OS: winXP IPS: telenet.
Ik zit geplaagd met een héél hardnekkige DNS-changer. Bij netwerkinstellingen selecteer ik in "Eigenschappen voor internet-protocol (tcp-ip) : Automatisch IP-adres laten toewijzen en automatisch een DNS-serveradres laten toewijzen. Maar telkens verandert dit in de setting: de volgende DNS-serveradressen gebruiken: Voorkeur DNS-server:
85.255.112.189. Daar is niets aan te doen, het komt telkens terug op deze setting. Heb reeds gescand met Lavasoft AD-Aware. Die vond een trojan DNS-changer die ik dan heb laten verwijderen, maar het resultaat blijft ongewijzigd, dezelfde voorkeur DNS-server komt altijd terug. Bij IPconfig /all krijg ik steeds de DNS-servers 85.255.112.189 en 85.255.112.113.
Bij mijn laptop die draadloos verbonden is met mijn router blijft de setting staan op automatisch DNS-serveradres laten toewijzen en daar geeft IPconfig /all steeds DNS-servers 195.130.130.132 en 195.130.131.132 die thuishoren in de Telenet-range.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:30:20, on 12/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\spss_lmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AutoMercedesW\ScrInstall.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\twext.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {29F4E2BB-5C1E-47AD-B631-947495905A6B} - \
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [onkrqdwr] C:\WINDOWS\onkrqdwr.exe
O4 - HKLM\..\Run: [PhotographyWInstall] "C:\Program Files\Common Files\PhotographyW\ScrInstall.exe" /i
O4 - HKLM\..\Run: [AutoMercedesWInstall] "C:\Program Files\Common Files\AutoMercedesW\ScrInstall.exe" /i
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [878F91898C908E8E] C6CED0C8CBCFCD.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvdz.exe] C:\WINDOWS\system32\kdvdz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\096V0XEB\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunServices: [Office XP hack] c:\office_patch.exe hack
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C961490-D2B1-4B20-8F14-08A7EC41F7C3}: Domain = telenet.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C961490-D2B1-4B20-8F14-08A7EC41F7C3}: NameServer = 85.255.112.189;85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = telenet.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telenet.be
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\System32\spss_lmd.exe
--
End of file - 8583 bytes

* Download Malwarebytes' Anti-Malware via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).

Dubbelklik mbam-setup.exe om het programma te installeren. Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish". Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren. Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan. Het scannen kan een tijdje duren, dus wees geduldig. Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien. Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected. Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan) De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM. Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.Extra Nota:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

> Beste,

> Malwarebytes Anti-Malware geinstalleerd en de door jullie beschreven
> procedure uitgevoerd.

> Hieronder de log van Anti-Malware en de laatste HyjackThis.

> Tevens kan ik jullie melden dat het probleem waarschijnlijk opgelost
> is. Mijn TCP/IP settings staan terug op "automatisch een
> DNS-serveradres laten toewijzen" zoals het hoort voor een
> Telenet-verbinding.

