SuriNaruto (23 July 2009)
wat nu ik ga strx misschien die virus op internet tikke en kijke wat ik krijg
Nuja, het is jouw PC, maar ik heb een mogelijke oplossing, alleen heeft mijn toeziende Spyware Slayer ook zo zijn gedachten. Ik mag pas posten als iets is goedgekeurd, en ik heb nog geen reactie terug.
SuriNaruto (23 July 2009)
.....
Laatst gewijzigd door Mosquitos; 21 July 2009 om 13:14
Hoi,
Download GMER hiervandaan:
http://www.gmer.net/gmer.zip
Pak de bestanden uit naar het bureaublad.
Let op: Sluit alle openstaande programma's/vensters!
Open GMER en klik op het Rootkit/Malware tabblad.
Zorg dat alle vakjes aan de rechterkant zijn aangevinkt, behalve "Show all".
Klik op Scan (1).
Wanneer de scan klaar is, klik op Copy en plaats de resultaten in je volgende bericht.
SuriNaruto (23 July 2009)
ik kreeg een melding dat er een rootkit was gevonden ^^ hier is de log:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-21 21:05:08
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT 848F8A60 ZwOpenProcess
SSDT 848F8E80 ZwOpenThread
SSDT 848F9460 ZwSuspendProcess
SSDT 848F9280 ZwSuspendThread
SSDT 848F8C90 ZwTerminateProcess
SSDT 848F90B0 ZwTerminateThread
INT 0x62 ? 851DEBF8
INT 0x82 ? 851DEBF8
INT 0x83 ? 85171BF8
INT 0x84 ? 84F91F00
INT 0x94 ? 84F91F00
INT 0xA4 ? 84F91F00
INT 0xB4 ? 84F91F00
Code 84F00748 ZwEnumerateKey
Code 84F00670 ZwFlushInstructionCache
Code 84F00F36 ZwSaveKey
Code 84F00E5E ZwSaveKeyEx
Code 84ED12C6 IofCallDriver
Code 84ED1416 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EE00A 5 Bytes JMP 84ED12CB
.text ntkrnlpa.exe!IofCompleteRequest 804EE09A 5 Bytes JMP 84ED141B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAC4A 5 Bytes JMP 84F00674
PAGE ntkrnlpa.exe!ZwSaveKey 806173DA 5 Bytes JMP 84F00F3A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061746A 5 Bytes JMP 84F00E62
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619770 5 Bytes JMP 84F0074C
? spwt.sys Het systeem kan het opgegeven bestand niet vinden. !
.text USBPORT.SYS!DllUnload F63A762C 5 Bytes JMP 84F914E0
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[316] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0291000A
.text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe[448] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009B000A
.text C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe[468] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 029C000A
.text C:\WINDOWS\Explorer.EXE[476] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B5000A
.text C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe[512] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003D000A
.text ...
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1040] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\SOUNDMAN.EXE[1060] ntdll.dll!LdrLoadDll 7C915CBB 3 Bytes JMP 0092000A
.text C:\WINDOWS\SOUNDMAN.EXE[1060] ntdll.dll!LdrLoadDll + 4 7C915CBF 1 Byte [84]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1088] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0091000A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1104] ntdll.dll!LdrLoadDll 7C915CBB 3 Bytes JMP 0292000A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1104] ntdll.dll!LdrLoadDll + 4 7C915CBF 1 Byte [86]
.text ...
