Niet updaten van virus scanner

[jigs]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:24, on 29-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O2 - BHO: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFear.dll
O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFear.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\kurt\Bureaublad\ClockGen\ClockGen.exe -i p=0
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://194.78.112.62/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...81/mcfscan.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://67.19.107.18/DGTx.CAB
O22 - SharedTaskScheduler: exultet - {4f5f16ef-af9d-4fe6-8410-f0670b58979d} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8993 bytes

[BendeBoy]

Voer eventjes het volgende uit;

Download SmitfraudFix, en sla het op je bureaublad op.
Print onderstaande instructies uit of kopieer ze naar een .txt bestand.

Start op in Veilige modus

Eenmaal opgestart in veilige modus, open je SmitfraudFix.exe.

• Kies optie #2 - Clean door 2 te typen, en druk op "Enter" om de
  geïnfecteerde bestanden te verwijderen.
  
  Je zal een vraag krijgen: "Registry cleaning - Do you want to clean the registry ?"
  Antwoord "Yes" door Y te typen en druk op "Enter".
  
  (Als je pc daarna niet herstart, start hem dan handmatig terug op in normale modus)

Er zal een tekstbestandje openen met de resultaten van de fix.
Post de inhoud van dit bestandje in je volgende antwoord (Je kan het rapport ook vinden in c:\rapport.txt). Post ook een nieuw logje van HijackThis ter controle.

- Daniël

[jigs]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:38, on 29-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O2 - BHO: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFear.dll
O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFear.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\kurt\Bureaublad\ClockGen\ClockGen.exe -i p=0
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://194.78.112.62/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...81/mcfscan.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://67.19.107.18/DGTx.CAB
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8316 bytes

[BendeBoy]

Waar is het rapport van Smitfraudfix?

[jigs]

SmitFraudFix v2.243
Scan done at 22:51:44,21, do 29-11-2007
Run from C:\Documents and Settings\kurt\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{4f5f16ef-af9d-4fe6-8410-f0670b58979d}"="exultet"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\MENUST~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\MENUST~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\kurt\FAVORI~1\Online Security Test.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{67F68182-3530-4927-BBCE-55AA7CAA13B2}: DhcpNameServer=195.130.130.132 195.130.129.164
HKLM\SYSTEM\CS1\Services\Tcpip\..\{67F68182-3530-4927-BBCE-55AA7CAA13B2}: DhcpNameServer=195.130.130.132 195.130.129.164
HKLM\SYSTEM\CS2\Services\Tcpip\..\{67F68182-3530-4927-BBCE-55AA7CAA13B2}: DhcpNameServer=195.130.130.132 195.130.129.164
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.132 195.130.129.164
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.132 195.130.129.164
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.132 195.130.129.164

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

het updaten lukt nog staads niet

[BendeBoy]

1. * Clean de Cache and Cookies in IE:

• Sluit Internet Explorer.
• Ga naar Configuratiescherm > Internet Opties > tab Algemeen
• Klik de Cookies verwijderen knop
• Klik op de Bestanden verwijderen knop ernaast
• Vink aan: Ook alle off line items verwijderen, klik OK

* Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

• Go to Extra > Opties.
• Klik Privacy in het menu.
• Klik op de knop wissen (Geschiedenis, Cookies, Cache).
• Klik OK om het venster opnieuw te sluiten.

* Clean andere Temporary files + Prullenbak

• Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
• Laat het je systeem scannen op bestanden die moeten verwijderd worden
• Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
• Klik daarna op OK.

2. Download Dr.Web CureIt naar je Bureaublad:

• Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
• Indien een popup verschijnt met het voorstel tot kopen/50% korting,
  mag je deze sluiten met het kruisje.
• Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
  klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
• Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
• Druk op F9 en kies daarna voor Acties en stel daar het volgende in onder Malware :
  • Adware: Verplaats
    Dialers: Verplaats
    Jokes: Rapportage
    Riskware: Rapportage
    Hacktools: Verplaats
    Haal dan het vinkje weg bij
    Prompt bij actie
    .
  Druk dan op OK.
• Druk op F9 en kies daarna voor Scan en verwijder het vinkje bij Heuristische analyse en klik op OK.
• Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
• Selecteer hier alle stations. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
• Klik daarna de groene pijl rechts om de scan te starten.
• Gevonden bestanden worden naar de
  %userprofile%\DoctorWeb\quarantaine-map
  verplaatst, indien herstel niet mogelijk is.
• Nadat de scan gedaan is, in het menu bovenaan, klik Bestand en kies Rapportage lijst opslaan. Bewaar het op je Bureaublad.
• Sluit daarna Dr.Web Cureit.
• Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
• Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

3. Download Combofix naar je Bureaublad.

• Dubbelklik op Combofix.exe
  Volg de instructies, aanvaard de disclaimer door
  1
  (continue) te typen, gevolgd door Enter.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post, samen met het logje van Dr. Web.

