Traag pc+trojans

**Tommiiee** · 15 July 2009, 22:37

Hoi SuriNaruto

Volg deze instructies om Combofix te downloaden naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.

OPMERKING: indien je tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het Query - Recovery Console venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix NIET in het venster klikken want dit zal je pc doen vastlopen.

Wanneer de fix voltooid is en na herstart
zal de log Combofix.txt openen.

**SuriNaruto** · 16 July 2009, 22:44

umm dat gedaan moest ik de log van CF posten ach i doe het gewoon hopelijk is door dit mijn pc gefixed zo niet als ik van nod32 weer berichten krijg meld ik het ik herstart me pc straks om te kijken.heb je nog andere logs nodig?
hier is log combofix:
ComboFix 09-07-14.08 - Eigenaar 16-07-2009 22:16.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.479.204 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\autorun.inf
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))))
.
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\Malwarebytes
2009-07-15 17:54 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-15 17:54 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 14:23 . 2009-07-16 19:02 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2009-07-15 14:22 . 2009-07-15 14:22 -------- d-sh--w- c:\documents and settings\Eigenaar\IECompatCache
2009-07-14 17:32 . 2009-07-14 17:41 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-14 17:32 . 2009-07-14 17:41 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-14 17:32 . 2009-07-14 17:41 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-14 17:32 . 2008-06-02 13:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-14 17:32 . 2009-07-14 17:47 -------- d-----w- c:\program files\Spyware Doctor
2009-07-14 17:32 . 2009-07-14 17:32 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\PC Tools
2009-07-14 17:32 . 2009-07-14 17:32 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\PC Tools
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-07-12 12:29 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-12 12:29 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-12 12:29 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-12 12:29 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-12 12:29 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-12 12:27 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-07-12 12:26 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-07-12 12:12 . 2009-07-12 12:25 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-12 12:11 . 2009-07-12 12:11 -------- d-----w- c:\windows\Logs
2009-07-09 15:55 . 2009-07-09 15:55 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\PCHealth
2009-07-09 15:55 . 2009-07-09 15:55 -------- d-----w- c:\docume~1\Eigenaar\LOCALS~1\APPLIC~1\PCHealth
2009-07-09 15:24 . 2009-07-09 15:24 -------- d-----w- C:\Hotspot Shield
2009-07-08 15:38 . 2009-07-08 15:38 -------- d-----w- C:\ijji
2009-07-08 15:37 . 2009-01-28 12:47 157144 ----a-w- c:\windows\system32\PubPlugin.dll
2009-07-08 15:37 . 2008-06-11 21:01 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-07-08 15:37 . 2009-07-08 15:37 -------- d-----w- c:\program files\NHN USA
2009-07-08 15:37 . 2009-05-26 15:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-07-08 15:37 . 2009-05-12 18:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-07-07 11:22 . 2009-07-07 11:22 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Megaupload
2009-07-07 11:22 . 2009-07-07 11:22 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\Megaupload
2009-07-07 10:09 . 2009-07-07 10:28 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\vlc
2009-07-07 10:09 . 2009-07-07 10:28 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\vlc
2009-07-05 11:27 . 2009-07-05 11:27 -------- d-sh--w- c:\documents and settings\Eigenaar\PrivacIE
2009-07-05 11:03 . 2009-07-05 11:06 -------- dc-h--w- c:\windows\ie8
2009-07-04 19:28 . 2009-07-04 19:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-04 18:58 . 2009-07-04 18:58 -------- d-sh--w- c:\documents and settings\Eigenaar\IETldCache
2009-07-04 18:54 . 2009-07-05 16:07 -------- d-----w- c:\windows\ie8updates
2009-07-04 18:47 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-04 18:47 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-04 18:47 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 03:25 . 2009-07-02 03:25 25472 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-06-30 14:27 . 2009-06-30 14:27 -------- d-----w- c:\program files\PFPortChecker
2009-06-27 20:24 . 2009-06-27 20:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TomTom
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\TomTom
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\TomTom
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\docume~1\Eigenaar\LOCALS~1\APPLIC~1\TomTom
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\TomTom
2009-06-27 20:09 . 2009-06-27 20:09 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-06-25 17:53 . 2009-07-02 09:07 -------- d-----w- c:\program files\LcdStudio
2009-06-25 14:58 . 2009-06-25 14:59 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Logitech
2009-06-25 14:58 . 2009-06-25 14:59 -------- d-----w- c:\docume~1\Eigenaar\LOCALS~1\APPLIC~1\Logitech
2009-06-25 14:57 . 2009-06-25 14:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Logitech
2009-06-25 14:54 . 2009-06-25 14:54 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\LogiShrd
2009-06-25 14:54 . 2009-06-25 14:54 -------- d-----w- c:\docume~1\Eigenaar\LOCALS~1\APPLIC~1\LogiShrd
2009-06-25 14:53 . 2008-09-26 07:52 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-06-25 14:50 . 2009-06-25 14:51 -------- d-----w- c:\program files\Common Files\Logishrd
2009-06-25 14:50 . 2009-06-25 14:57 -------- d-----w- c:\program files\Logitech
2009-06-25 14:49 . 2009-06-25 14:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\LogiShrd