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!LoadResource 7C809FC5 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!FindResourceExW 7C80AC98 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!FindResourceW 7C80BBDE 7 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!SizeofResource 7C80BC79 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!FindResourceA 7C80BE99 7 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!LockResource 7C80CCA7 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!CreateEventA 7C8308C9 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] kernel32.dll!FindResourceExA 7C835FC0 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ADVAPI32.dll!CryptDeriveKey 77F5A1A5 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ADVAPI32.dll!CryptDecrypt 77F5A2D1 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 280069E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 280045B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!CreateWindowExW 7E39FC25 5 Bytes JMP 28003C70 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!SetWindowRgn 7E39FFB2 7 Bytes JMP 28005EC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!LoadIconW 7E3A0894 5 Bytes JMP 28006840 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!LoadImageW 7E3A2CFE 5 Bytes JMP 28006650 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!CreateDialogParamW 7E3A7D4F 5 Bytes JMP 28006000 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!SetWindowPlacement 7E3AD84C 5 Bytes JMP 28005D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 280061F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] USER32.dll!TrackPopupMenuEx 7E3ECD28 5 Bytes JMP 28004E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WS2_32.dll!send 71A3428A 5 Bytes JMP 2800B1C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 2800AFA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WS2_32.dll!recv 71A3615A 5 Bytes JMP 2800AE00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 2800B3A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 2800B5E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 5 Bytes JMP 280033D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ole32.dll!CoCreateInstance 774BFAC3 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WININET.dll!InternetReadFile 40CB654B 5 Bytes JMP 28009E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WININET.dll!InternetCloseHandle 40CB9088 5 Bytes JMP 2800A000 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WININET.dll!HttpOpenRequestA 40CBD5E8 5 Bytes JMP 28009CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2892] WININET.dll!HttpSendRequestA 40CCEEB9 5 Bytes JMP 28009F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\WINDOWS\system32\DllHost.exe[2948] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008C000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72C6040] spwt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72C613C] spwt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72C60BE] spwt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72C67FC] spwt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72C66D2] spwt.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 851CD1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\Fastfat \FatCdrom 848A21F8
Device \Driver\usbohci \Device\USBPDO-0 84FA5500
Device \Driver\usbohci \Device\USBPDO-1 84FA5500
Device \Driver\usbohci \Device\USBPDO-2 84FA5500
Device \Driver\usbehci \Device\USBPDO-3 84FA4500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B47ED3E8-1BAA-4D1E-902E-DA2D1CCDBE04} 84BEB500
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
Device \Driver\Ftdisk \Device\HarddiskVolume1 851DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 851DE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 851DE1F8
Device \Driver\atapi \Device\Ide\IdePort0 851DE1F8
Device \Driver\atapi \Device\Ide\IdePort1 851DE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 851DE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E5DCAD3B-62B4-4F85-AB9B-4EF4F1F4793C} 84BEB500
Device \Driver\NetBT \Device\NetBt_Wins_Export 84BEB500
Device \Driver\PCI_PNP1050 \Device\00000078 spwt.sys
Device \Driver\PCI_PNP1050 \Device\00000078 spwt.sys
Device \Driver\NetBT \Device\NetbiosSmb 84BEB500
Device \Driver\usbohci \Device\USBFDO-0 84FA5500
Device \Driver\usbohci \Device\USBFDO-1 84FA5500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84AE91F8
Device \Driver\usbohci \Device\USBFDO-2 84FA5500
Device \Driver\sptd \Device\612687300 spwt.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84AE91F8
Device \Driver\usbehci \Device\USBFDO-3 84FA4500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D106D0AE-FE27-4E9C-A2D8-60F86FB003AF} 84BEB500
Device \Driver\Ftdisk \Device\FtControl 851DF1F8
Device \Driver\azvtxdk0 \Device\Scsi\azvtxdk01 84E911F8
Device \Driver\SiSRaid \Device\Scsi\SiSRaid1 851CE1F8
Device \FileSystem\Fastfat \Fat 848A21F8
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
Device \FileSystem\Cdfs \Cdfs 84E3F3E8
---- Threads - GMER 1.0.15 ----
Thread System [4:692] 848F7790
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE [316] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [360] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [408] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe [448] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe [468] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [476] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe [512] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe [560] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe [568] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe [576] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe [584] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [672] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [784] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [968] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1040] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [1060] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [1088] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Common Files\Real\Update_OB\realsched.exe [1104] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BE.EXE [1112] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [1144] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [1200] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1208] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [1232] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1268] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Hotspot Shield\bin\openvpnas.exe [1308] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [1360] 0x00BB0000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\DAEMON Tools Lite\daemon.exe [1380] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1444] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1492] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1504] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1660] 0x00A80000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\SetPoint II\SetpointII.exe [1672] 0x003E0000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\sistray.exe [1712] 0x00960000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1756] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1924] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe [1992] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2012] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe [2168] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2380] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2892] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\system32\DllHost.exe [2948] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3172] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Windows Live\Contacts\wlcomm.exe [3712] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll (*** hidden *** ) @ C:\Program Files\Hotspot Shield\bin\openvpntray.exe [3888] 0x10000000
---- EOF - GMER 1.0.15 ----
Hoi
Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
C:\Windows\system32\geyekrdlxmqlkj. dll
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThis log.
SuriNaruto (23 July 2009)
ComboFix 09-07-21.03 - Eigenaar 22-07-2009 16:03.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.479.187 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FILE ::
"c:\windows\system32\geyekrdlxmqlkj. dll"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Eigenaar\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-22 to 2009-07-22 ))))))))))))))))))))))))))))))
.
