Volledige versie bekijken : Hijackthis Malware-docter
Sinkfun 8 September 2010, 10:46 Zoals uitgelegd in dit bericht (http://www.minatica.be/threads/70900-Malware-docter) zit ik hier met een laptop vol virussen, waaronder 'malware docter' en vermoedelijk ook conficker.
hierbij heb ik dus een hijackthislogje gemaakt omdat Mbam:avg/ccleaner vanalles vonden maar het niet konden wissen.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:26, on 8/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Janna\LOCALS~1\Temp\202fbh.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\DOCUME~1\Janna\LOCALS~1\Temp\694251.exe
C:\Program Files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\lsass.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5FE071A5-F4A0-4C87-8EBD-2243E3EE3767} - c:\windows\system32\bpledlu.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [10768] C:\DOCUME~1\Janna\LOCALS~1\Temp\694251.exe
O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\DOCUME~1\Janna\LOCALS~1\Temp\202fbh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: CPWNA Monitor.lnk = C:\Program Files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000341&p=GRxdm200YYBE&si=&a=IPOauMRLEwHFw3qpwhuuig&n=2010060703
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Janna\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\lexbces.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10841 bytes
Hopelijk kunnen jullie mij helpen,
mvg. Sinkfun
Sinkfun 8 September 2010, 19:42 Zou graag deze laptop zo snel mogelijk gefixt hebben aangezien deze gebruikt wordt voor boekhouding en facturatie. Ook staat er een specifiek progamma op de laptop waarvan de installatie CD / file zoek is.
Daarom hoop 'k dat er een spywareslayer vrij is.
mvg. Sinkfun
Rosty 8 September 2010, 19:45 Wil je de log van MBM ook eens posten aub?
Hey,
je eigen post bumpen is niet erg slim hoor!! Op deze wijze gaat hij aan onze aandcht verloren daar hij niet meer op 0 staat.
Ga naar start --configuratiescherm -- software en verwijder daar volgende:Ask Toolbar, AskBar of Ask.
Open HijackThis, klik op do a scan only en plaats een vinkje voor de volgende regels:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5FE071A5-F4A0-4C87-8EBD-2243E3EE3767} - c:\windows\system32\bpledlu.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [10768] C:\DOCUME~1\Janna\LOCALS~1\Temp\694251.exe
O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\DOCUME~1\Janna\LOCALS~1\Temp\202fbh.exe
Sluit alle open vensters, behalve HijackThis, en klik op Fix Checked. SLuit HijackThis.
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier (http://www.bleepingcomputer.com/forums/topic114351.html)
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap. Dubbeklik op ComboFix.exe en volg de meldingen op het scherm. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.http://www.bleepstatic.com/combofix/nl/cf-rc-auto.jpg
Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:
http://www.bleepstatic.com/combofix/nl/rc-auto-done.jpg
Klik op Ja om verder te gaan met het scannen naar malware.
NOTE: Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
http://www.imgdumper.nl/uploads2/4ac516149f83c/4ac516149830d-ComboFix_Virut.jpg
Blijf je die melding krijgen dan meld je dit.
Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht samen met een nieuw HijackThis logje.
Sinkfun 8 September 2010, 19:56 Mbam log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/09/2010 21:58:13
mbam-log-2010-09-07 (21-58-13).txt
Scantype: Volledige scan (A:\|C:\|E:\|)
Objecten gescand: 44280
Verstreken tijd: 1 uur/uren, 32 minuut/minuten, 51 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 18
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
heb wel geen idee van welke scan dat was (heb er een aantal gedaan in veilige modus, ook in gewone modus,.; staat maar 1 log file)
Sinkfun 8 September 2010, 21:22 het combofix logje ;
ComboFix 10-09-07.03 - Janna 08/09/2010 20:42:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1981.1314 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Janna\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\ohydy.exe
c:\documents and settings\All Users\Application Data\hpe3.dll
c:\documents and settings\Janna\Application Data\C5DB592B3420E168DAD82E36649C8A6F
c:\documents and settings\Janna\Application Data\C5DB592B3420E168DAD82E36649C8A6F\enemies-names.txt
c:\documents and settings\Janna\Application Data\C5DB592B3420E168DAD82E36649C8A6F\local.ini
c:\documents and settings\Janna\Application Data\C5DB592B3420E168DAD82E36649C8A6F\lsrslt.ini
c:\documents and settings\Janna\Application Data\C5DB592B3420E168DAD82E36649C8A6F\mediafix7070 0en02.exe
c:\documents and settings\Janna\Application Data\Desktopicon
c:\documents and settings\Janna\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Janna\Application Data\Desktopicon\uninst.exe
c:\documents and settings\Janna\Application Data\ohydy.exe
c:\documents and settings\Janna\Favorieten\Download programs.url
c:\documents and settings\Janna\Favorieten\Translator.url
c:\documents and settings\Janna\Favorieten\Videos.url
c:\documents and settings\Janna\Local Settings\Application Data\Windows Server
c:\documents and settings\Janna\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\Janna\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Janna\Menu Start\Programma's\Games.url
c:\documents and settings\Janna\Menu Start\Programma's\Translator.url
c:\documents and settings\Janna\Menu Start\Programma's\Videos.url
C:\lsass.exe
c:\windows\cfdrive32.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\system32\msllhsjn.dll
c:\windows\system32\vbzlib1.dll
c:\windows\system32\bpledlu.dll . . . . konden niet verwijderd worden
c:\windows\system32\drivers\nubeirdx.sys . . . is geïnfecteerd!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFFFWSII
-------\Legacy_MSUPDATE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_afffwsii
-------\Service_usnjsvc
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-08 to 2010-09-08 ))))))))))))))))))))))))))))))
.