2009-06-24 16:16 . 2004-08-03 23:03 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-24 16:16 . 2004-08-03 23:03 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-24 16:16 . 2004-08-03 22:57 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-06-24 16:16 . 2004-08-03 22:57 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-06-19 11:52 . 2009-06-19 11:52 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\dvdcss
2009-06-19 11:52 . 2009-06-19 11:52 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\dvdcss
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-15 18:29 . 2009-04-10 15:16 -------- d-----w- c:\program files\Euro Gunz Client 8.5.6
2009-07-15 14:10 . 2009-05-16 16:35 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-14 17:59 . 2005-02-01 22:32 86442 ----a-w- c:\windows\system32\perfc013.dat
2009-07-14 17:59 . 2005-02-01 22:32 499456 ----a-w- c:\windows\system32\perfh013.dat
2009-07-09 20:39 . 2009-01-30 16:39 -------- d-----w- c:\program files\Hotspot Shield
2009-07-08 15:37 . 2008-11-09 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 19:20 . 2008-11-09 17:20 11482 ----a-w- c:\documents and settings\Eigenaar\Application Data\wklnhst.dat
2009-07-06 19:20 . 2008-11-09 17:20 11482 ----a-w- c:\docume~1\Eigenaar\APPLIC~1\wklnhst.dat
2009-07-04 19:44 . 2009-04-12 13:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\IJJIGame
2009-07-04 13:26 . 2009-04-20 12:46 -------- d-----w- c:\program files\StepMania
2009-07-03 22:22 . 2008-11-09 18:32 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\uTorrent
2009-07-03 22:22 . 2008-11-09 18:32 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\uTorrent
2009-07-02 02:34 . 2009-01-30 16:39 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-30 11:18 . 2009-03-04 10:59 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\U3
2009-06-30 11:18 . 2009-03-04 10:59 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\U3
2009-06-30 11:12 . 2008-11-10 11:43 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AdobeUM
2009-06-30 11:12 . 2008-11-10 11:43 -------- d-----w- c:\docume~1\Eigenaar\APPLIC~1\AdobeUM
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-06-16 14:55 . 2005-02-01 22:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2005-02-01 22:31 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 12:41 . 2008-11-09 17:14 62744 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 12:41 . 2008-11-09 17:14 62744 ----a-w- c:\docume~1\Eigenaar\LOCALS~1\APPLIC~1\GDIPFONTCAC HEV1.DAT
2009-06-13 12:14 . 2008-11-10 11:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-13 12:12 . 2009-06-13 12:12 -------- d-----w- c:\program files\Adobe Media Player
2009-06-12 18:00 . 2009-06-12 17:43 -------- d-----w- c:\program files\PhotoScape
2009-06-12 14:49 . 2009-06-12 14:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-11 12:14 . 2009-01-19 19:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-06-09 18:35 . 2009-06-09 18:35 0 ----a-w- c:\windows\system32\cd.dat
2009-06-03 19:27 . 2005-02-01 22:31 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 10:41 . 2009-05-12 10:01 139 ----a-w- C:\chardump.bin
2009-05-13 05:06 . 2005-02-01 22:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2005-02-01 22:31 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:12 . 2005-02-01 22:32 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-02-18 11:11 . 2009-02-18 11:11 3072 --sha-w- c:\program files\Thumbs.db
2009-06-12 16:03 . 2009-03-13 10:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-07-09 20:37 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-18 160592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-08-27 970752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-09 185872]
"EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATI9BE.EXE" [2004-03-04 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-24 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 1572872]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-07-13 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\docume~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-9 262144]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Euro Gunz Client 8.5.6\\loveur0.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6-2-2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [6-2-2009 15:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6-2-2009 15:23 727720]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [15-6-2009 23:21 331312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [25-6-2009 16:53 10384]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [30-1-2009 18:39 33840]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2-7-2009 5:25 25472]
S2 AlerterALG;Alerter AlerterALG;c:\windows\TEMP\tkrrkfpfhl.exe service --> c:\windows\TEMP\tkrrkfpfhl.exe service [?]
S2 nmghcslqv;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [2-2-2005 0:32 14336]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [2-7-2009 5:26 57640]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [19-3-2009 16:48 29184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Eigenaar\Bureaublad\michael\RohanBotEn1.0 .24\NtProcDrv.sys --> c:\documents and settings\Eigenaar\Bureaublad\michael\RohanBotEn1.0 .24\NtProcDrv.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [14-7-2009 19:32 356920]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nmghcslqv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uInternet Connection Wizard,ShellNext = hxxp://www.paradigit.nl/
uInternet Settings,ProxyOverride = <local>
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: {B47ED3E8-1BAA-4D1E-902E-DA2D1CCDBE04} = 213.46.228.196,62.179.104.196
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\docume~1\Eigenaar\APPLIC~1\Mozilla\Firefox\Prof iles\wjxqmnar.default\
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 22:33
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden:
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1444)
geyekrdlxmqlkj.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Voltooingstijd: 2009-07-16 22:40
ComboFix-quarantined-files.txt 2009-07-16 20:39
Pre-Run: 13.540.380.672 bytes beschikbaar
Post-Run: 13.672.480.768 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
247 --- E O F --- 2009-07-15 16:09