2009-07-21 16:07 . 2009-07-21 16:08 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Belastingdienst
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2009-07-15 17:54 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 17:54 . 2009-07-15 17:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-15 17:54 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 14:23 . 2009-07-21 20:51 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2009-07-15 14:22 . 2009-07-15 14:22 -------- d-sh--w- c:\documents and settings\Eigenaar\IECompatCache
2009-07-14 17:32 . 2009-07-14 17:41 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-14 17:32 . 2009-07-14 17:41 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-14 17:32 . 2009-07-14 17:41 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-14 17:32 . 2008-06-02 13:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-14 17:32 . 2009-07-14 17:47 -------- d-----w- c:\program files\Spyware Doctor
2009-07-14 17:32 . 2009-07-14 17:32 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\PC Tools
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-07-12 12:29 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-12 12:29 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-12 12:29 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-12 12:29 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-12 12:29 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-12 12:27 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-07-12 12:26 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-07-12 12:12 . 2009-07-12 12:25 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-12 12:11 . 2009-07-12 12:11 -------- d-----w- c:\windows\Logs
2009-07-09 15:55 . 2009-07-09 15:55 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\PCHealth
2009-07-09 15:24 . 2009-07-09 15:24 -------- d-----w- C:\Hotspot Shield
2009-07-08 15:38 . 2009-07-08 15:38 -------- d-----w- C:\ijji
2009-07-08 15:37 . 2009-01-28 12:47 157144 ----a-w- c:\windows\system32\PubPlugin.dll
2009-07-08 15:37 . 2008-06-11 21:01 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-07-08 15:37 . 2009-07-08 15:37 -------- d-----w- c:\program files\NHN USA
2009-07-08 15:37 . 2009-05-26 15:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-07-08 15:37 . 2009-05-12 18:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-07-07 11:22 . 2009-07-07 11:22 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Megaupload
2009-07-07 10:09 . 2009-07-07 10:28 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\vlc
2009-07-05 11:27 . 2009-07-05 11:27 -------- d-sh--w- c:\documents and settings\Eigenaar\PrivacIE
2009-07-05 11:03 . 2009-07-05 11:06 -------- dc-h--w- c:\windows\ie8
2009-07-04 19:28 . 2009-07-04 19:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-04 18:58 . 2009-07-04 18:58 -------- d-sh--w- c:\documents and settings\Eigenaar\IETldCache
2009-07-04 18:54 . 2009-07-05 16:07 -------- d-----w- c:\windows\ie8updates
2009-07-04 18:47 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-04 18:47 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-04 18:47 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 03:25 . 2009-07-02 03:25 25472 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-06-30 14:27 . 2009-06-30 14:27 -------- d-----w- c:\program files\PFPortChecker
2009-06-27 20:24 . 2009-06-27 20:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TomTom
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\TomTom
2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\TomTom
2009-06-27 20:09 . 2009-06-27 20:09 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-06-25 17:53 . 2009-07-02 09:07 -------- d-----w- c:\program files\LcdStudio
2009-06-25 14:58 . 2009-06-25 14:59 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Logitech
2009-06-25 14:57 . 2009-06-25 14:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Logitech
2009-06-25 14:54 . 2009-06-25 14:54 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\LogiShrd
2009-06-25 14:53 . 2008-09-26 07:52 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-06-25 14:50 . 2009-06-25 14:51 -------- d-----w- c:\program files\Common Files\Logishrd
2009-06-25 14:50 . 2009-06-25 14:57 -------- d-----w- c:\program files\Logitech
2009-06-25 14:49 . 2009-06-25 14:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\LogiShrd
2009-06-24 16:16 . 2004-08-03 23:03 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-24 16:16 . 2004-08-03 23:03 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-24 16:16 . 2004-08-03 22:57 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-06-24 16:16 . 2004-08-03 22:57 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-21 18:30 . 2008-11-09 17:20 12426 ----a-w- c:\documents and settings\Eigenaar\Application Data\wklnhst.dat
2009-07-20 22:22 . 2009-06-19 11:52 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\dvdcss
2009-07-18 15:40 . 2009-03-30 12:10 -------- d-----w- c:\program files\PokerStars
2009-07-18 15:05 . 2009-06-12 17:43 -------- d-----w- c:\program files\PhotoScape
2009-07-15 18:29 . 2009-04-10 15:16 -------- d-----w- c:\program files\Euro Gunz Client 8.5.6
2009-07-15 14:10 . 2009-05-16 16:35 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-14 17:59 . 2005-02-01 22:32 86442 ----a-w- c:\windows\system32\perfc013.dat
2009-07-14 17:59 . 2005-02-01 22:32 499456 ----a-w- c:\windows\system32\perfh013.dat
2009-07-09 20:39 . 2009-01-30 16:39 -------- d-----w- c:\program files\Hotspot Shield
2009-07-08 15:37 . 2008-11-09 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 19:44 . 2009-04-12 13:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\IJJIGame
2009-07-04 13:26 . 2009-04-20 12:46 -------- d-----w- c:\program files\StepMania
2009-07-03 22:22 . 2008-11-09 18:32 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\uTorrent
