Pagina 1 van 2 12 LaatsteLaatste
Weergegeven resultaten: 1 t/m 10 van 16
  1. 3 July 2007, 20:03 #1
    bike devil
    bike devil is offline
    Erelid   bike devil's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    west-vl Wingene
    Berichten
    463
    Bedankjes
    80
    Bedankt
    27 keer in 24 posts

    log met virus en spyware

    virus melding , en spyware op pc

    mijn log


    Logfile of HijackThis v1.99.1
    Scan saved at 20:03:16, on 3-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Eset\nod32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\MsiExec.exe
    E:\drivers\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\zipper.exe
    C:\WINDOWS\system32\taskmgr.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\gqyadxml.dll",forkonce
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?66870f27101d4d67bc0156ae39055a68
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?66870f27101d4d67bc0156ae39055a68
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nokhcrew.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  2. 3 July 2007, 20:40 #2
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.852
    Bedankjes
    90
    Bedankt
    800 keer in 736 posts
    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Member of ASAP
  3. 3 July 2007, 21:08 #3
    bike devil
    bike devil is offline
    Erelid   bike devil's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    west-vl Wingene
    Berichten
    463
    Bedankjes
    80
    Bedankt
    27 keer in 24 posts
    Administrator" - 2007-07-03 20:52:21 - ComboFix 07-07-03.9 - Service Pack 2

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))

    C:\WINDOWS\system32\gqyadxml.dll
    C:\WINDOWS\system32\oyxvfdjo.dll
    C:\WINDOWS\system32\pkbahbmb.dll
    C:\WINDOWS\system32\pucybjhh.dll
    C:\WINDOWS\system32\qoiwyese.dll
    C:\WINDOWS\system32\ysubifrb.dll
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\system32\rrqss.bak2
    C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\rrqss.tmp
    C:\WINDOWS\system32\lmxdayqg.ini
    C:\WINDOWS\system32\bmbhabkp.ini
    C:\WINDOWS\system32\hhjbycup.ini
    C:\WINDOWS\system32\brfibusy.ini
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\system32\rrqss.bak2
    C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\rrqss.tmp
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\system32\rrqss.bak2
    C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\rrqss.tmp
    C:\WINDOWS\system32\ssqrr.dll

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\ADMINI~1\BUREAU~1\internet.lnk

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_DOMAINSERVICE
    -------\DomainService

    ((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))

    2007-07-03 20:51 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-06-29 13:03 122,944 --a------ C:\WINDOWS\system32\ouvtstsl.exe
    2007-06-29 06:55 122,944 --a------ C:\WINDOWS\system32\itrovhun.exe
    2007-06-29 06:53 122,944 --a------ C:\WINDOWS\system32\nxwvoxch.exe
    2007-06-28 19:58 128,576 --------- C:\WINDOWS\system32\hpksvswr.dll
    2007-06-28 19:55 122,944 --a------ C:\WINDOWS\system32\umixiriy.exe
    2007-06-28 19:53 122,944 --a------ C:\WINDOWS\system32\blpweffb.exe
    2007-06-28 08:17 128,576 --------- C:\WINDOWS\system32\ritwpuyx.dll
    2007-06-28 08:14 122,944 --a------ C:\WINDOWS\system32\jxvqthjr.exe
    2007-06-27 08:14 122,944 --a------ C:\WINDOWS\system32\nokhcrew.exe
    2007-06-26 19:50 31,254 --a------ C:\WINDOWS\system32\xxyxxxv.dll
    2007-06-26 18:26 31,254 --a------ C:\WINDOWS\system32\ljjgeef.dll
    2007-06-26 17:43 31,254 --a------ C:\WINDOWS\system32\ddcayxx.dll
    2007-06-26 17:24 31,254 --------- C:\WINDOWS\system32\efcayay.dll
    2007-06-26 17:23 71,411 --a------ C:\DOCUME~1\ADMINI~1\call.exe
    2007-06-25 19:57 239,715 --a------ C:\DOCUME~1\ADMINI~1\services.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    2007-07-03 17:16:03 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
    2007-06-25 17:52:10 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-25 10:42:57 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\TypingMasterIntra
    2007-06-01 13:53:34 -------- d-----w C:\Program Files\Windows Live Toolbar
    2007-05-16 15:31:05 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 07:44:04 54,698 ----a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-14 07:44:04 367,600 ----a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-08 10:41:54 -------- d-----w C:\Program Files\TypingMaster
    2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-01-12 19:38 63128 --a------ C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-08-31 21:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-20 00:56 2423872 -ra------ c:\program files\google\googletoolbar1.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2007-02-12 15:56 546672 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726}]
    2007-06-26 17:24 31254 --------- C:\WINDOWS\system32\efcayay.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Cmaudio"="cmicnfg.cpl" []
    "C-Media Mixer"="Mixer.exe" [2005-11-21 05:25 C:\WINDOWS\mixer.exe]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-17 14:17]
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 11:32]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-12-27 11:32]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 02:36]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 19:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-01-27 20:28]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\efcayay.dll" [2007-06-26 17:24]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcayay]
    efcayay.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    Authentication Packages msv1_0 relog_ap

