PDA

Volledige versie bekijken : veranderde startpagina, en andere rarigheid


Yelleken
7 December 2006, 15:19
Ik denk zelfs dat het logje raar is (zo kort)

Logfile of HijackThis v1.99.1
Scan saved at 14:17:16, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Key Generator\isaddon.dll (file missing)
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\system32\ixt0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvnon.dll,startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll (file missing)
Yelleken
7 December 2006, 15:21
(is trouwens pc op school waar meerdere mensen aan werken)
jurgenv
7 December 2006, 15:35
* Je kan deze instructies best uitprinten of opslaan in een kladblokbestand, want straks zal je in veilige modus
moeten gaan werken, en dan is deze pagina niet beschikbaar (geen internet)

* Download smitRem.exe (http://www.downloads.subratam.org/smitRem.exe) en sla dit op op het Bureaublad.
Dubbelklik op het bestand en pak het uit naar zijn eigen map op het Bureaublad.


* Download en installeer AVG Anti-Spyware (http://www.ewido.net/en/download/).
Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
* onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
Download link van Ad-aware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)


* Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

* Start AVG Anti-Spyware.* Klik op Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)
http://home.scarlet.be/~topalex/ewidoscan.jpg
* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.

* Ga dan naar Start -> configuratiescherm -> vormgeving en thema's -> bureaublad ->bureaublad aanpassen -> Website -> haal het vinkje weg bij "Security Info" als het er nog staat.

* Herstart je computer in normale modus.

* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Doe een online scan via Panda's online virus scan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) en bewaar het rapport dat je krijgt na het scannen

* Herstart je pc nogmaals en plaats dan een nieuw logje van Hijackthis, samen met het rapport van AVG Anti-Spyware 7.5 en Panda, Post de log van de smitRem tool, die je hier kan vinden: C:\smitfiles.txt.
Yelleken
7 December 2006, 15:44
ik ga t is nekeer allemaal doen se (zoveel uitleg amaai da beloofd wieweet wa ga m allemaal vinden)
Yelleken
7 December 2006, 17:22
smitRem © log file
version 3.2
by noahdfear

Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: do 07/12/2006
The current time is: 15:12:57,82
Running from
C:\Documents and Settings\Administrator\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"
"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d635a3 6-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]
@="C:\WINDOWS\system32\vcehaeb.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Appinitdll check ........ Thank you Grinler!
dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4
[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XP Firewall allowed access
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

checking for drsmartload2 key

drsmartload2 key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files

~~~ Program Files ~~~
Safety Bar

~~~ Shortcuts ~~~
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url

~~~ Favorites ~~~
Antivirus Test Online.url