> Hartelijk bedankt,
> Rodger

> Logfile of Trend Micro HijackThis v2.0.3 (BETA)
> Scan saved at 13:18:08, on 13/03/2010
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> Boot mode: Normal
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Java\jre6\bin\jqs.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\system32\HPZipm12.exe
> C:\WINDOWS\System32\spss_lmd.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\RunDll32.exe
> C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
> C:\Program Files\Ahead\InCD\InCD.exe
> C:\Program Files\Winamp\winampa.exe
> C:\Program Files\Common Files\PhotographyW\ScrInstall.exe
> C:\Program Files\Common Files\AutoMercedesW\ScrInstall.exe
> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
> C:\Program Files\Java\jre6\bin\jusched.exe
> C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
> C:\WINDOWS\system32\wscntfy.exe
> C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
> C:\WINDOWS\system32\wuauclt.exe
> C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.hln.be/ (http://www.hln.be/)
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,AutoConfigURL = http://pac.pandora.be:8080 (http://pac.pandora.be:8080/)
> R0 - HKCU\Software\Microsoft\Internet
> Explorer\Toolbar,LinksFolderName = Koppelingen
> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
> - C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
> O2 - BHO: (no name) - {29F4E2BB-5C1E-47AD-B631-947495905A6B} - \
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program
> Files\Google\Google Toolbar\GoogleToolbar_32.dll
> O2 - BHO: Google Toolbar Notifier BHO -
> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
> Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll
> O2 - BHO: Ask.com Toolbar BHO -
> {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program
> Files\Ask.com\GenericAskToolbar.dll
> O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
> Files\Java\jre6\bin\jp2ssv.dll
> O2 - BHO: JQSIEStartDetectorImpl -
> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
> Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
> O3 - Toolbar: Google Toolbar -
> {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program
> Files\Google\Google Toolbar\GoogleToolbar_32.dll
> O3 - Toolbar: Ask.com Toolbar -
> {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program
> Files\Ask.com\GenericAskToolbar.dll
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [C-Media Speaker Configuration]
> C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
> O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
> O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
> Files\Logitech\QCDriver3\LVCOMS.EXE
> O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
> O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
> O4 - HKLM\..\Run: [onkrqdwr] C:\WINDOWS\onkrqdwr.exe
> O4 - HKLM\..\Run: [PhotographyWInstall] "C:\Program Files\Common
> Files\PhotographyW\ScrInstall.exe" /i
> O4 - HKLM\..\Run: [AutoMercedesWInstall] "C:\Program Files\Common
> Files\AutoMercedesW\ScrInstall.exe" /i
> O4 - HKLM\..\Run: [ISUSPM Startup]
> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
> Files\InstallShield\UpdateService\issch.exe" -start
> O4 - HKLM\..\Run: [878F91898C908E8E] C6CED0C8CBCFCD.exe
> O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvdz.exe]
> C:\WINDOWS\system32\kdvdz.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
> Files\Java\jre6\bin\jusched.exe"
> O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and
> Settings\Administrator\Local Settings\Temporary Internet
> Files\Content.IE5\096V0XEB\RemoveWGA.exe -startup
> O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program
> Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch
> Jukebox\mmtask.exe
> O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mm_tray.exe
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common
> Files\Adobe\ARM\1.0\AdobeARM.exe"
> O4 - HKLM\..\RunServices: [Office XP hack] c:\office_patch.exe hack
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [swg] "C:\Program
> Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
> O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program
> Files\Microsoft Office\Office10\OSA.EXE
> O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
> Files\Nikon\PictureProject\NkbMonitor.exe
> O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
> O8 - Extra context menu item: Google Sidewiki... - res://C:\Program
> Files\Google\Google
> Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
> O9 - Extra button: (no name) -
> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
> O9 - Extra button: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
> O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab)
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{6C961490-D2B1-4B20-8F14-08A7EC41F7C3}:
> Domain = telenet.be
> O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = telenet.be
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telenet.be
> O22 - SharedTaskScheduler: Preloader van browseui -
> {438755C2-A8BA-11D1-B96B-00A0C90312E1} -
> C:\WINDOWS\System32\browseui.dll
> O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën -
> {8C7461EF-2B13-11d2-BE35-3078302C2030} -
> C:\WINDOWS\System32\browseui.dll
> O23 - Service: C-DillaCdaC11BA - Unknown owner -
> C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing)
> O23 - Service: Google Updateservice (gupdate) (gupdate) - Google
> Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
> O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: HP Port Resolver - Hewlett-Packard Company -
> C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE
> O23 - Service: HP Status Server - Hewlett-Packard Company -
> C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE
> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
> Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
> O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
> Files\Lavasoft\Ad-Aware\AAWService.exe
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
> Corporation - C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
> O23 - Service: Spss License Manager (SpssLM) - Unknown owner -
> C:\WINDOWS\System32\spss_lmd.exe
> --
> End of file - 8041 bytes

> Logfile Anti-Malware:

