Ga naar inhoud
  • 0

Trojan-Clicker!


anoniem

Vraag

Hoi, er is een trojan-clicker in m'n systeem gekomen en ik kan 'm niet weg krijgen. Het gaat om de volgende: Trojan-Clicker.Win32.Delf.Hi en m'n scanner geeft aan dat 'ie bij dit bestandje hoort: system32\ejmaejm.dll. Wie kan me helpen? Logfile of HijackThis v1.99.1 Scan saved at 18:03:13, on 24-4-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\mbvigaaa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijack This\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll [b:5cee4a9f3d]O2 - BHO: (no name) - {D052FF6A-BD16-4298-B8B3-2A7C1BCD9B4F} - c:\windows\system32\ejmaejm.dll[/b:5cee4a9f3d] O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160351498952 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\ejmaejm.dll O20 - Winlogon Notify: xmm13g - xmm13g.dll (file missing) O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adusicidtab - Unknown owner - (no file) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Link naar reactie

19 antwoorden op deze vraag

Aanbevolen berichten

  • 0
Kun je eens volgende bestand :[list:e25b8c4275] C:\WINDOWS\System32\[b:e25b8c4275]mbvigaaa.exe [/b:e25b8c4275][/list:u:e25b8c4275] uploaden naar : [b:e25b8c4275] [url]http://www.bleepingcomputer.com/submit-malware.php?channel=9[/url][/b:e25b8c4275] Hoe ? : [list:e25b8c4275]1. In het eerste venstertje (Link to topic where this file was requested:) kopieer en plak je deze link : [list:e25b8c4275][b:e25b8c4275] http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1199819#1199819 [/b:e25b8c4275][/list:u:e25b8c4275] 2. In het tweede venstertje (Browse to the file you want to submit: ) kopieer en plak (Ctrl-V) je dit :[list:e25b8c4275][b:e25b8c4275]C:\ mbvigaaa.exe [/b:e25b8c4275][/list:u:e25b8c4275] 3. Klik op de [b:e25b8c4275]Send file[/b:e25b8c4275] knop[/list:u:e25b8c4275] [b:e25b8c4275]Als dat is gelukt aub doorgaan met deze fix aub.[/b:e25b8c4275] Download [url=http://users.telenet.be/marcvn/tools/haxfix.exe]haxfix.exe[/url]. Plaats het op je bureaublad. Sluit alle andere programma's en sluit alle open vensters. Dubbelklik op [b:e25b8c4275]haxfix.exe[/b:e25b8c4275]. Het programma wordt nu geinstalleerd in C:\Program Files\HaxFix. Plaats een vinkje om een snelkoppeling op het bureaublad te maken. Plaats daarna ook een vinkje om het programma op te starten. Een rood dos-venster wordt nu geopend. Selecteer nu optie [b:e25b8c4275]1. Make logfile[/b:e25b8c4275] door een 1 in te typen met een Enter. HaxFix zal de computer scannen. Als het programma klaar is wordt een logfile in een notepad geplaatst. Kopieer de inhoud en post dit. (Deel 2 nadat het logfile is gepost) Dubbelklik op de snelkoppeling [b:e25b8c4275]HaxFix[/b:e25b8c4275] die op het bureaublad staat. Selecteer optie 2. [b:e25b8c4275]Run auto fix[/b:e25b8c4275]. Als er een infectie is gevonden zal er een boodschap verschijnen om alle andere toepassingen af te sluiten. Doe dit want de computer moet worden herstart. Geef nu [b:e25b8c4275]Enter[/b:e25b8c4275] en de computer zal opnieuw starten. Als de computer opnieuw gestart is verschijnt er een notepad venster. Post de inhoud van dit venster samen met een nieuwe Hijackthislog.( [b:e25b8c4275]Straks)><<<<<<<[/b:e25b8c4275] Eerst nog deze doen aub. [b:e25b8c4275]<<<<<<<<<<<<<<<<<[/b:e25b8c4275] Download [url=http://users.telenet.be/marcvn/tools/win32delfkil.exe]win32delfkil.exe[/url]. Plaats het op je bureaublad. Sluit alle open vensters want de computer zal herstarten. Dubbelklik op win32delfkil.exe om het tooltje te starten. Na reboot opent er een kladblokbestand. Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
Link naar reactie
  • 0