~~~ system32 folder ~~~
amcompat.tlb
ishost.exe
ismini.exe
isnotify.exe
issearch.exe
ixt*.dll
nscompat.tlb

~~~ Icons in System32 ~~~
ts.ico
ot.ico

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 724 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"
"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d635a3 6-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]
@="C:\WINDOWS\system32\vcehaeb.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~
CLEAN! :)



Ad-Aware SE Build 1.06r1
Logfile Created on:donderdag 7 december 2006 15:15:44
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R137 06.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»» »
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»
Adware.Mediapipe(TAC index:4):15 total references
Adware.WeirWeb(TAC index:5):2 total references
MRU List(TAC index:0):22 total references
Tracking Cookie(TAC index:3):5 total references
Win32.Trojandownloader.Zlob(TAC index:10):36 total references
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

7-12-2006 15:15:44 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplicatio n
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\mediaplayer\player\recentfi lelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preference s
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\windows\currentversion\appl ets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\windows\currentversion\expl orer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\windows\currentversion\expl orer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\windows\currentversion\expl orer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\windows\currentversion\expl orer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 7-12-2006 14:11:00
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 204
ThreadCreationTime : 7-12-2006 14:11:09
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 228
ThreadCreationTime : 7-12-2006 14:11:10
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 7-12-2006 14:11:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 284
ThreadCreationTime : 7-12-2006 14:11:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 436
ThreadCreationTime : 7-12-2006 14:11:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 7-12-2006 14:11:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 7-12-2006 14:11:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 7-12-2006 14:11:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1924
ThreadCreationTime : 7-12-2006 14:14:59
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:11 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 248
ThreadCreationTime : 7-12-2006 14:15:23
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Adware.Mediapipe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}
Adware.Mediapipe Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}
Value : AppID
Adware.Mediapipe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9a395c6c-e42e-4777-b8ef-fddeb705f3fb}
Adware.Mediapipe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}
Adware.WeirWeb Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c25003b-f5c9-4c24-a5f8-5bee543a562c}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3b021ad8-9999-4efe-8203-36a5b09117d7}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3c975d06-9239-4a00-9f1a-c3c337912f22}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{413d2fa5-98cd-4078-98c1-c3ae775ef050}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{46722628-c282-4fdf-814d-5b819c78e067}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{49a6d89f-4422-4474-a287-5fe1d6811a87}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66b01f8a-1d57-40e7-8c8d-d67d06662577}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7588c5e3-9c6e-4cfe-884f-71bf8383621a}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8122d5a8-dc59-4ab8-9c02-cf66e10641c2}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fb11528-3a97-45fe-beaa-1a1fc4ee45f5}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fe88dc0-e1ec-43e3-b70e-d3246f4d1899}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a25f0022-c2fc-4ea0-abba-2bfe4635bd68}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bdc75ad7-a8a5-4f25-be36-a4db971c7541}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c49930c7-abf8-43b4-a7b7-98013dd6abe6}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{eca9fbff-5415-4440-a92b-03e8ca7b9828}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f7996a4a-b172-4c1a-85d0-19ab61c9c512}
Adware.WeirWeb Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1177238915-299502267-682003330-500\software\microsoft\windows\currentversion\ext\ stats\{b3e19860-0cd5-4991-a066-4fca2704de59}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 45

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 46

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@msnportal.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@msnportal.112.2o7.net/
Expires : 5-12-2011 09:46:00
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@www.movieland[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@www.movieland.com/
Expires : 7-12-2007 08:58:24
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.vitalix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@ads.vitalix.net/
Expires : 7-12-2007 08:58:24
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@metriweb[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@metriweb.be/
Expires : 7-12-2007 09:58:20
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@198.104.158.237/adrevolver/
Expires : 7-12-2007 11:06:14
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 51

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005375.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005376.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005387.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005388.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005396.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005401.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005402.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005404.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005102.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005103.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005262.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005263.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005281.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005282.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005298.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005299.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 67

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»» »
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 67


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Adware.Mediapipe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\mpagent.dll
Adware.Mediapipe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mpagent.agent
Adware.Mediapipe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mpagent.agent.1
Adware.Mediapipe Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\notify
Adware.Mediapipe Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\notify
Value : PROV
Adware.Mediapipe Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\notify
Value : Provider
Adware.Mediapipe Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\notify
Value : ProductFamily
Adware.Mediapipe Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\notify
Value : TRAFFIC_TYPE
Adware.Mediapipe Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\notify
Value : GUID
Adware.Mediapipe Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\notify
Value : InstallTime
Adware.Mediapipe Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\notify
Value : Installing
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tcpip\parameters
Value : NameServer
Win32.Trojandownloader.Zlob Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : Win32.Trojandownloader.Zlob
Object : C:\Program Files\Key Generator
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 80
15:24:22 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Total scanning time:00:08:38.94
Objects scanned:101501
Objects identified:58
Objects ignored:0
New critical objects:58




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 16:02:35 7/12/2006
+ Scan result:

C:\Program Files\Virus-Bursters -> Adware.VirusBursters : Cleaned.
C:\Program Files\Virus-Bursters\Virus-Bursters.exe -> Adware.VirusBursters : Cleaned.
C:\Program Files\Virus-Bursters\ignored.lst -> Adware.VirusBursters : Cleaned.
C:\Program Files\Virus-Bursters\virusburster.ini -> Adware.VirusBursters : Cleaned.
C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP9\A0005309.manifest -> Downloader.Zlob : Cleaned.
C:\System Volume Information\_restore{4331D6D1-99E1-4A51-B637-EA764A7B963D}\RP10\A0005627.exe -> Downloader.Zlob.bbr : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adbri te[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@progr ams.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.

::Report end

panda: Incident Status Location
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor

dit is het enige wat ik nog kan plaatsen, want er is van hogerand beslist dat de pc morgen moet geformateerd worden (de *@##**) nochtans zijn er door te doen wat je zei al veel dingen opgelost

toch bedankt jurgenv
jurgenv
7 December 2006, 18:06
Tja, ik heb wel de oplossing voor de hand dus formatteren is wat overkill maar ook een oplossing. :)
Yelleken
7 December 2006, 19:07
ik vindt dat ook, maja, als de directeur da beslist,....