Bij opstart dosvenster met rare tekentjes

[Gast woops]

Vanmorgen toen ik mijn pc opstartte kwam er juist voor het welkomscherm een dosvenster met drie rare tekentjes in de balk bovenaan en ook in het venster stonden die tekentjes met een knop voor ok. Ik wou eerst het kruisje aanklikken om het venster te sluiten, maar ik kon niet anders dan op ok drukken, anders wou het venster niet dicht. Windows startte daarna gewoon op. Ik ben bang dat ik nu ook iets opgelopen heb door gisteren met een usb stick te werken om logs over te zetten van de laptop waar we in een andere discussie mee bezig zijn (omdat daar besmette bestanden opzaten) naar deze pc om de logs te kunnen plaatsen. Ik heb nu juist een hijack uitgevoerd die ik hieronder zal plakken. Ik durf niet meer te herstarten om mogelijke schade te beperken.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:01, on 15/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe

F:\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1170394908.dll

O3 - Toolbar: Google Kladblok - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1170394908.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Deze pagina noteren (Google Kladblok) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1170394908.dll/gn_menu1.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Noteren (Google Kladblok) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1170394908.dll/gn_menu2.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192390495015

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://striksels.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: 91.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe

O23 - Service: NMSAccessU - Unknown owner - F:\CDBurnerXP\NMSAccessU.exe

--

End of file - 7121 bytes

[kape]

Er is inderdaad een kaper op de kust in je log :

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O20 - AppInit_DLLs: 91.dll

Klik op 'Fix checked' om de items te verwijderen. En laat dan eens horen of dit iets gewijzigd heeft aan je probleem.

[Gast woops]

ik heb gedaan zoals hierboven vermeld maar het is helaas nog hetzelfde.

[kape]

Eigenlijk had ik dit verwacht, maar wilde op een snelle manier achterhalen of het lukte of niet. Dan over naar stap 2 :

Download VundoFix naar je bureaublad.

[*]Dubbelklik VundoFix.exe om het te starten.

[*]Klik op de Scan for Vundo knop.

[*]Eenmaal gedaan met scannen, klik op de Remove Vundo knop.

[*]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES

[*]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.

[*]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.

[*]Start je pc terug opnieuw op.

Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden. In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

Post de inhoud van C:\vundofix.txt en een nieuwe HJT-log in je volgende bericht.

[Gast woops]

vundofix heeft niets gevonden

[kape]

Zou ik dan even dat logje van Vundofix en een nieuw log van HJT mogen zien aub ?

[Gast woops]

Ik plak hier het logje van vundofix

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 22:37:43 15/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\aqcjnkgn.dll

C:\WINDOWS\system32\gebccca.dll

C:\WINDOWS\system32\glmgibwl.dll

C:\WINDOWS\system32\knsmwpdo.dll

C:\WINDOWS\system32\lvjoxxwr.dll

C:\WINDOWS\system32\lwbigmlg.ini

C:\WINDOWS\system32\ppqss.bak1

C:\WINDOWS\system32\ppqss.bak2

C:\WINDOWS\system32\ppqss.ini

C:\WINDOWS\system32\ssqpp.dll

C:\WINDOWS\system32\tojqyiqx.ini

C:\WINDOWS\system32\vnyvvqna.dll

C:\WINDOWS\system32\whdrpyxo.dll

C:\WINDOWS\system32\xqiyqjot.dll

C:\WINDOWS\system32\xwdocnro.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aqcjnkgn.dll

C:\WINDOWS\system32\aqcjnkgn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebccca.dll

C:\WINDOWS\system32\gebccca.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\glmgibwl.dll

C:\WINDOWS\system32\glmgibwl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\knsmwpdo.dll

C:\WINDOWS\system32\knsmwpdo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lvjoxxwr.dll

C:\WINDOWS\system32\lvjoxxwr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lwbigmlg.ini

C:\WINDOWS\system32\lwbigmlg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.bak1

C:\WINDOWS\system32\ppqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.bak2

C:\WINDOWS\system32\ppqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppqss.ini

C:\WINDOWS\system32\ppqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpp.dll

C:\WINDOWS\system32\ssqpp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tojqyiqx.ini

C:\WINDOWS\system32\tojqyiqx.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vnyvvqna.dll

C:\WINDOWS\system32\vnyvvqna.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\whdrpyxo.dll

C:\WINDOWS\system32\whdrpyxo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xqiyqjot.dll

C:\WINDOWS\system32\xqiyqjot.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xwdocnro.dll

C:\WINDOWS\system32\xwdocnro.dll Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 23:01:09 15/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\edeeg.bak1

C:\WINDOWS\system32\edeeg.ini

C:\WINDOWS\system32\gebccca.dll

C:\WINDOWS\system32\geede.dll

C:\WINDOWS\system32\uihtvcxy.dll

Beginning removal...