Hoi, ik moest even mezelf als nieuwe gebruiker aanmelden, want op een of andere manier kon ik niet meer inloggen. maar bij deze.. [quote:3c48b8f00a]Download win32delfkil.exe. Plaats het op je bureaublad. Sluit alle open vensters want de computer zal herstarten. Dubbelklik op win32delfkil.exe om het tooltje te starten. Na reboot opent er een kladblokbestand. Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.[/quote:3c48b8f00a] WIN32DELFKIL LOGFILE - by Marckie version 3.125 di 24-04-2007 18:57:39,74 running from: "C:\Documents and Settings\Rik Steverink\Bureaublad" --- File(s) found in Windows directory --- --- File(s) found in system32 folder --- --- Services --- --- Export SharedTaskScheduler key --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" --- Notify key --- --- rebooting the computer --- --- File(s) found in Windows directory --- --- File(s) found in system32 folder --- --- Services --- --- Export SharedTaskSchedulerkey --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" --- Notify key --- Finished!
Link naar reactie
  • 0
[quote:58d653d7a4]Download haxfix.exe. Plaats het op je bureaublad. Sluit alle andere programma's en sluit alle open vensters. Dubbelklik op haxfix.exe. Het programma wordt nu geinstalleerd in C:\Program Files\HaxFix. Plaats een vinkje om een snelkoppeling op het bureaublad te maken. Plaats daarna ook een vinkje om het programma op te starten. Een rood dos-venster wordt nu geopend. Selecteer nu optie 1. Make logfile door een 1 in te typen met een Enter. HaxFix zal de computer scannen. Als het programma klaar is wordt een logfile in een notepad geplaatst. Kopieer de inhoud en post dit. [/quote:58d653d7a4] HAXFIX logfile - by Marckie version 4.39 di 24-04-2007 19:02:12,28 --- Checking for Haxdoor --- checking for a3d files a3d files not found checking for matching notify keys matching notify keys found xmm13g checking for matching services matching services found Aspi32 xmm13g mmx19g checking for matching safeboot services matching safeboot services found xmm13g.sys mmx19g.sys checking for other Haxdoor-files no other Haxdoor-files found --- Checking for Goldun --- checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for other Goldun-files no other Goldun-files found checking iexplore.exe iexplore.exe is not infected Finished!
Link naar reactie
  • 0
[quote:2ab8a694e0]Selecteer optie 2. Run auto fix. Als er een infectie is gevonden zal er een boodschap verschijnen om alle andere toepassingen af te sluiten. Doe dit want de computer moet worden herstart. Geef nu Enter en de computer zal opnieuw starten. Als de computer opnieuw gestart is verschijnt er een notepad venster. Post de inhoud van dit venster samen met een nieuwe Hijackthislog.( [/quote:2ab8a694e0] HAXFIX logfile - by Marckie version 4.39 di 24-04-2007 19:07:35,96 --- Auto Haxdoorfix --- searching for files: searching for services.... service xmm13g found [SWSC] DeleteService SUCCESS service mmx19g found [SWSC] DeleteService SUCCESS --- Goldunfix --- searching for files: checking iexplore.exe iexplore.exe is not infected searching for SSODLkeys: no SSODLkeys found searching for notifykeys: no notifykeys found searching for services: no services found .....rebooting the computer..... searching for ssodlkeys not needed searching for notifykeys notifykey xmm13g not found searching for services service xmm13g not found service mmx19g not found searching for safeboot services safeboot service xmm13g.sys not found safeboot service mmx19g.sys not found searching for files xmm13g.dll exists deleting xmm13g.dll xmm13g.dll has been deleted mmx19g.sys exists deleting mmx19g.sys mmx19g.sys has been deleted checking for other files wa114.ini exists deleting wa114.ini wa114.ini has been deleted checking for a3d files no a3d files found Finished ------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:12:06, on 24-4-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\mbvigaaa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijack This\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: (no name) - {D052FF6A-BD16-4298-B8B3-2A7C1BCD9B4F} - c:\windows\system32\ejmaejm.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\ejmaejm.dll O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adusicidtab - Unknown owner - (no file) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Link naar reactie