2010-09-08 08:36 . 2010-09-08 08:36 -------- d-----w- c:\program files\Trend Micro
2010-09-07 19:04 . 2010-09-08 17:52 -------- d--h--r- c:\documents and settings\Janna\Onlangs geopend
2010-09-07 16:20 . 2010-09-07 16:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-07 16:18 . 2008-06-10 15:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2010-09-07 16:18 . 2006-06-01 17:33 -------- d--h--w- c:\documents and settings\Administrator\Netwerkprinteromgeving
2010-09-07 16:18 . 2006-06-01 17:33 -------- d-----r- c:\documents and settings\Administrator\Menu Start
2010-09-07 16:18 . 2006-06-01 15:51 -------- d-----r- c:\documents and settings\Administrator\Mijn documenten
2010-09-07 16:18 . 2006-06-01 15:49 -------- d-----w- c:\documents and settings\Administrator\WINDOWS
2010-09-07 16:18 . 2006-06-01 15:37 -------- d--h--w- c:\documents and settings\Administrator\Sjablonen
2010-09-07 16:18 . 2010-09-07 16:18 -------- d-----w- c:\documents and settings\Administrator
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\documents and settings\Janna\Application Data\Malwarebytes
2010-09-07 15:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 15:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 18:31 . 2010-09-06 18:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-06 17:20 . 2010-09-06 17:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-06 17:20 . 2010-09-06 17:32 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-06 17:19 . 2010-09-06 17:32 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-06 17:19 . 2010-09-06 17:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-06 17:19 . 2010-09-07 19:21 -------- d-----w- c:\documents and settings\Janna\Application Data\AVGTOOLBAR
2010-09-06 17:19 . 2010-09-06 17:33 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\documents and settings\Janna\Local Settings\Application Data\Threat Expert
2010-09-06 16:34 . 2010-09-06 16:34 817152 ----a-w- c:\windows\system32\dlo15.dll
2010-09-06 16:29 . 2010-08-30 11:57 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-06 16:29 . 2010-08-30 11:57 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-09-06 16:29 . 2010-08-30 11:57 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-09-06 16:29 . 2010-08-26 07:30 2074 ----a-w- c:\windows\UDB.zip
2010-09-06 16:29 . 2010-08-23 07:36 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-06 16:29 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-09-06 16:24 . 2010-09-06 18:27 -------- d-----w- c:\program files\PC Tools Security
2010-09-06 16:14 . 2010-09-06 18:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-06 16:02 . 2010-09-06 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-06 15:09 . 2010-09-06 15:09 -------- d-----w- c:\documents and settings\Janna\Local Settings\Application Data\vsmgtpwyj
2010-09-06 15:08 . 2010-09-06 15:09 -------- d-----w- C:\system32
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-08 19:00 . 2009-11-16 09:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-08 08:36 . 2010-09-08 08:36 388096 ----a-r- c:\documents and settings\Janna\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 07:18 . 2008-08-02 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-09-07 16:19 . 2010-09-07 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson
2010-09-06 18:34 . 2008-06-19 08:14 -------- d-----w- c:\documents and settings\Janna\Application Data\uTorrent
2010-09-06 17:20 . 2010-09-06 17:33 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2010-09-06 17:20 . 2010-09-06 17:33 107912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2010-09-06 17:19 . 2010-09-06 17:33 325640 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2010-09-06 17:19 . 2010-09-06 17:33 27656 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2010-09-06 17:19 . 2010-09-06 17:33 485144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2010-09-06 16:34 . 2010-09-06 16:34 0 ----a-w- c:\windows\system32\dlo15.tmp
2010-09-06 16:26 . 2010-09-06 16:25 714186 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-06 16:05 . 2010-09-06 16:02 80729096 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_aff_dl.exe
2010-08-12 08:01 . 2008-03-18 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 07:59 . 1980-01-01 00:00 91716 ----a-w- c:\windows\system32\perfc013.dat
2010-08-12 07:59 . 1980-01-01 00:00 510666 ----a-w- c:\windows\system32\perfh013.dat
2010-06-30 12:33 . 1980-01-01 00:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-04-28 13:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1980-01-01 00:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 00:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1980-01-01 00:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-06-01 15:38 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 1980-01-01 00:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-11-16 09:09 . 2009-11-16 09:07 16908057 ----a-w- c:\program files\AVCP.2.7.8_[RH].rar
2006-11-29 16:05 . 2006-11-29 16:07 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-03-01 17:35 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-03-01 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Janna\Menu Start\Programma's\Opstarten\
Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-2-3 111376]
Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-2-3 51984]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
CPWNA Monitor.lnk - c:\program files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe [2003-9-8 819288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-06 17:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRu ntime.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
R0 nubeirdx;nubeirdx;c:\windows\system32\drivers\nube irdx.sys [1/01/1980 2:00 23424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/09/2010 19:19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/09/2010 19:20 108552]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNET URPX.SYS [17/11/2009 19:03 7936]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/09/2010 19:19 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [6/09/2010 18:29 235472]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [28/01/2010 18:17 90112]
R3 CPWNA1D;Philips 11Mbps Notebook Adapter Driver;c:\windows\system32\drivers\CPWNA1D.sys [7/10/2003 18:34 51328]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [28/01/2010 18:18 27632]
R3 w3304an5;WN3X0X Wireless Adapter;c:\program files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\W3304AN5.sys [7/10/2002 4:14 15104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2/06/2009 17:24 16512]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNET TBOH.SYS [17/11/2009 19:03 23680]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [11/07/2009 8:00 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [11/07/2009 8:00 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [11/07/2009 8:00 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [11/07/2009 8:00 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [11/07/2009 8:00 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sy s [11/07/2009 8:00 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [11/07/2009 8:00 117672]
.