**SuriNaruto** · 16 July 2009, 23:35

ik had net mijn pc herstart en kreeg weer deze melding http://i31.tinypic.com/2rfv4ud.jpg
gelukkig was het alleen de melding van het ballon dus het onderste is al weg en de andere virussen dus nu zit ik met die ene virus van de ballon

**Tommiiee** · 18 July 2009, 01:12

Hoi,

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\Windows\system32\geyekrdlxmqlkj.dll
) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Start nu je PC op in Veilige Modus. Lees hier hoe dat moet.

Dubbelklik op del.bat en post de inhoud van de logfile die opent in je volgende bericht.
Laat ook even weten of je die melding nog krijgt van NOD32, en post een nieuw HijackThis-log.

Mvg,
Tom

**SuriNaruto** · 18 July 2009, 17:41

deze virus melding heb ik nog steeds je heb me denk ik de verkeerde gegeven:

Hier zijn de logs:
Deleting files
C:\Windows\system32\geyekrdlxmqlkj.dll not found

hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:20, on 18-7-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.paradigit.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SetPointII.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B47ED3E8-1BAA-4D1E-902E-DA2D1CCDBE04}: NameServer = 213.46.228.196,62.179.104.196
O23 - Service: Alerter AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\tkrrkfpfhl.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 11549 bytes

**Tommiiee** · 18 July 2009, 17:42

Hoi,

Zou je me even kunnen vertellen waar NOD32 dat bestand/die rootkit precies vindt?

**SuriNaruto** · 19 July 2009, 14:30

ik krijg alleen dit ;
Operating memory - Win32/Rootkit.Agent.ODG trojan - unable to clean

**Tommiiee** · 19 July 2009, 15:24

Hoi,

Verwijder Combofix via Start --> Uitvoeren.
Typ Combofix /u en druk OK.

Leeg de quarantaine map van NOD32, en download Combofix opnieuw:

Volg deze instructies om Combofix te downloaden naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.

OPMERKING: indien je tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het Query - Recovery Console venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix NIET in het venster klikken want dit zal je pc doen vastlopen.

Wanneer de fix voltooid is en na herstart
zal de log Combofix.txt openen.
Plaats de inhoud van dat log in je volgende bericht.

