antivirus.startpagina.nl

Logfile - Meekijken op pc

  • Anonymous avatar

    Rene10

    Goedeavond ,

    Ik heb het idee dat er wordt mee gekeken als ik op de pc zit, van buitenaf of er draait en progje mee waaruit men inlogt op diverse privedingen .msn ,hyves,email account .

    Wie help me verder ,ik heb alles opgeschoond zoals beschreven staat.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 16:31:41, on 11-10-2011

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

    C:\PROGRA~1\AVG\AVG10\avgrsx.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\AVG\AVG10\avgwdsvc.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

    C:\Program Files\AVG\AVG10\avgnsx.exe

    C:\Program Files\AVG\AVG10\avgemcx.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\AVG\AVG10\avgtray.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    C:\WINDOWS\system32\RunDLL32.exe

    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Documents and Settings\Administrator\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: RTHDCPL.EXE

    O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime

    O4 - HKLM\..\Run: C:\Program Files\AVG\AVG10\avgtray.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

    O4 - HKLM\..\Run: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

    O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: “C:\Program Files\TorrentEasy\TorrentEasy.exe -autorun”

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-20\..\RunOnce: regsvr32 /s /n /i:u shell32 (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-21-507921405-1364589140-839522115-1005\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-507921405-1364589140-839522115-1005\..\RunOnce: regsvr32 /s /n /i:u shell32 (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\S-1-5-18\..\RunOnce: regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

    O4 - HKUS\.DEFAULT\..\RunOnce: regsvr32 /s /n /i:u shell32 (User ‘Default user’)

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)

    O9 - Extra ‘Tools’ menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    End of file - 7510 bytes

    Malwarebytes' Anti-Malware 1.51.2.1300

    www.malwarebytes.org

    Databaseversie: 7922

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

    11-10-2011 16:24:41

    mbam-log-2011-10-11 (16-24-40).txt

    Scantype: Snelle scan

    Objecten gescand: 170445

    Verstreken tijd: 8 minuut/minuten, 55 seconde(n)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 0

    Registerwaarden geïnfecteerd: 1

    Registerdata geïnfecteerd: 0

    Mappen geïnfecteerd: 0

    Bestanden geïnfecteerd: 3

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:

    c:\WGASetup.exe (Hacktool.WPA) -> Quarantined and deleted successfully.

    c:\documents and settings\administrator\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

    c:\documents and settings\administrator\application data\Adobe\plugs\mmc9.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    Alvast bedankt Rene

  • Anonymous avatar

    fazantje

    Hoi Rene,

    Je hebt een prive bericht van mij ontvangen.

    Deze kun je lezen door in de balk op prikbord

    Ga naar: Nieuw bericht•Zoeken•Huisregels•FAQ•Mijn profiel•Privéberichten•Log uit •Uitgeklapt.

    Op privé berichten te klikken.

    Je kunt hier ook even antwoorden.

    Groetjes Huib;)

  • Anonymous avatar

    fazantje

    Hoi Rene,

    Start HijackThis, klik op scan en vink de volgende regels aan:

    O4 - HKUS\S-1-5-20\..\RunOnce: regsvr32 /s /n /i:u shell32 (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-21-507921405-1364589140-839522115-1005\..\RunOnce: regsvr32 /s /n /i:u shell32 (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-18\..\RunOnce: regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\RunOnce: regsvr32 /s /n /i:u shell32 (User ‘Default user’)

    Sluit alle vensters, behalve HijackThis en klik op fix checked.

    Download combofix Hier.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

    want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,

    schakel dan deze scanner uit en download Combofix opnieuw.

    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe

    Volg de instructies, aanvaard de disclaimer.

    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Plaats deze log in je volgende post samen met een nieuw HijackThis logje.

    Succes,

    Huib;)

  • Anonymous avatar

    Rene10

    ComboFix 11-10-11.03 - Administrator 11-10-2011 22:24:38.1.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.621

    Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    .