Inhoud van de 'Gedeelde Taken' map
2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-04-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-09-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Janna\Menu Start\Programma's\IMVU\Run IMVU.lnk
Trusted Zone: fortisbanking.be\www
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
FF - ProfilePath - c:\documents and settings\Janna\Application Data\Mozilla\Firefox\Profiles\oe6aexm8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\program files\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dl l
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{5FE071A5-F4A0-4C87-8EBD-2243E3EE3767} - c:\windows\system32\bpledlu.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{5FE071A5-F4A0-4C87-8EBD-2243E3EE3767} - c:\windows\system32\bpledlu.dll
AddRemove-eBay Icon - c:\documents and settings\Janna\Application Data\Desktopicon\uninst.exe
AddRemove-eMindMaps - c:\progra~1\MindJET\EMINDM~1\UNWISE.EXE
AddRemove-Native Instruments - Traktor 1.06 - c:\audio\NATIVE~1\Traktor\UNINST~1\106\UNWISE.EXE
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 21:01
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8971CEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75adcb8
\Driver\atapi -> atapi.sys @ 0xf74a7852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7971b0a
PacketIndicateHandler -> NDIS.sys @ 0xf795ea0d
SendHandler -> NDIS.sys @ 0xf7972b40
user & kernel MBR OK
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\lexbces.exe
c:\windows\system32\LEXPPS.EXE
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-09-08 21:17:14 - machine werd herstart
ComboFix-quarantined-files.txt 2010-09-08 19:17
Pre-Run: 58.614.575.104 bytes beschikbaar
Post-Run: 58.547.027.968 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 7B7325FB48548EEA0788528C5FFCA5A0
mvg; Sinkfun
Rosty 9 September 2010, 12:43 Open een kladblokbestand.
Kopieer het ondestaande vetgedrukte, en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
File::
c:\windows\system32\bpledlu.dll
c:\windows\system32\dlo15.dll
c:\documents and settings\Janna\Local Settings\Application Data\vsmgtpwyj
Driver::
nubeirdx.sys
c:\windows\system32\drivers\nube irdx.sys
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
Sinkfun 9 September 2010, 13:47 Nieuwe ComboFix logje;
ComboFix 10-09-08.02 - Janna 09/09/2010 13:11:13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1981.1528 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Janna\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Janna\Bureaublad\CFScript.txt.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\documents and settings\Janna\Local Settings\Application Data\vsmgtpwyj"
"c:\windows\system32\bpledlu.dll"
"c:\windows\system32\dlo15.dll"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\dlo15.dll
c:\windows\system32\bpledlu.dll . . . . konden niet verwijderd worden
c:\windows\system32\drivers\nubeirdx.sys . . . is geïnfecteerd!! . . . Failed to find a valid replacement.
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-09 to 2010-09-09 ))))))))))))))))))))))))))))))
.
2010-09-08 08:36 . 2010-09-08 08:36 -------- d-----w- c:\program files\Trend Micro
2010-09-07 19:04 . 2010-09-09 10:50 -------- d--h--r- c:\documents and settings\Janna\Onlangs geopend
2010-09-07 16:20 . 2010-09-07 16:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-07 16:19 . 2010-09-07 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\documents and settings\Janna\Application Data\Malwarebytes
2010-09-07 15:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 15:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 18:31 . 2010-09-06 18:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-06 17:20 . 2010-09-06 17:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-06 17:20 . 2010-09-06 17:32 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-06 17:19 . 2010-09-06 17:32 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-06 17:19 . 2010-09-06 17:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-06 17:19 . 2010-09-07 19:21 -------- d-----w- c:\documents and settings\Janna\Application Data\AVGTOOLBAR
2010-09-06 17:19 . 2010-09-06 17:33 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\documents and settings\Janna\Local Settings\Application Data\Threat Expert
2010-09-06 16:29 . 2010-08-30 11:57 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-06 16:29 . 2010-08-30 11:57 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-09-06 16:29 . 2010-08-30 11:57 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-09-06 16:29 . 2010-08-26 07:30 2074 ----a-w- c:\windows\UDB.zip
2010-09-06 16:29 . 2010-08-23 07:36 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-06 16:29 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-09-06 16:24 . 2010-09-06 18:27 -------- d-----w- c:\program files\PC Tools Security
2010-09-06 16:14 . 2010-09-06 18:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-06 16:02 . 2010-09-06 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-06 15:09 . 2010-09-06 15:09 -------- d-----w- c:\documents and settings\Janna\Local Settings\Application Data\vsmgtpwyj
2010-09-06 15:08 . 2010-09-06 15:09 -------- d-----w- C:\system32
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-09 11:26 . 2009-11-16 09:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-08 08:36 . 2010-09-08 08:36 388096 ----a-r- c:\documents and settings\Janna\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 07:18 . 2008-08-02 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-09-06 18:34 . 2008-06-19 08:14 -------- d-----w- c:\documents and settings\Janna\Application Data\uTorrent
2010-09-06 17:20 . 2010-09-06 17:33 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2010-09-06 17:20 . 2010-09-06 17:33 107912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2010-09-06 17:19 . 2010-09-06 17:33 325640 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2010-09-06 17:19 . 2010-09-06 17:33 27656 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2010-09-06 17:19 . 2010-09-06 17:33 485144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2010-09-06 16:34 . 2010-09-06 16:34 0 ----a-w- c:\windows\system32\dlo15.tmp
2010-09-06 16:26 . 2010-09-06 16:25 714186 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-06 16:05 . 2010-09-06 16:02 80729096 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_aff_dl.exe