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b2df5f6e-47bc-11db-b02f-806d6172696f}]
    AutoRun\command- D:\setup.exe

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC76BA86-7AD7-1043-7B44-A70000000000}
    msiexec /fup {AC76BA86-7AD7-1043-7B44-A70800000002} /qn
    Contents of the 'Scheduled Tasks' folder
    2007-07-03 18:06:00 C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
    ************************************************** ************************
    catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-03 21:00:52
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    ************************************************** ************************
    Completion time: 2007-07-03 21:03:27 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-03 21:03
    --- E O F ---

    Logfile of HijackThis v1.99.1
    Scan saved at 21:07, on 2007-07-03
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\ComboFix\catchme.cfexe
    C:\WINDOWS\system32\notepad.exe
    E:\drivers\hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\efcayay.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?66870f27101d4d67bc0156ae39055a68
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?66870f27101d4d67bc0156ae39055a68
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: efcayay - C:\WINDOWS\SYSTEM32\efcayay.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  4. 4 July 2007, 04:07 #4
    bike devil
    bike devil is offline
    Erelid   bike devil's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    west-vl Wingene
    Berichten
    463
    Bedankjes
    80
    Bedankt
    27 keer in 24 posts
    pc start nu niet meer op reboot steeds

    enkel veilige modus werkt

    zelfs veilge modus met netwerk werkt niet meer


    ben nu systeemherstel aan het doen

    lukt nog niet na systeemhestel

    nu ik heb usb netwerk adapter verwijderd en nu start hij normaal op

    heeft waarschijnelijk met het virus te maken

    mag ik nod verwijderen want die blokt het volledige systeem nu
    Laatst gewijzigd door bike devil; 4 July 2007 om 04:15
  5. 4 July 2007, 13:31 #5
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.852
    Bedankjes
    90
    Bedankt
    800 keer in 736 posts
    Deïnstalleer MSN messenger eventjes, deze is besmet, pas dan doe je verder:


    Download OTMoveIt.exe en plaats het op je bureaublad:

    Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
    In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:

    C:\WINDOWS\system32\ouvtstsl.exe
    C:\WINDOWS\system32\itrovhun.exe
    C:\WINDOWS\system32\nxwvoxch.exe
    C:\WINDOWS\system32\hpksvswr.dll
    C:\WINDOWS\system32\umixiriy.exe
    C:\WINDOWS\system32\blpweffb.exe
    C:\WINDOWS\system32\ritwpuyx.dll
    C:\WINDOWS\system32\jxvqthjr.exe
    C:\WINDOWS\system32\nokhcrew.exe
    C:\WINDOWS\system32\xxyxxxv.dll
    C:\WINDOWS\system32\ljjgeef.dll
    C:\WINDOWS\system32\ddcayxx.dll
    C:\WINDOWS\system32\efcayay.dll
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\call.exe
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\services.exe

    Klik daarna op de knop MoveIt onderaan.
    Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
    Post de inhoud daarvan in je volgende bericht met een nieuw hijackthis logje.

    mag ik nod verwijderen want die blokt het volledige systeem nu
    Probeer eens zonder NOD32 te verwijderen, als het echt niet lukt om het bovenstaande uit te voeren dan mag je het voorlopig verwijderen.