  • 0
[quote:b8c438b1f9]Selecteer optie 2. Run auto fix. Als er een infectie is gevonden zal er een boodschap verschijnen om alle andere toepassingen af te sluiten. Doe dit want de computer moet worden herstart. Geef nu Enter en de computer zal opnieuw starten. Als de computer opnieuw gestart is verschijnt er een notepad venster. Post de inhoud van dit venster samen met een nieuwe Hijackthislog.( [/quote:b8c438b1f9] HAXFIX logfile - by Marckie version 4.39 di 24-04-2007 19:07:35,96 --- Auto Haxdoorfix --- searching for files: searching for services.... service xmm13g found [SWSC] DeleteService SUCCESS service mmx19g found [SWSC] DeleteService SUCCESS --- Goldunfix --- searching for files: checking iexplore.exe iexplore.exe is not infected searching for SSODLkeys: no SSODLkeys found searching for notifykeys: no notifykeys found searching for services: no services found .....rebooting the computer..... searching for ssodlkeys not needed searching for notifykeys notifykey xmm13g not found searching for services service xmm13g not found service mmx19g not found searching for safeboot services safeboot service xmm13g.sys not found safeboot service mmx19g.sys not found searching for files xmm13g.dll exists deleting xmm13g.dll xmm13g.dll has been deleted mmx19g.sys exists deleting mmx19g.sys mmx19g.sys has been deleted checking for other files wa114.ini exists deleting wa114.ini wa114.ini has been deleted checking for a3d files no a3d files found Finished ------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:12:06, on 24-4-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\mbvigaaa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijack This\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: (no name) - {D052FF6A-BD16-4298-B8B3-2A7C1BCD9B4F} - c:\windows\system32\ejmaejm.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\ejmaejm.dll O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adusicidtab - Unknown owner - (no file) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Link naar reactie
  • 0
[quote:709b7b1f22]Selecteer optie 2. Run auto fix. Als er een infectie is gevonden zal er een boodschap verschijnen om alle andere toepassingen af te sluiten. Doe dit want de computer moet worden herstart. Geef nu Enter en de computer zal opnieuw starten. Als de computer opnieuw gestart is verschijnt er een notepad venster. Post de inhoud van dit venster samen met een nieuwe Hijackthislog.( [/quote:709b7b1f22] HAXFIX logfile - by Marckie version 4.39 di 24-04-2007 19:07:35,96 --- Auto Haxdoorfix --- searching for files: searching for services.... service xmm13g found [SWSC] DeleteService SUCCESS service mmx19g found [SWSC] DeleteService SUCCESS --- Goldunfix --- searching for files: checking iexplore.exe iexplore.exe is not infected searching for SSODLkeys: no SSODLkeys found searching for notifykeys: no notifykeys found searching for services: no services found .....rebooting the computer..... searching for ssodlkeys not needed searching for notifykeys notifykey xmm13g not found searching for services service xmm13g not found service mmx19g not found searching for safeboot services safeboot service xmm13g.sys not found safeboot service mmx19g.sys not found searching for files xmm13g.dll exists deleting xmm13g.dll xmm13g.dll has been deleted mmx19g.sys exists deleting mmx19g.sys mmx19g.sys has been deleted checking for other files wa114.ini exists deleting wa114.ini wa114.ini has been deleted checking for a3d files no a3d files found Finished ------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:12:06, on 24-4-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\mbvigaaa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijack This\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: (no name) - {D052FF6A-BD16-4298-B8B3-2A7C1BCD9B4F} - c:\windows\system32\ejmaejm.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: meqnjzje - C:\WINDOWS\SYSTEM32\ejmaejm.dll O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adusicidtab - Unknown owner - (no file) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Link naar reactie