2010-08-12 08:01 . 2008-03-18 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 07:59 . 1980-01-01 00:00 91716 ----a-w- c:\windows\system32\perfc013.dat
2010-08-12 07:59 . 1980-01-01 00:00 510666 ----a-w- c:\windows\system32\perfh013.dat
2010-06-30 12:33 . 1980-01-01 00:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-04-28 13:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1980-01-01 00:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 00:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1980-01-01 00:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-06-01 15:38 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 1980-01-01 00:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-11-16 09:09 . 2009-11-16 09:07 16908057 ----a-w- c:\program files\AVCP.2.7.8_[RH].rar
2006-11-29 16:05 . 2006-11-29 16:07 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-03-01 17:35 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FE071A5-F4A0-4C87-8EBD-2243E3EE3767}]
c:\windows\system32\bpledlu.dll [BU]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-03-01 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-01 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Janna\Menu Start\Programma's\Opstarten\
Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-2-3 111376]
Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-2-3 51984]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
CPWNA Monitor.lnk - c:\program files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe [2003-9-8 819288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-06 17:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRu ntime.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
R0 nubeirdx;nubeirdx;c:\windows\system32\drivers\nube irdx.sys [1/01/1980 2:00 23424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/09/2010 19:19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/09/2010 19:20 108552]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNET URPX.SYS [17/11/2009 19:03 7936]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/09/2010 19:19 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [6/09/2010 18:29 235472]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [28/01/2010 18:17 90112]
R3 CPWNA1D;Philips 11Mbps Notebook Adapter Driver;c:\windows\system32\drivers\CPWNA1D.sys [7/10/2003 18:34 51328]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [28/01/2010 18:18 27632]
R3 w3304an5;WN3X0X Wireless Adapter;c:\program files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\W3304AN5.sys [7/10/2002 4:14 15104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2/06/2009 17:24 16512]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNET TBOH.SYS [17/11/2009 19:03 23680]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [11/07/2009 8:00 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [11/07/2009 8:00 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [11/07/2009 8:00 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [11/07/2009 8:00 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [11/07/2009 8:00 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sy s [11/07/2009 8:00 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [11/07/2009 8:00 117672]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
afffwsii
.
Inhoud van de 'Gedeelde Taken' map
2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-04-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-09-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Janna\Menu Start\Programma's\IMVU\Run IMVU.lnk
Trusted Zone: fortisbanking.be\www
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
FF - ProfilePath - c:\documents and settings\Janna\Application Data\Mozilla\Firefox\Profiles\oe6aexm8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector .dll
FF - component: c:\program files\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dl l
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 13:27
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A0DDEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75adcb8
\Driver\atapi -> atapi.sys @ 0xf74a7852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7971b0a
PacketIndicateHandler -> NDIS.sys @ 0xf795ea0d
SendHandler -> NDIS.sys @ 0xf7972b40
user & kernel MBR OK
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\lexbces.exe
c:\windows\system32\LEXPPS.EXE
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-09-09 13:44:47 - machine werd herstart
ComboFix-quarantined-files.txt 2010-09-09 11:44
ComboFix2.txt 2010-09-08 19:17
Pre-Run: 58.532.753.408 bytes beschikbaar
Post-Run: 58.521.989.120 bytes beschikbaar
- - End Of File - - F41B62B67E06F3E2624C4CDED0FB057B
Nogmaals bedankt voor al de hulp!!!
grtz. sinkun
Sinkfun 9 September 2010, 14:40 *zal ondertussen alles nog maals scannen met Mbam en deze log hier dan ook posten.
Sinkfun 9 September 2010, 17:13 Mbam logje ;
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4580
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/09/2010 17:11:55
mbam-log-2010-09-09 (17-11-55).txt
Scantype: Volledige scan (A:\|C:\|D:\|)
Objecten gescand: 213297
Verstreken tijd: 2 uur/uren, 44 minuut/minuten, 3 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 3
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 14
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\nubeirdx (Rootkit.Agent.BO) -> Delete on reboot.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\Documents and Settings\Janna\Local Settings\Application Data\vsmgtpwyj\yqnjooiuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\ohydy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Janna\Application Data\ohydy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Janna\Application Data\C5DB592B3420E168DAD82E36649C8A6F\mediafix7070 0en02.exe.vir (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\cfdrive32.exe.vir (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\msllhsjn.d ll.vir (Trojan.Onlinegames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP3\A0001086.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP3\A0001090.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP3\A0001093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP3\A0001095.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP3\A0001096.dll (Trojan.Onlinegames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP3\A0001158.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP3\A0001389.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\nubeirdx.sys (Rootkit.Agent.BO) -> Delete on reboot.