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\Administrator\Application Data\Adobe\plugs

    c:\documents and settings\Administrator\Application Data\Adobe\shed

    c:\documents and settings\All Users\Application Data\SysMon

    c:\documents and settings\All Users\Application Data\SysMon\Logs\PrevUser.usr

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAggregatedLog.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonApplications.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonClipboardMonitor.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonFileMonitor.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonKeyLogger.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonLogonLogoff.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonMessenger.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonPrinterMonitor.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonScreenShot.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonScreenShotWeb.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonAllDaySysMonWeb.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonApplications.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonApplications_20110619.xmm

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonClipboardMonitor.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonClipboardMonitor_20110619.xmm

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonFileMonitor.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonGlobalLog.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonKeybk.bmp

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonKeyLogger.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonKeyLogger_20110619.html

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonLogonLogoff.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonLogonLogoff_20110619.xmm

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonMessenger.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonPrinterMonitor.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonScreenShot.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonScreenShot_20110619.xmm

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonScreenShotWeb.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonScreenShotWeb_20110619.xmm

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonWeb.xsl

    c:\documents and settings\All Users\Application Data\SysMon\Logs\SysMonWeb_20110619.xmm

    c:\documents and settings\All Users\Application Data\SysMon\Logs\TestEmail.xml

    c:\documents and settings\All Users\Application Data\SysMon\Logs\TestReport.xml

    c:\documents and settings\All Users\Application Data\SysMon\SysMonHelp.chm

    c:\documents and settings\All Users\Menu Start\Programma's\Internet Explorer.lnk

    C:\install.exe

    c:\windows\ehome\medctrro.exe

    c:\windows\IsUn0413.exe

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2011-09-11 to 2011-10-11 ))))))))))))))))))))))))))))))

    .

    .

    2011-10-11 14:13 . 2011-10-11 14:13 ——– d—–w- c:\documents and settings\Administrator\Application Data\Malwarebytes

    2011-10-11 14:13 . 2011-10-11 14:13 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2011-10-11 14:13 . 2011-08-31 15:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys

    2011-10-11 14:13 . 2011-10-11 14:13 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware

    2011-10-04 23:23 . 2011-10-04 23:23 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

    2011-09-27 14:20 . 2011-08-03 11:49 600680 —-a-w- c:\windows\system32\easyupdatusapiu.dll

    2011-09-27 14:20 . 2011-10-06 18:59 281152 —-a-w- c:\windows\system32\nvdrsdb1.bin

    2011-09-27 14:20 . 2011-10-06 18:59 1 —-a-w- c:\windows\system32\nvdrssel.bin

    2011-09-27 14:20 . 2011-10-06 18:58 281152 —-a-w- c:\windows\system32\nvdrsdb0.bin

    2011-09-27 14:19 . 2011-08-03 11:49 61440 —-a-w- c:\windows\system32\OpenCL.dll

    2011-09-27 14:19 . 2011-08-03 11:49 914024 —-a-w- c:\windows\system32\nvdispco32.dll

    2011-09-27 14:19 . 2011-08-03 11:49 875112 —-a-w- c:\windows\system32\nvgenco32.dll

    2011-09-27 14:19 . 2011-08-03 11:49 2387560 —-a-w- c:\windows\system32\nvcuvid.dll

    2011-09-27 14:19 . 2011-08-03 11:49 2090088 —-a-w- c:\windows\system32\nvcuvenc.dll

    2011-09-27 14:19 . 2011-08-03 11:49 17186816 —-a-w- c:\windows\system32\nvcompiler.dll

    2011-09-27 14:15 . 2011-09-27 14:21 ——– d—–w- c:\program files\NVIDIA Corporation

    2011-09-27 14:07 . 2011-09-27 14:07 ——– d—–w- c:\program files\SystemRequirementsLab

    2011-09-25 18:28 . 2011-09-25 21:18 ——– d—–w- c:\program files\NirSoft

    2011-09-19 17:15 . 2008-11-07 16:55 16928 ——w- c:\windows\system32\spmsgXP_2k3.dll

    2011-09-19 17:14 . 2011-09-19 17:14 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\Research In Motion

    2011-09-19 17:14 . 2011-09-19 17:15 ——– d—–w- c:\documents and settings\Administrator\Application Data\Research In Motion

    2011-09-19 17:13 . 2009-01-09 14:18 27136 —-a-r- c:\windows\system32\drivers\RimSerial.sys

    2011-09-19 17:12 . 2011-09-19 17:12 ——– d—–w- c:\documents and settings\All Users\Application Data\Research In Motion

    2011-09-19 17:11 . 2011-09-19 17:12 ——– d—–w- c:\program files\Common Files\Research In Motion

    2011-09-19 17:11 . 2011-09-19 17:11 ——– d—–w- c:\program files\Research In Motion