2009-07-02 02:34 . 2009-01-30 16:39 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-30 11:18 . 2009-03-04 10:59 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\U3
2009-06-30 11:12 . 2008-11-10 11:43 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AdobeUM
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-06-25 14:53 . 2009-06-25 14:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-06-16 14:55 . 2005-02-01 22:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2005-02-01 22:31 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 12:41 . 2008-11-09 17:14 62744 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 12:14 . 2008-11-10 11:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-13 12:12 . 2009-06-13 12:12 -------- d-----w- c:\program files\Adobe Media Player
2009-06-12 14:49 . 2009-06-12 14:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-11 12:14 . 2009-01-19 19:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-06-09 18:35 . 2009-06-09 18:35 0 ----a-w- c:\windows\system32\cd.dat
2009-06-03 19:27 . 2005-02-01 22:31 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 10:41 . 2009-05-12 10:01 139 ----a-w- C:\chardump.bin
2009-05-13 05:06 . 2005-02-01 22:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2005-02-01 22:31 345600 ----a-w- c:\windows\system32\localspl.dll
2009-02-18 11:11 . 2009-02-18 11:11 3072 --sha-w- c:\program files\Thumbs.db
2009-06-12 16:03 . 2009-03-13 10:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-20_14.10.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-22 14:01 . 2009-07-22 14:01 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat
+ 2005-02-01 07:54 . 2009-07-22 14:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-02-01 07:54 . 2009-07-20 13:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-02-01 07:54 . 2009-07-22 14:00 16384 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2005-02-01 07:54 . 2009-07-20 13:51 16384 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-07-14 04:24 . 2009-07-21 15:52 16384 c:\windows\system32\config\systemprofile\IETldCach e\index.dat
- 2009-07-14 04:24 . 2009-07-20 13:51 16384 c:\windows\system32\config\systemprofile\IETldCach e\index.dat
+ 2005-02-01 07:54 . 2009-07-22 14:00 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2005-02-01 07:54 . 2009-07-20 13:51 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-07-09 20:37 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-18 160592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-08-27 970752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-09 185872]
"EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATI9BE.EXE" [2004-03-04 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-24 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 1572872]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-07-13 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\docume~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-9 262144]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Euro Gunz Client 8.5.6\\loveur0.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6-2-2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [6-2-2009 15:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6-2-2009 15:23 727720]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [15-6-2009 23:21 331312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [25-6-2009 16:53 10384]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [30-1-2009 18:39 33840]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2-7-2009 5:25 25472]
S2 AlerterALG;Alerter AlerterALG;c:\windows\TEMP\tkrrkfpfhl.exe service --> c:\windows\TEMP\tkrrkfpfhl.exe service [?]
S2 nmghcslqv;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [2-2-2005 0:32 14336]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\G ameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [2-7-2009 5:26 57640]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [19-3-2009 16:48 29184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Eigenaar\Bureaublad\michael\RohanBotEn1.0 .24\NtProcDrv.sys --> c:\documents and settings\Eigenaar\Bureaublad\michael\RohanBotEn1.0 .24\NtProcDrv.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [14-7-2009 19:32 356920]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nmghcslqv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uInternet Connection Wizard,ShellNext = hxxp://www.paradigit.nl/
uInternet Settings,ProxyOverride = <local>
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: {B47ED3E8-1BAA-4D1E-902E-DA2D1CCDBE04} = 213.46.228.196,62.179.104.196
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\docume~1\Eigenaar\APPLIC~1\Mozilla\Firefox\Prof iles\wjxqmnar.default\
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 16:19
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden:
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1448)
geyekrdlxmqlkj.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrdlxmqlkj. dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Voltooingstijd: 2009-07-22 16:26
ComboFix-quarantined-files.txt 2009-07-22 14:26
ComboFix2.txt 2009-07-20 14:16
ComboFix3.txt 2009-07-16 20:40
Pre-Run: 20.089.970.688 bytes beschikbaar
Post-Run: 20.127.010.816 bytes beschikbaar
241 --- E O F --- 2009-07-15 16:09
Hoi,
Ik neem het even over omdat Tommie ziek geworden is.
Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Rootkit::
C:\Windows\system32\geyekrdlxmqlkj. dll
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThis log.
Roelof
SuriNaruto (23 July 2009)
oke hoi,
Ik heb weer een nieuwe virus dat is dit dus ik heb er in totaal:
http://i32.tinypic.com/11gua1f.jpg(Operating memory - Win32/Rootkit.Agent.ODG trojan - unable to clean )
en toen ik die fix deed wat je zei roelof was hij aan het scannen enzo en kreeg ik uit het niks BSOD.
Dus moet ik het over nieuw doen of iets anders?
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Favorieten/bladwijzers