Rosty 9 September 2010, 21:03 Downloadt MBRCheck: http://ad13.geekstogo.com/MBRCheck.exe
Start de tool door te dubbelklikken op MBRCheck.exe
Wanneer de tool klaar is krijg je een keuzemenu. Tik in N om af te sluiten en druk daarna nog een keer op Enter.
Op je bureaublad staat een logje waarvan de naam begint met MBRCheck gevolgd door de datum en het uur.
Post dit logje.
Sinkfun 9 September 2010, 21:55 Het MBR logje ;
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74D8000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74B9000 ftdisk.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74A1000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7481000 fltmgr.sys
0xF746F000 sr.sys
0xF7667000 PxHelp20.sys
0xF7860000 KSecDD.sys
0xF784D000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7717000 SISAGPX.sys
0xF7833000 Mup.sys
0xF743F000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xBA23F000 \SystemRoot\System32\DRIVERS\sisgrp.sys
0xBA22B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF742F000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA7D8000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA217000 \SystemRoot\System32\DRIVERS\parport.sys
0xF741F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA7D4000 \SystemRoot\System32\Drivers\DKbFltr.sys
0xF77E7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA1D5000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF79C1000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF77EF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF740F000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF7887000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7877000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7687000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA112000 \SystemRoot\System32\DRIVERS\ks.sys
0xF79C3000 \SystemRoot\System32\DRIVERS\NTIDrvr.sys
0xB9FF5000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF77F7000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9F4D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB9F29000 \SystemRoot\system32\drivers\portcls.sys
0xF76A7000 \SystemRoot\system32\drivers\drmk.sys
0xF77FF000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB9F05000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7807000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF780F000 \SystemRoot\System32\DRIVERS\sisnic.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\CPWNA1D.sys
0xBA7C4000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF7A94000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7576000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA7BC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB9EEE000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7566000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7556000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7817000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB9EDD000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7546000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF781F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7737000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7536000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF773F000 \SystemRoot\system32\DRIVERS\seehcri.sys
0xF79C9000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9DD7000 \SystemRoot\System32\DRIVERS\update.sys
0xBA79B000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7526000 \SystemRoot\system32\DRIVERS\zebrceb.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\zebrwh.sys
0xF7516000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF775F000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA1B5000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79EF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A91000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79F3000 \SystemRoot\System32\drivers\FNETURPX.SYS
0xF77A7000 \SystemRoot\System32\drivers\vga.sys
0xF79F5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77AF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7937000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xACFE8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xACF8F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xACF69000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA1A5000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBA195000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xACEE4000 \SystemRoot\System32\Drivers\avgtdix.sys
0xACEBC000 \SystemRoot\System32\DRIVERS\netbt.sys
0xACE9A000 \SystemRoot\System32\drivers\afd.sys
0xBA185000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBA7F8000 \SystemRoot\system32\drivers\srvkp.sys
0xACE6F000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xACDFF000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA165000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9E55000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAC02C000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB1D31000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9ED1000 \SystemRoot\System32\drivers\Dxapi.sys
0xAD01B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAD093000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xABEA4000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xABC78000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xABB5B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xACF0F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xABAF6000 \SystemRoot\system32\drivers\wdmaud.sys
0xABE04000 \SystemRoot\system32\drivers\sysaudio.sys
0xABE14000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xAB4D1000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD00B000 \??\C:\WINDOWS\System32\drivers\symlcbrd.sys
0xAB198000 \SystemRoot\System32\Drivers\HTTP.sys
0xABE74000 \??\C:\Program Files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\w3304an5.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 40):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
692 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
924 C:\WINDOWS\system32\svchost.exe
1008 svchost.exe
1076 C:\WINDOWS\system32\svchost.exe
1124 C:\WINDOWS\system32\svchost.exe
1348 C:\WINDOWS\explorer.exe
1396 svchost.exe
1500 svchost.exe
1716 C:\WINDOWS\system32\LEXBCES.EXE
1760 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\system32\LEXPPS.EXE
1904 svchost.exe
1944 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2032 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
296 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
524 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
532 C:\WINDOWS\system32\ctfmon.exe
576 C:\Program Files\AVG\AVG8\avgrsx.exe
312 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
652 C:\Program Files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe
676 C:\Program Files\Microsoft Office\Office\OSA.EXE
1188 C:\Program Files\AVG\AVG8\avgcsrvx.exe
1924 svchost.exe
2076 C:\Program Files\Java\jre6\bin\jqs.exe
2124 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2188 C:\WINDOWS\system32\svchost.exe
2300 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2736 C:\WINDOWS\system32\wuauclt.exe
2836 wmiprvse.exe
2468 C:\WINDOWS\system32\WGATray.exe
2056 C:\Program Files\Mozilla Firefox\firefox.exe
1208 C:\WINDOWS\system32\wscntfy.exe
2480 C:\WINDOWS\explorer.exe
3420 C:\Documents and Settings\Janna\Bureaublad\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST380012A, Rev: 4.04
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: F238F1FE114296B6DC7716517DC1DADB3FF3D5C6
Done!