    Member of ASAP
  6. 4 July 2007, 14:47 #6
    bike devil
    bike devil is offline
    Erelid   bike devil's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    west-vl Wingene
    Berichten
    463
    Bedankjes
    80
    Bedankt
    27 keer in 24 posts
    nod verwijderd en avg free er op gezet

    msn verwijderd

    C:\WINDOWS\system32\ouvtstsl.exe moved successfully.
    C:\WINDOWS\system32\itrovhun.exe moved successfully.
    C:\WINDOWS\system32\nxwvoxch.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\hpksvswr.dll
    C:\WINDOWS\system32\hpksvswr.dll NOT unregistered.
    C:\WINDOWS\system32\hpksvswr.dll moved successfully.
    C:\WINDOWS\system32\umixiriy.exe moved successfully.
    C:\WINDOWS\system32\blpweffb.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ritwpuyx.dll
    C:\WINDOWS\system32\ritwpuyx.dll NOT unregistered.
    C:\WINDOWS\system32\ritwpuyx.dll moved successfully.
    C:\WINDOWS\system32\jxvqthjr.exe moved successfully.
    C:\WINDOWS\system32\nokhcrew.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\xxyxxxv.dll
    C:\WINDOWS\system32\xxyxxxv.dll NOT unregistered.
    C:\WINDOWS\system32\xxyxxxv.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljjgeef.dll
    C:\WINDOWS\system32\ljjgeef.dll NOT unregistered.
    C:\WINDOWS\system32\ljjgeef.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcayxx.dll
    C:\WINDOWS\system32\ddcayxx.dll NOT unregistered.
    C:\WINDOWS\system32\ddcayxx.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcayay.dll
    C:\WINDOWS\system32\efcayay.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\efcayay.dll scheduled to be moved on reboot.
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\call.exe moved successfully.
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\services.exe moved successfully.
    File/Folder not found.

    Created on 07-04-2007 14:35:18

    Logfile of HijackThis v1.99.1
    Scan saved at 14:46:21, on 4-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\drivers\avg75free_476a1048.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\avgsetu p.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\drivers\hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\lcpcqvyx.dll",forkonce
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nokhcrew.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  7. 4 July 2007, 15:12 #7
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.852
    Bedankjes
    90
    Bedankt
    800 keer in 736 posts
    Ok, update AVG en doe een volledige systeemscan in veilige modus(als dat lukt) en verwijder alles wat er gevonden wordt.

    Member of ASAP
  8. 4 July 2007, 16:16 #8
    bike devil
    bike devil is offline
    Erelid   bike devil's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    west-vl Wingene
    Berichten
    463
    Bedankjes
    80
    Bedankt
    27 keer in 24 posts
    ok is bezig

    en dan nieuwe HijackThis log ?
  9. 4 July 2007, 16:48 #9
    bike devil
    bike devil is offline
    Erelid   bike devil's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    west-vl Wingene
    Berichten
    463
    Bedankjes
    80
    Bedankt
    27 keer in 24 posts
    ok gedaan

    na normale opstart terug scan gedaan

    terug trojan horse generic5.cf gevonden (2x)

    ga die nu als de scan volledig gedaan is proberen te verwijderen
  10. 4 July 2007, 17:06 #10
    jurgenv
    jurgenv is offline
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.852
    Bedankjes
    90
    Bedankt
    800 keer in 736 posts
    Ok, post dan een nieuw logje van combofix hier en daarna een nieuw hijackthis logje.

    Member of ASAP
« Vorige discussie | Volgende discussie »

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Logje nav Post Virus/Spyware
    Door Brinkie77 in forum HijackThis
    Reacties: 10
    Laatste bericht: 28 March 2007, 07:29
  2. Inet 2002 virus?/spyware
    Door nico445 in forum Malware
    Reacties: 4
    Laatste bericht: 22 February 2007, 20:35
  3. spyware voorkomen+spyware in het algemeen
    Door nielsvandesype in forum Malware
    Reacties: 6
    Laatste bericht: 14 January 2006, 20:21

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •  

Forumregels