    2011-09-14 13:53 . 2011-10-11 14:27 ——– d—–w- c:\windows\Internet Logs

    2011-09-13 13:50 . 2011-09-13 13:50 ——– d—–w- c:\windows\ShellNew

    2011-09-13 13:49 . 2011-09-13 13:49 ——– d—–w- c:\documents and settings\Administrator\Application Data\Microsoft Web Folders

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-10-05 11:42 . 2011-06-19 11:04 414368 -c–a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-09-09 09:12 . 2002-12-31 12:00 602624 —-a-w- c:\windows\system32\crypt32.dll

    2011-09-06 19:02 . 2011-09-06 19:02 472808 —-a-w- c:\windows\system32\deployJava1.dll

    2011-09-06 19:02 . 2011-06-19 10:14 73728 —-a-w- c:\windows\system32\javacpl.cpl

    2011-08-03 11:49 . 2008-05-16 12:01 5427200 —-a-w- c:\windows\system32\nvcuda.dll

    2011-08-03 11:49 . 2008-05-16 12:01 54272 —-a-w- c:\windows\system32\nvwddi.dll

    2011-08-03 11:49 . 2008-05-16 12:01 4210816 —-a-w- c:\windows\system32\nv4_disp.dll

    2011-08-03 11:49 . 2008-05-16 12:01 2404864 —-a-w- c:\windows\system32\nvapi.dll

    2011-08-03 11:49 . 2008-05-16 12:01 16191488 —-a-w- c:\windows\system32\nvoglnt.dll

    2011-08-03 11:49 . 2008-05-16 12:01 146024 —-a-w- c:\windows\system32\nvsvc32.exe

    2011-08-03 11:49 . 2008-05-16 12:01 145000 -c–a-w- c:\windows\system32\nvcolor.exe

    2011-08-03 11:49 . 2008-05-16 12:01 13892200 —-a-w- c:\windows\system32\nvcpl.dll

    2011-08-03 11:49 . 2008-05-16 12:01 12542592 —-a-w- c:\windows\system32\drivers\nv4_mini.sys

    2011-08-03 11:49 . 2008-05-16 12:01 111208 —-a-w- c:\windows\system32\nvmctray.dll

    2011-07-15 13:29 . 2002-12-31 12:00 456320 —-a-w- c:\windows\system32\drivers\mrxsmb.sys

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    “msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”

    “TorrentEasy”=“c:\program files\TorrentEasy\TorrentEasy.exe”

    .

    “RTHDCPL”=“RTHDCPL.EXE”

    “QuickTime Task”=“c:\program files\QuickTime\qttask.exe”

    “AVG_TRAY”=“c:\program files\AVG\AVG10\avgtray.exe”

    “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”

    “ZoneAlarm Client”=“c:\program files\Zone Labs\ZoneAlarm\zlclient.exe”

    “RIMBBLaunchAgent.exe”=“c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe”

    “NvCplDaemon”=“c:\windows\system32\NvCpl.dll”

    “NvMediaCenter”=“NvMCTray.dll”

    “nwiz”=“c:\program files\NVIDIA Corporation\nView\nwiz.exe”

    “Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”

    .

    “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”

    .

    “PackNoVs”=“c:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe”

    .

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE

    .

    “SetVisualStyle”= c:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles

    .

    BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

    .

    @=“Driver”

    .

    “AntiVirusOverride”=dword:00000001

    .

    “DisableMonitoring”=dword:00000001

    .

    “c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe”=

    “%windir%\\system32\\sessmgr.exe”=

    “c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=

    “c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=

    “c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe”=

    “%windir%\\Network Diagnostic\\xpnetdiag.exe”=

    “c:\\Program Files\\TorrentEasy\\TorrentEasy.exe”=

    “c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe”=

    “c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe”=

    “c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe”=

    “c:\\Program Files\\AVG\\AVG10\\avgnsx.exe”=

    “c:\\Program Files\\AVG\\AVG10\\avgemcx.exe”=

    “c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe”=

    “c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe”=

    .

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys

    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys

    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys

    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys

    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe

    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys

    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys

    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe

    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys

    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe

    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys –> c:\windows\system32\drivers\mbamswissarmy.sys

    .

    — Andere Services/Drivers In Geheugen —

    .

    *Deregistered* - uphcleanhlp

    .

    Inhoud van de ‘Gedeelde Taken’ map

    .

    2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe

    .

    2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe

    .

    .

    ——- Bijkomende Scan ——-

    .

    uStart Page = hxxp://www.startpagina.nl/

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO

    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

    .