EvelineGirl 10 September 2010, 12:42 Hoi Sinkfun, ;)
Ik neem het even van Rosty over.
1.
Open een nieuw kladblok bestand en kopieer/plak de onderstaande code daarin:
File::
c:\windows\system32\dlo15.dll
c:\windows\system32\dlo15.tmp
c:\windows\system32\drivers\nubeirdx.sys
c:\windows\system32\bpledlu.dll
Folder::
c:\documents and settings\Janna\Local Settings\Application Data\vsmgtpwyj
Driver::
nubeirdx
afffwsii
NetSvc::
afffwsii
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FE071A5-F4A0-4C87-8EBD-2243E3EE3767}]
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f, 63,68,6b,20,2a,00,00
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://crew.nucia.eu/smeenk/CFScript.gif
Dit zal ComboFix doen herstarten, post het nieuwe Combofix logje in je volgende antwoord.
Succes,
Eveline. :)
Sinkfun 11 September 2010, 10:32 logje,
ComboFix 10-09-09.04 - Janna 11/09/2010 10:09:52.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1981.1389 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Janna\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Janna\Bureaublad\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\bpledlu.dll"
"c:\windows\system32\dlo15.dll"
"c:\windows\system32\dlo15.tmp"
"c:\windows\system32\drivers\nubeirdx.sys"
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-11 to 2010-09-11 ))))))))))))))))))))))))))))))
.
2010-09-10 11:22 . 2010-09-10 11:22 1146208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-09-10 11:22 . 2010-09-10 11:22 1478936 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2010-09-10 11:22 . 2010-09-10 11:22 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2010-09-10 11:22 . 2010-09-10 11:22 759064 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2010-09-09 18:16 . 2010-09-11 08:00 -------- d--h--r- c:\documents and settings\Janna\Onlangs geopend
2010-09-08 08:36 . 2010-09-08 08:36 388096 ----a-r- c:\documents and settings\Janna\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 08:36 . 2010-09-08 08:36 -------- d-----w- c:\program files\Trend Micro
2010-09-07 16:20 . 2010-09-07 16:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-07 16:19 . 2010-09-07 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\documents and settings\Janna\Application Data\Malwarebytes
2010-09-07 15:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-07 15:52 . 2010-09-07 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 15:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 18:31 . 2010-09-06 18:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-06 17:20 . 2010-09-06 17:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-06 17:20 . 2010-09-06 17:32 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-06 17:19 . 2010-09-06 17:32 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-06 17:19 . 2010-09-06 17:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-06 17:19 . 2010-09-11 07:59 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-06 17:19 . 2010-09-07 19:21 -------- d-----w- c:\documents and settings\Janna\Application Data\AVGTOOLBAR
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\documents and settings\Janna\Local Settings\Application Data\Threat Expert
2010-09-06 16:29 . 2010-08-30 11:57 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-06 16:29 . 2010-08-30 11:57 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-09-06 16:29 . 2010-08-30 11:57 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-09-06 16:29 . 2010-08-26 07:30 2074 ----a-w- c:\windows\UDB.zip
2010-09-06 16:29 . 2010-08-23 07:36 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-06 16:29 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-09-06 16:24 . 2010-09-06 18:27 -------- d-----w- c:\program files\PC Tools Security
2010-09-06 16:14 . 2010-09-06 18:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-06 16:02 . 2010-09-06 16:05 80729096 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_aff_dl.exe
2010-09-06 16:02 . 2010-09-06 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-06 15:08 . 2010-09-06 15:09 -------- d-----w- C:\system32
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-11 07:59 . 2009-11-16 09:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-09 18:11 . 2008-03-13 15:18 -------- d-----w- c:\program files\CCleaner
2010-09-08 07:18 . 2008-08-02 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-09-06 18:34 . 2008-06-19 08:14 -------- d-----w- c:\documents and settings\Janna\Application Data\uTorrent
2010-09-06 17:19 . 2010-09-11 07:58 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2010-09-06 16:26 . 2010-09-06 16:25 714186 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-08-12 08:01 . 2008-03-18 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 07:59 . 1980-01-01 00:00 91716 ----a-w- c:\windows\system32\perfc013.dat
2010-08-12 07:59 . 1980-01-01 00:00 510666 ----a-w- c:\windows\system32\perfh013.dat
2010-06-30 12:33 . 1980-01-01 00:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-04-28 13:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1980-01-01 00:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 00:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1980-01-01 00:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-06-01 15:38 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 1980-01-01 00:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-11-16 09:09 . 2009-11-16 09:07 16908057 ----a-w- c:\program files\AVCP.2.7.8_[RH].rar
2006-11-29 16:05 . 2006-11-29 16:07 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-03-01 17:35 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-03-01 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-01 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Janna\Menu Start\Programma's\Opstarten\
Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-2-3 111376]
Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-2-3 51984]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
CPWNA Monitor.lnk - c:\program files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe [2003-9-8 819288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-06 17:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRu ntime.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/09/2010 19:19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/09/2010 19:20 108552]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNET URPX.SYS [17/11/2009 19:03 7936]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/09/2010 19:19 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [6/09/2010 18:29 235472]
R3 CPWNA1D;Philips 11Mbps Notebook Adapter Driver;c:\windows\system32\drivers\CPWNA1D.sys [7/10/2003 18:34 51328]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [28/01/2010 18:18 27632]
R3 w3304an5;WN3X0X Wireless Adapter;c:\program files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\W3304AN5.sys [7/10/2002 4:14 15104]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [28/01/2010 18:17 90112]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2/06/2009 17:24 16512]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNET TBOH.SYS [17/11/2009 19:03 23680]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [11/07/2009 8:00 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [11/07/2009 8:00 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [11/07/2009 8:00 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [11/07/2009 8:00 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [11/07/2009 8:00 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sy s [11/07/2009 8:00 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [11/07/2009 8:00 117672]
.