**SuriNaruto** · 20 July 2009, 16:20

hier is de log:
ComboFix 09-07-19.04 - Eigenaar 20-07-2009 15:53.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.479.189 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Eigenaar\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-20 to 2009-07-20 ))))))))))))))))))))))))))))))
.
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2009-07-15 17:54 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-15 17:54 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 14:23 . 2009-07-20 13:43 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2009-07-15 14:22 . 2009-07-15 14:22 -------- d-sh--w- c:\documents and settings\Eigenaar\IECompatCache
2009-07-14 17:32 . 2009-07-14 17:41 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-14 17:32 . 2009-07-14 17:41 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-14 17:32 . 2009-07-14 17:41 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-14 17:32 . 2008-06-02 13:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-14 17:32 . 2009-07-14 17:47 -------- d-----w- c:\program files\Spyware Doctor
2009-07-14 17:32 . 2009-07-14 17:32 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\PC Tools
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-07-12 12:29 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-12 12:29 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-12 12:29 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-12 12:29 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-12 12:29 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-12 12:27 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-07-12 12:26 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-07-12 12:12 . 2009-07-12 12:25 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-12 12:11 . 2009-07-12 12:11 -------- d-----w- c:\windows\Logs
2009-07-09 15:55 . 2009-07-09 15:55 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\PCHealth
2009-07-09 15:24 . 2009-07-09 15:24 -------- d-----w- C:\Hotspot Shield
2009-07-08 15:38 . 2009-07-08 15:38 -------- d-----w- C:\ijji
2009-07-08 15:37 . 2009-01-28 12:47 157144 ----a-w- c:\windows\system32\PubPlugin.dll
2009-07-08 15:37 . 2008-06-11 21:01 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-07-08 15:37 . 2009-07-08 15:37 -------- d-----w- c:\program files\NHN USA
2009-07-08 15:37 . 2009-05-26 15:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-07-08 15:37 . 2009-05-12 18:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-07-07 11:22 . 2009-07-07 11:22 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Megaupload
2009-07-07 10:09 . 2009-07-07 10:28 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\vlc
2009-07-05 11:27 . 2009-07-05 11:27 -------- d-sh--w- c:\documents and settings\Eigenaar\PrivacIE
2009-07-05 11:03 . 2009-07-05 11:06 -------- dc-h--w- c:\windows\ie8
2009-07-04 19:28 . 2009-07-04 19:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-04 18:58 . 2009-07-04 18:58 -------- d-sh--w- c:\documents and settings\Eigenaar\IETldCache
2009-07-04 18:54 . 2009-07-05 16:07 -------- d-----w- c:\windows\ie8updates
2009-07-04 18:47 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-04 18:47 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-04 18:47 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 03:25 . 2009-07-02 03:25 25472 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-06-30 14:27 . 2009-06-30 14:27 -------- d-----w- c:\program files\PFPortChecker
2009-06-27 20:24 . 2009-06-27 20:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TomTom
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\TomTom
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\TomTom
2009-06-27 20:09 . 2009-06-27 20:09 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-06-25 17:53 . 2009-07-02 09:07 -------- d-----w- c:\program files\LcdStudio
2009-06-25 14:58 . 2009-06-25 14:59 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Logitech
2009-06-25 14:57 . 2009-06-25 14:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Logitech
2009-06-25 14:54 . 2009-06-25 14:54 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\LogiShrd
2009-06-25 14:53 . 2008-09-26 07:52 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-06-25 14:50 . 2009-06-25 14:51 -------- d-----w- c:\program files\Common Files\Logishrd
2009-06-25 14:50 . 2009-06-25 14:57 -------- d-----w- c:\program files\Logitech
2009-06-25 14:49 . 2009-06-25 14:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\LogiShrd
2009-06-24 16:16 . 2004-08-03 23:03 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-24 16:16 . 2004-08-03 23:03 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-24 16:16 . 2004-08-03 22:57 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-06-24 16:16 . 2004-08-03 22:57 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-18 15:40 . 2009-03-30 12:10 -------- d-----w- c:\program files\PokerStars
2009-07-18 15:05 . 2009-06-12 17:43 -------- d-----w- c:\program files\PhotoScape
2009-07-15 18:29 . 2009-04-10 15:16 -------- d-----w- c:\program files\Euro Gunz Client 8.5.6
2009-07-15 14:10 . 2009-05-16 16:35 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-14 17:59 . 2005-02-01 22:32 86442 ----a-w- c:\windows\system32\perfc013.dat