    - - - - ORPHANS VERWIJDERD - - - -

    .

    Toolbar-Locked - (no file)

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-10-11 22:33

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scannen van verborgen processen …

    .

    scannen van verborgen autostart items …

    .

    scannen van verborgen bestanden …

    .

    Scan succesvol afgerond

    verborgen bestanden: 0

    .

    **************************************************************************

    .

    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    .

    @Denied: (2) (Administrator)

    “88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,6e,d8,6c,16,97,d2,40,ae,30,da,\

    “2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,11,87,04,c1,34,38,48,92,69,0f,\

    .

    Voltooingstijd: 2011-10-11 22:36:16

    ComboFix-quarantined-files.txt 2011-10-11 20:36

    .

    Pre-Run: 68.531.507.200 bytes beschikbaar

    Post-Run: 68.590.305.280 bytes beschikbaar

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

    UnsupportedDebug=“do not select this” /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect

    .

    - - End Of File - - E4146E2D9946F0700AA5BEBF4544EDCB

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 22:37:28, on 11-10-2011

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\AVG\AVG10\avgwdsvc.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

    C:\Program Files\AVG\AVG10\avgnsx.exe

    C:\Program Files\AVG\AVG10\avgemcx.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\AVG\AVG10\avgtray.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\PROGRA~1\AVG\AVG10\avgrsx.exe

    C:\Program Files\AVG\AVG10\avgcsrvx.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\explorer.exe

    C:\Documents and Settings\Administrator\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: RTHDCPL.EXE

    O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime

    O4 - HKLM\..\Run: C:\Program Files\AVG\AVG10\avgtray.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

    O4 - HKLM\..\Run: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

    O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray

    O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: “C:\Program Files\TorrentEasy\TorrentEasy.exe -autorun”

    O4 - HKUS\S-1-5-21-507921405-1364589140-839522115-1005\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-507921405-1364589140-839522115-1005\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\IE7.inf,AfterUserStart,,4,N (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\S-1-5-18\..\RunOnce: “C:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe” –unsetvs (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

    O4 - HKUS\.DEFAULT\..\RunOnce: “C:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe” –unsetvs (User ‘Default user’)

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)

    O9 - Extra ‘Tools’ menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    End of file - 7321 bytes

    Groet Rene

  • Anonymous avatar

    fazantje

    Hoi Rene,

    Logjes zien er nu goed uit.

    Verwijder eerst even combofix, dat doe je als volgt:

    Download OTC exe

    Plaats het bestand op je bureaublad.

    Zorg dat er een internetverbinding is.

    Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.

    Lukt dat niet , dan dubbelklikken op het icoon.

    Klik nu op de knop "CleanUp!"

    Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.

    OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

    Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.

    Download Ccleaner Hier.

    Installeer deze en draai eerst de cleaner en daarna het register.

    Alles wat ie vind laten verwijderen of repareren.

    Hier zal waarschijnlijk de resten van hitmanpro bij zittenwinking smiley

    Let wel op bij het installeren van Ccleaner dat je het vinkje weg haalt bij google chrome, anders krijg je deze er gratis erbij.

    Leeg jou prullenbak en verwijder alle herstelpunten:

    Rechtsklik op Deze Computer.

    Kies voor Eigenschappen.

    Ga naar het tabblad Systeemherstel.

    Plaats een vinkje bij “Systeemherstel op alle stations uitschakelen”.

    Herstart de computer.

    Schakel systeemherstel weer opnieuw in, door nu het vinkje weg te halen.

    Verander al jou wachtwoorden.

    Succes,

    Huib;)

  • Anonymous avatar

    Rene10

    Dank je wel Huib voor de genomen moeite .Heb je geen rare bestanden gezien keylogger etc etc .

    Groet Rene.

  • Anonymous avatar

    fazantje

    Hoi Rene,

    Nee, niet gezien.

    Houd wel de wachtwoorden voor jou zelf en laat ze zelfs niet aan jou beste vrienden/vriendinnen zien.

    Veelal gebeuren zulke zaken door “bekenden” van jou.

    Zorg ook voor wachtwoorden die niet vanzelf sprekend zijn.

    Voorbeeld:

    Als jou hobby vissen is, maak dan geen wachtwoord aan met ook maar iets wat met vissen te maken heeft.

    Wachtwoorden zijn in veel gevallen gerelateerd aan familie - gezin of hobby.

    Groetjes Huib;)