  • 0
Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:59bf2f28fe]Combofix[/b:59bf2f28fe][/url] naar je Bureaublad. Dubbelklik [b:59bf2f28fe]Combofix.exe[/b:59bf2f28fe] Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, [b:59bf2f28fe]NIET[/b:59bf2f28fe] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:59bf2f28fe]combofix.txt[/b:59bf2f28fe] openen. Plaats dit log in je volgende post samen met een nieuw HijackThis log. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
Link naar reactie
  • 0
ComboFix 07-04-24.5V - Running from: "C:\Documents and Settings\Rik Steverink\Bureaublad\" /wow section - STAGE #3 (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ejmaejm.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\RIKSTE~1\BUREAU~1.\internet explorer.lnk C:\WINDOWS\system32\drivers\neurwdoq.sys C:\WINDOWS\system32\ejmaejm.dll ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm -------\reaucigj -------\LEGACY_REAUCIGJ -------\LEGACY_SYSTEM ((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 )))))))))))))))))))))))))))))))))) 2007-04-24 19:02 8,234 --a------ C:\clean.bat 2007-04-24 18:57 90,112 --a------ C:\WINDOWS\system32\regdacl.exe 2007-04-24 18:57 53,248 --a------ C:\WINDOWS\system32\process.exe 2007-04-24 18:57 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-04-24 18:57 278,902 --a------ C:\win32delfkil.exe 2007-04-24 18:57 16,384 --a------ C:\WINDOWS\system32\restart.exe 2007-04-24 18:57 <DIR> d-------- C:\WINDOWS\system32\regdacl 2007-04-24 18:57 <DIR> d-------- C:\_backupD 2007-04-24 17:23 <DIR> d-------- C:\Program Files\Hijack This 2007-04-24 16:53 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-04-24 16:53 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-04-24 16:53 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-04-24 16:53 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-04-24 16:53 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-04-24 16:53 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-04-24 16:53 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-04-24 15:18 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-04-24 15:18 <DIR> d-------- C:\Program Files\Lavasoft 2007-04-24 14:09 <DIR> d--hs---- C:\DOCUME~1\RIKSTE~1\Onlangs geopend 2007-04-24 13:21 44,032 --a------ C:\WINDOWS\system32\rdysjale.dll 2007-04-24 13:21 131,072 --a------ C:\WINDOWS\system32\tkndkvsz.dll 2007-04-24 13:21 100,864 --a------ C:\WINDOWS\system32\llnjvmiu.dll 2007-04-24 13:15 14,336 --a------ C:\WINDOWS\system32\mbvigaaa.exe 2007-04-15 15:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground 2007-04-14 23:25 <DIR> d-------- C:\Program Files\RadLight Company 2007-04-14 23:25 <DIR> d-------- C:\DOCUME~1\RIKSTE~1\APPLIC~1\RadLight Company 2007-04-14 23:21 <DIR> d-------- C:\Program Files\Webteh 2007-04-14 23:21 <DIR> d-------- C:\Program Files\Setup 2007-04-14 23:21 <DIR> d-------- C:\Program Files\BSplayer_WhenUSave_Installer 2007-04-14 23:21 <DIR> d-------- C:\DOCUME~1\RIKSTE~1\APPLIC~1\BSplayer Pro 2007-04-14 23:21 <DIR> d-------- C:\DOCUME~1\RIKSTE~1\APPLIC~1\BSplayer (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-24 19:11 77628 --a------ C:\WINDOWS\system32\perfc013.dat 2007-04-24 19:11 458570 --a------ C:\WINDOWS\system32\perfh013.dat 2007-04-24 16:51 -------- d-------- C:\Program Files\hitman pro 2007-04-24 15:19 -------- d-------- C:\DOCUME~1\RIKSTE~1\APPLIC~1\lavasoft 2007-04-15 15:44 -------- d-------- C:\Program Files\ea games 2007-03-25 19:27 74616 --a------ C:\WINDOWS\system32\gdipfontcachev1.dat 2007-03-13 18:45 -------- d-------- C:\Program Files\messengerplus! 