2009-07-14 17:59 . 2005-02-01 22:32 499456 ----a-w- c:\windows\system32\perfh013.dat
2009-07-09 20:39 . 2009-01-30 16:39 -------- d-----w- c:\program files\Hotspot Shield
2009-07-08 15:37 . 2008-11-09 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 19:20 . 2008-11-09 17:20 11482 ----a-w- c:\documents and settings\Eigenaar\Application Data\wklnhst.dat
2009-07-04 19:44 . 2009-04-12 13:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\IJJIGame
2009-07-04 13:26 . 2009-04-20 12:46 -------- d-----w- c:\program files\StepMania
2009-07-03 22:22 . 2008-11-09 18:32 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\uTorrent
2009-07-02 02:34 . 2009-01-30 16:39 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-30 11:18 . 2009-03-04 10:59 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\U3
2009-06-30 11:12 . 2008-11-10 11:43 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AdobeUM
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-06-19 11:52 . 2009-06-19 11:52 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\dvdcss
2009-06-16 14:55 . 2005-02-01 22:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2005-02-01 22:31 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 12:41 . 2008-11-09 17:14 62744 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 12:14 . 2008-11-10 11:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-13 12:12 . 2009-06-13 12:12 -------- d-----w- c:\program files\Adobe Media Player
2009-06-12 14:49 . 2009-06-12 14:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-11 12:14 . 2009-01-19 19:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-06-09 18:35 . 2009-06-09 18:35 0 ----a-w- c:\windows\system32\cd.dat
2009-06-03 19:27 . 2005-02-01 22:31 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 10:41 . 2009-05-12 10:01 139 ----a-w- C:\chardump.bin
2009-05-13 05:06 . 2005-02-01 22:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2005-02-01 22:31 345600 ----a-w- c:\windows\system32\localspl.dll
2009-02-18 11:11 . 2009-02-18 11:11 3072 --sha-w- c:\program files\Thumbs.db
2009-06-12 16:03 . 2009-03-13 10:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-07-09 20:37 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-18 160592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-08-27 970752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-09 185872]
"EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATI9BE.EXE" [2004-03-04 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-24 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 1572872]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-07-13 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\docume~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-9 262144]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Euro Gunz Client 8.5.6\\loveur0.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6-2-2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [6-2-2009 15:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6-2-2009 15:23 727720]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [15-6-2009 23:21 331312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [25-6-2009 16:53 10384]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [30-1-2009 18:39 33840]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2-7-2009 5:25 25472]
S2 AlerterALG;Alerter AlerterALG;c:\windows\TEMP\tkrrkfpfhl.exe service --> c:\windows\TEMP\tkrrkfpfhl.exe service [?]
S2 nmghcslqv;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [2-2-2005 0:32 14336]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [2-7-2009 5:26 57640]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [19-3-2009 16:48 29184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Eigenaar\Bureaublad\michael\RohanBotEn1.0 .24\NtProcDrv.sys --> c:\documents and settings\Eigenaar\Bureaublad\michael\RohanBotEn1.0 .24\NtProcDrv.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [14-7-2009 19:32 356920]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nmghcslqv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uInternet Connection Wizard,ShellNext = hxxp://www.paradigit.nl/
uInternet Settings,ProxyOverride = <local>
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: {B47ED3E8-1BAA-4D1E-902E-DA2D1CCDBE04} = 213.46.228.196,62.179.104.196
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\docume~1\Eigenaar\APPLIC~1\Mozilla\Firefox\Prof iles\wjxqmnar.default\
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 16:10
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden:
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1440)
geyekrdlxmqlkj.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Voltooingstijd: 2009-07-20 16:16
ComboFix-quarantined-files.txt 2009-07-20 14:16
ComboFix2.txt 2009-07-16 20:40
Pre-Run: 20.120.662.016 bytes beschikbaar
Post-Run: 20.159.774.720 bytes beschikbaar
223 --- E O F --- 2009-07-15 16:09

**SuriNaruto** · 20 July 2009, 16:36

heb zojuist mijn pc herstart en krijg weer deze melding:
Operating memory - Win32/Rootkit.Agent.ODG trojan - unable to clean
had alle stappen gevolgd wat je zij.
Misschien is het beter om een ander fixer /cleaner te proberen of iemand raad plegen