Inhoud van de 'Gedeelde Taken' map
2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-11 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-09-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Janna\Menu Start\Programma's\IMVU\Run IMVU.lnk
Trusted Zone: fortisbanking.be\www
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
FF - ProfilePath - c:\documents and settings\Janna\Application Data\Mozilla\Firefox\Profiles\oe6aexm8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector .dll
FF - component: c:\program files\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dl l
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 10:15
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(1812)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-09-11 10:19:28
ComboFix-quarantined-files.txt 2010-09-11 08:19
ComboFix2.txt 2010-09-10 12:07
ComboFix3.txt 2010-09-09 11:44
ComboFix4.txt 2010-09-08 19:17
Pre-Run: 58.201.161.728 bytes beschikbaar
Post-Run: 58.188.595.200 bytes beschikbaar
- - End Of File - - 61FCC8D95D4D3511D4D78FA86FE7F22D
thx !
EvelineGirl 12 September 2010, 16:04 Hoi, ;)
Dat ziet er allemaal goed uit. Ondervind je nog problemen?
Ik zie wel dat je AVG8 moet gaan vervangen voor AVG9 of een andere Antivirus Programma.
Laten we ook verder even kijken van wat er een update kan gebruiken.
1.
Download Security Check by screen317 via een van de onderstaande links.
Plaats deze op je bureaublad:
http://screen317.spywareinfoforum.org/SecurityCheck.exe
Of
http://screen317.changelog.fr/SecurityCheck.exe
Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt ) plaats de inhoud ervan in je volgende antwoord.
Sluit Kladblok.
2.
Post ook nog even een nieuw HijackThis logje.
Succes,
Eveline. :)
Sinkfun 12 September 2010, 20:55 Checkup.txt ;
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
Norton Personal Firewall 2006
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Janna LOCALS~1 Temp RarSFX0\presetup.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)
``````````End of Log````````````
Hijackthis logje vlogt ;)
alstu;
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:24, on 12/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: CPWNA Monitor.lnk = C:\Program Files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Janna\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\lexbces.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9113 bytes
Bedankt voor de hulp!
EvelineGirl 13 September 2010, 13:41 Hoi, ;)
Antivir Avira is in ieder geval een goede keuze geweest. Verder kan je Java, Adobe en Firefox software een update gebruiken. En ik wil je aanraden de IOBit Toolbar te deinstalleren. Deze heeft een dubieuze reputatie: http://www.systemlookup.com/CLSID/66193-tbIObi_dll_tbIOb0_dll_tbIOb1_dll.html
1.
Ga naar start -> Uitvoeren.
Kopieer en plak: Combofix /Uninstall
Druk op Enter
Als het goed is krijg je de melding dat Combofix werd verwijderd.
Ga opnieuw naar start -> Uitvoeren.
Kopieer en plak: SC stop "NMIndexingService"
Druk op Enter.
Daarna kopieer en plak je: SC delete "NMIndexingService"
Gevolgd door Enter
Doe dit nu het zelfde met:
SC stop SDhelper (+Enter)
En voor
SC Delete SDhelper (+Enter)
2.
Je mag de volgende regels nog 'fixen' met HijackThis. Als je besluit de IObitCom Toolbar te behouden dan de eerste lijn in het rood niet mee fixen.
Start HijackThis en kies voor 'Do a system scan only'
Vink alleen indien aanwezig de volgende regels aan:
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Janna\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
Sluit alle geopende vensters en klik op 'Fix Checked'. Sluit HijackThis.
Deinstalleer nu de IObitCom Toolbar indien je besluit deze wel te deinstalleren.
Herstart de computer.
Verwijder de map voor AVG en die van IObitCom Toolbar als je deze gedeinstalleerd hebt en indien de mappen nog aanwezig zijn.
3.
Heb je toevallig ook Norton op deze computer gebruikt er staat nog een service in het logje?
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Indien dit het geval is dan moet deze nog verwijderd worden.
Norton Removal tool: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
4.
Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
Hoe u de herstelpunten verwijderd leest u hier (http://www.malwareinfo.nl/malware/systeemherstel.html)
Hoe u zelf snel een nieuw systeemherstelpunt aan kunt maken leest u hier (http://www.malwareinfo.nl/handigetips/snelherstelpuntmaken.html)
5.
Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
Download Java Runtime Environment (JRE) 6 Update 21 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "Java Platform Standard Edition".
Klik op de "Download JRE" knop aan de rechterkant.
In het uitklapmenu rechts naast Platform, selecteer Windows
Vink aan: "I agree to the Java SE Runtime Environment 6u21 with JavaFX License Agreement", en klik op Continue.
De pagina zal herladen.
Klik op de jre-6u21-windows-i586.exe link ONDER Available Files en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u21-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.
6.
Download hier de nieuwe Adobe software: http://www.adobe.com/nl/products/reader/
7.