Beginning removal...

Attempting to delete C:\WINDOWS\system32\edeeg.bak1

C:\WINDOWS\system32\edeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\edeeg.ini

C:\WINDOWS\system32\edeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebccca.dll

C:\WINDOWS\system32\gebccca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geede.dll

C:\WINDOWS\system32\geede.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uihtvcxy.dll

C:\WINDOWS\system32\uihtvcxy.dll Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 23:28:44 15/04/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 6:43:50 16/04/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 17:21:34 16/04/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 23:30:39 23/04/2007

Listing files found while scanning....

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 19:06:22 26/04/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 8:11:45 6/05/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 20:00:38 7/05/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 17:02:31 13/05/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 10:23:35 15/05/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 21:26:01 23/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ssttu.dll

C:\WINDOWS\system32\uttss.bak1

C:\WINDOWS\system32\uttss.bak2

C:\WINDOWS\system32\uttss.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssttu.dll

C:\WINDOWS\system32\ssttu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uttss.bak1

C:\WINDOWS\system32\uttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uttss.bak2

C:\WINDOWS\system32\uttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uttss.ini

C:\WINDOWS\system32\uttss.ini Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 22:06:52 24/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ihkmp.bak1

C:\WINDOWS\system32\ihkmp.bak2

C:\WINDOWS\system32\ihkmp.ini

C:\WINDOWS\system32\pmkhi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ihkmp.bak1

C:\WINDOWS\system32\ihkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihkmp.bak2

C:\WINDOWS\system32\ihkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihkmp.ini

C:\WINDOWS\system32\ihkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhi.dll

C:\WINDOWS\system32\pmkhi.dll Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 23:08:26 24/06/2007

Listing files found while scanning....

C:\windows\system32\ddccc.dll

C:\WINDOWS\system32\fccaxyw.dll

C:\WINDOWS\system32\gebccca.dll

C:\windows\system32\qaswtpky.dll

C:\WINDOWS\system32\qxwxxunu.ini

C:\WINDOWS\system32\unuxxwxq.dll

C:\windows\system32\ykptwsaq.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fccaxyw.dll

C:\WINDOWS\system32\fccaxyw.dll Has been deleted!

Attempting to delete C:\windows\system32\qaswtpky.dll

C:\windows\system32\qaswtpky.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxwxxunu.ini

C:\WINDOWS\system32\qxwxxunu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\unuxxwxq.dll

C:\WINDOWS\system32\unuxxwxq.dll Has been deleted!

Attempting to delete C:\windows\system32\ykptwsaq.ini

C:\windows\system32\ykptwsaq.ini Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 11:40:33 25/06/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 22:10:07 2/07/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 12:26:22 11/07/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 7:57:02 16/07/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 8:38:09 20/07/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 23:04:18 29/07/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 20:35:39 13/09/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 8:34:47 9/10/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 8:25:28 19/11/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 20:19:53 22/01/2008

Listing files found while scanning....

No infected files were found.

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 9:20:25 14/02/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 9:49:46 14/03/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 11:59:00 15/03/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 15:06:04 2008-03-15

Listing files found while scanning....

en dan nu de hijacklog

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:10, on 2008-03-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe

F:\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\Yo\Local Settings\Temporary Internet Files\Content.IE5\UYDCM790\VundoFix[1].exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1170394908.dll

O3 - Toolbar: Google Kladblok - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1170394908.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Deze pagina noteren (Google Kladblok) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1170394908.dll/gn_menu1.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Noteren (Google Kladblok) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1170394908.dll/gn_menu2.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192390495015

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://striksels.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe

O23 - Service: NMSAccessU - Unknown owner - F:\CDBurnerXP\NMSAccessU.exe

--

End of file - 6417 bytes

[Gast woops]

Ik wil ook nog even melden dat het in het dosvenstertje IIä staat.

Ik weet niet of er iemand weet wat dit is. Ik heb al in veilige modus gescand, maar dan is het kwaad al geschied denk ik. Dat venster verschijnt net voor de pc in veilige modus opstart.

[kape]

vundofix heeft niets gevonden

Dat was wel een heel optimistische conclusie Vundofix heeft een heel pak besmette bestanden gevonden en verwijderd. Nog eentje dat je momenteel al mag verwijderen is :

C:\WINDOWS\system32\gebccca.dll

En dan even dit uitvoeren.

Download Combofix.exe en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang dan dit log van Combofix aan een volgend bericht.

[Gast woops]

moet ik dat verwijderen in regedit? of hoe verwijder ik het?

sorry he maar ik wil zeker zijn.