[jigs]

Process.exeC:\Documents and Settings\kurt\Bureaublad\SmitfraudFixTool.ProckillNiet repareerbaar.Verplaatst.restart.exeC:\Documents and Settings\kurt\Bureaublad\SmitfraudFixTool.ShutDown.11Niet repareerbaar.Verplaatst.NMSAccess.exeC:\Program Files\CDBurnerXP Pro 3\ToolsProgram.PsKill.originNiet repareerbaar.Verplaatst.mirc.chm\ctcp_events.htmC:\Program Files\mIRC\mirc.chmIRC.Generic.32mirc.chmC:\Program Files\mIRCArchief bevat geinfecteerde objectenVerplaatst.mirc.exeC:\Program Files\mIRCProgram.mIRC.621Verplaatst.A0037367.exeC:\System Volume Information\_restore{DB1ECB5C-232C-4163-AAE5-F9C8FAB606D4}\RP152Tool.ProckillVerplaatst.A0037368.exeC:\System Volume Information\_restore{DB1ECB5C-232C-4163-AAE5-F9C8FAB606D4}\RP152Tool.ShutDown.11Verplaatst.A0037369.exeC:\System Volume Information\_restore{DB1ECB5C-232C-4163-AAE5-F9C8FAB606D4}\RP152Program.PsKill.originVerplaatst.A0037370.exeC:\System Volume Information\_restore{DB1ECB5C-232C-4163-AAE5-F9C8FAB606D4}\RP152Program.mIRC.621Verplaatst.


ComboFix 07-11-02.3 - kurt 2007-11-02 14:05:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1537 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\kurt\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecI.fon
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))
.
2007-11-29 22:51 2,654 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-29 22:50 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-29 09:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 15:46 <DIR> d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2007-11-21 20:24 <DIR> d-------- C:\Program Files\Network Associates
2007-11-21 20:24 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-21 20:24 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-21 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-21 20:24 105,664 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-11-21 20:24 55,520 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-11-19 14:52 <DIR> d-------- C:\Program Files\Comodo
2007-11-19 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-19 14:52 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-11-19 14:52 216,576 --a------ C:\WINDOWS\system32\monln.dll
2007-11-19 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-08 11:34 <DIR> d-------- C:\Nostale(UK)
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-03 12:58 --------- d-----w C:\Program Files\Steam
2007-12-03 12:35 --------- d-----w C:\Program Files\mIRC
2007-12-02 10:07 --------- d-----w C:\Program Files\Knight Online
2007-11-26 12:07 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-23 16:50 --------- d-----w C:\Program Files\BitTorrent
2007-11-19 13:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-19 13:52 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-19 13:52 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
2007-10-06 21:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-14 16:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-05 17:11 --------- d-----w C:\Program Files\PKR
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-10 16:53 114,688 ----a-w C:\WINDOWS\system32\netlogun.exe
2007-08-06 05:30 164 ----a-w C:\install.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 00:07]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-15 23:38]
"ClockGen"="C:\Documents and Settings\kurt\Bureaublad\ClockGen\ClockGen.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-12-16 18:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-05-27 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-05-21 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-11-26 18:26]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Systeemvak van ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 00:07:30]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mv stdi5x.sys
R1 TRIXX;TRIXX;\??\C:\Program Files\TRIXX\TRIXXDriver.sys
S3 XDva010;XDva010;\??\C:\WINDOWS\system32\XDva010.sy s
S3 XDva025;XDva025;\??\C:\WINDOWS\system32\XDva025.sy s
S3 XDva031;XDva031;\??\C:\WINDOWS\system32\XDva031.sy s
S3 XDva039;XDva039;\??\C:\WINDOWS\system32\XDva039.sy s
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eac671cf-fa59-11db-a510-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - HTTPFILTER
.
************************************************** ************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 14:07:44
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-11-02 14:08:03
.
--- E O F ---

[BendeBoy]

Hoe staan de problemen er nu voor?

[jigs]

wel updates failen nog altijd
de updater download alles instaleert het ook
maar als ik dan de console open dat staat er laatste update gefailed
toch al vast hartelijk bedankt voor uw tijd
vind dit wel interesant

[BendeBoy]

Herinstalleer Mcafee eens?