj mijn dank is groot..,, (A)

maar ik zal het vanmiddag ff uittesten...~!

maar Pokerstarts heb ik bewust gedownload :) & kweet wel dat dat ook een btje troep is maar t is best leuk :P // btw: Gamespy brengt ook zooi meej geloofk ik heb het gedownload & sindsdien heeft hij die spytroep erop ........

Dank u

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen

×
×
  • Nieuwe aanmaken...