> Malwarebytes' Anti-Malware 1.44
> Database versie: 3510
> Windows 5.1.2600 Service Pack 2
> Internet Explorer 6.0.2900.2180
> 13/03/2010 13:10:30
> mbam-log-2010-03-13 (13-10-30).txt
> Scan type: Snelle Scan
> Objecten gescand: 134661
> Verstreken tijd: 58 minute(s), 28 second(s)
> Geheugenprocessen geïnfecteerd: 0
> Geheugenmodulen geïnfecteerd: 0
> Registersleutels geïnfecteerd: 13
> Registerwaarden geïnfecteerd: 2
> Registerdata bestanden geïnfecteerd: 6
> Mappen geïnfecteerd: 5
> Bestanden geïnfecteerd: 17
> Geheugenprocessen geïnfecteerd:
> (Geen kwaadaardige items gevonden)
> Geheugenmodulen geïnfecteerd:
> (Geen kwaadaardige items gevonden)
> Registersleutels geïnfecteerd:
> HKEY_CLASSES_ROOT\CLSID\{dfaa31c8-a356-4313-9d95-5edab46c5070}
> (Trojan.Agent) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store
> Database\Distribution Units\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}
> (Adware.Mirar) -> Quarantined and deleted successfully.
> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted
> successfully.
> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted
> successfully.
> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted
> successfully.
> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted
> successfully.
> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted
> successfully.
> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted
> successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\core
> (Rootkit.Agent) -> Delete on reboot.
> HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted
> successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Media Access (Adware.MediaAccess) ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\saap (Adware.180Solutions) ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) ->
> Quarantined and deleted successfully.
> Registerwaarden geïnfecteerd:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\media
> access (Adware.MediaAccess) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and
> deleted successfully.
> Registerdata bestanden geïnfecteerd:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data:
> kdvdz.exe -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data:
> c:\windows\system32\twext.exe -> Delete on reboot.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data:
> system32\twext.exe -> Delete on reboot.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad:
> (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\syste m32\twext.exe,)
> Good: (Userinit.exe) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{61c0fdbf-8597-4a7f-a8ea-1d21344da9f2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.189;85.255.112.113 -> Quarantined and deleted
> successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{6c961490-d2b1-4b20-8f14-08a7ec41f7c3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.189;85.255.112.113 -> Delete on
> reboot.
> Mappen geïnfecteerd:
> C:\Documents and Settings\LocalService\Application Data\twain_32
> (Trojan.Zbot) -> Quarantined and deleted successfully.
> C:\Documents and Settings\NetworkService\Application Data\twain_32
> (Trojan.Zbot) -> Quarantined and deleted successfully.
> C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted
> successfully.
> C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
> C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot.
> Bestanden geïnfecteerd:
> C:\WINDOWS\system32\kdvdz.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
> C:\WINDOWS\system32\drivers\core.sys (Rootkit.Agent) -> Delete on reboot.
> C:\Documents and Settings\LocalService\Application
> Data\twain_32\user.ds (Trojan.Zbot) -> Quarantined and deleted
> successfully.
> C:\Documents and Settings\NetworkService\Application
> Data\twain_32\user.ds (Trojan.Zbot) -> Quarantined and deleted
> successfully.
> C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted
> successfully.
> C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot.
> C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot.
> C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) ->
> Quarantined and deleted successfully.
> C:\WINDOWS\system32\ClickToFindandFixErrors.ico (Malware.Trace) ->
> Quarantined and deleted successfully.
> C:\WINDOWS\system32\ClickToFindandFixErrors_4.ico (Malware.Trace) ->
> Quarantined and deleted successfully.
> C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot.
> C:\WINDOWS\Temp\TDSS65e4.tmp (Trojan.FakeAlert) -> Quarantined and
> deleted successfully.
> C:\WINDOWS\Temp\TDSSd26e.tmp (Trojan.FakeAlert) -> Quarantined and
> deleted successfully.
> C:\WINDOWS\Temp\TDSSd443.tmp (Trojan.FakeAlert) -> Quarantined and
> deleted successfully.
> C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted
> successfully.
> C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted
> successfully.
> C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete
> on reboot.
>

Nog problemen nu?

Probleem is opgelost.
Nogmaals dank.
Mvg,
Rodger

Graag gedaan hoor!