3 2007-03-12 13:06 -------- d-------- C:\Program Files\corel 2007-03-12 13:02 -------- d--h----- C:\Program Files\installshield installation information 2007-03-01 00:27 -------- d-------- C:\Program Files\filezilla 2007-02-25 14:20 -------- d--h----- C:\DOCUME~1\RIKSTE~1\APPLIC~1\move networks (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "LWBMOUSE"="C:\\Program Files\\Omni\\OmniMouse Driver\\4.06\\MOUSE32A.EXE" "LWBKEYBOARD"="C:\\Program Files\\Omni\\Omni keyboard driver\\5.0\\KbdAp32A.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "aol"="\"D:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"" @="" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "mbvigaaa"="C:\\WINDOWS\\System32\\mbvigaaa.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "mbvigaaa"="C:\\WINDOWS\\System32\\mbvigaaa.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "FgQHWLXjBG"="{341C3C78-9EB6-96D2-9DF2-8A7063A4210E}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="C:\WINDOWS\System32\wmfhotfix.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\BTTray.lnk" "backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe " "item"="BTTray" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="atiptaxx" "hkey"="HKLM" "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDll32 cmicnfg" "hkey"="HKLM" "command"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAP" "hkey"="HKLM" "command"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Launch Application 2" "hkey"="HKLM" "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PcSync2" "hkey"="HKCU" "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PicasaMediaDetector" "hkey"="HKLM" "command"="D:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RocketDock" "hkey"="HKCU" "command"="\"C:\\WINDOWS\\BricoPacks\\Crystal Clear\\RocketDock\\RocketDock.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Weather" "hkey"="HKCU" "command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Adobe LM Service"=dword:00000003 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* odzpqoil ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-24 20:01:50 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-24 20:02:54 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-24 20:02 -------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 20:05:34, on 24-4-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\System32\mbvigaaa.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijack This\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [mbvigaaa] C:\WINDOWS\System32\mbvigaaa.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O21 - SSODL: FgQHWLXjBG - {341C3C78-9EB6-96D2-9DF2-8A7063A4210E} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adusicidtab - Unknown owner - (no file) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) --------------------------------------------------- Ja heb het bestandje naar die bleepingcomputer gestuurd.
Link naar reactie
  • 0
Mooi mooi, dan kunnen daar mee gaan werken. Nog even 1 ding en daarna gaan we verder. Wil je dit bestand eerst eens laten scannen bij Jotti: C:\WINDOWS\System32\[b:db1044d564]mbvigaaa.exe [/b:db1044d564] <<<<<<<<<<<<<< [i:db1044d564]Let op! Soms staan sommige mappen en/of bestanden verborgen, dus eerst even dit uitvoeren: Mijn documenten> extra > mapopties > tabblad Weergave > klik verborgen bestanden en mappen weergeven >OK: [/i:db1044d564] Jotti Virusscan http://virusscan.jotti.org/ Bovenin staat “file to upload”. Ga via “bladeren” naar onderstaand bestand, laat het scannen door eerst op “openen” en daarna op “submit” te klikken. Kopieer het antwoord dat je krijgt in je volgende post. Als de server te druk is kun je het bestand ook hier laten scannen: Kaspersky filescanner http://www.kaspersky.com/scanforvirus
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

×
×
  • Nieuwe aanmaken...