En hier kan je de nieuwe FireFox software downloaden:
http://www.mozilla-europe.org/nl/firefox/
8.
Preventie informatie.
Hier (http://www.malwareinfo.nl/malware/malwarepreventie.html) en hier (http://users.telenet.be/marcvn/spyware/1564073.htm) staat informatie hoe u een infectie kunt voorkomen. Voorkomen is immers beter dan genezen.
Na dit alles plaats je nog 1 niet HijackThis logje ter controle. :)
Succes,
Eveline.
Sinkfun 13 September 2010, 23:58 een 'niet hijackthis' logje Mbam) ;
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org (http://www.malwarebytes.org)
Databaseversie: 4580
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13/09/2010 23:57:24
mbam-log-2010-09-13 (23-57-24).txt
Scantype: Volledige scan (A:\|C:\|D:\|)
Objecten gescand: 210367
Verstreken tijd: 1 uur/uren, 44 minuut/minuten, 53 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
ziet er super uit!
(securety check log)
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 9.3 - Nederlands
Mozilla Firefox (3.6.9)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
en toch en Hijckthis logje, moest er nog nood aan zijn;
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:03:14, on 14/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: CPWNA Monitor.lnk = C:\Program Files\Philips\Philips 11Mbps Notebook Adapter\drivers\WINXP\PHNBMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\lexbces.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
--
End of file - 8631 bytes
Hartelijk dank aan zowel Evelyn als Rosty! en alle andere leden van Minatica . be !
Hartelijk dank voor de hulp!
mvg. maxim g.
EvelineGirl 14 September 2010, 12:06 Hoi, :)
Je computer is nu weer helemaal up to date en nu dus weer goed beschermd tegen malware. Als er verder geen problemen meer zijn mag je alle losse pictogrammen en logjes verwijderen en beschouwen we dit onderwerp als opgelost. ;)
Sinkfun 14 September 2010, 12:07 en een AVIRA logje;
Avira AntiVir Personal
Report file date: dinsdag 14 september 2010 10:54
Scanning for 2836675 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Janna
Computer name : OEM-V69TTIW1ZJR
Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 1/04/2010 11:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 11:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 7/03/2010 17:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 18:48:58
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 18:49:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 18:49:19
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 22:00:16
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 22:00:16
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 22:00:16
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 22:00:16
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 22:00:16
VBASE013.VDF : 7.10.11.138 2048 Bytes 13/09/2010 22:00:16
VBASE014.VDF : 7.10.11.139 2048 Bytes 13/09/2010 22:00:16
VBASE015.VDF : 7.10.11.140 2048 Bytes 13/09/2010 22:00:17
VBASE016.VDF : 7.10.11.141 2048 Bytes 13/09/2010 22:00:17
VBASE017.VDF : 7.10.11.142 2048 Bytes 13/09/2010 22:00:17
VBASE018.VDF : 7.10.11.143 2048 Bytes 13/09/2010 22:00:17
VBASE019.VDF : 7.10.11.144 2048 Bytes 13/09/2010 22:00:17
VBASE020.VDF : 7.10.11.145 2048 Bytes 13/09/2010 22:00:17
VBASE021.VDF : 7.10.11.146 2048 Bytes 13/09/2010 22:00:17
VBASE022.VDF : 7.10.11.147 2048 Bytes 13/09/2010 22:00:17
VBASE023.VDF : 7.10.11.148 2048 Bytes 13/09/2010 22:00:17
VBASE024.VDF : 7.10.11.149 2048 Bytes 13/09/2010 22:00:17
VBASE025.VDF : 7.10.11.150 2048 Bytes 13/09/2010 22:00:17
VBASE026.VDF : 7.10.11.151 2048 Bytes 13/09/2010 22:00:17
VBASE027.VDF : 7.10.11.152 2048 Bytes 13/09/2010 22:00:17
VBASE028.VDF : 7.10.11.153 2048 Bytes 13/09/2010 22:00:17
VBASE029.VDF : 7.10.11.154 2048 Bytes 13/09/2010 22:00:18
VBASE030.VDF : 7.10.11.155 2048 Bytes 13/09/2010 22:00:18
VBASE031.VDF : 7.10.11.157 50176 Bytes 13/09/2010 22:00:18
Engineversion : 8.2.4.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/09/2010 18:49:42
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 12/09/2010 18:49:42
AESCN.DLL : 8.1.6.1 127347 Bytes 12/09/2010 18:49:40
AESBX.DLL : 8.1.3.1 254324 Bytes 12/09/2010 18:49:43
AERDL.DLL : 8.1.8.2 614772 Bytes 12/09/2010 18:49:40
AEPACK.DLL : 8.2.3.5 471412 Bytes 12/09/2010 18:49:39
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 12/09/2010 18:49:38
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 12/09/2010 18:49:38
AEHELP.DLL : 8.1.13.3 242038 Bytes 12/09/2010 18:49:34
AEGEN.DLL : 8.1.3.20 397684 Bytes 12/09/2010 18:49:34
AEEMU.DLL : 8.1.2.0 393588 Bytes 12/09/2010 18:49:33
AECORE.DLL : 8.1.16.2 192887 Bytes 12/09/2010 18:49:33
AEBB.DLL : 8.1.1.0 53618 Bytes 12/09/2010 18:49:32
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 11:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 11:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 1/04/2010 11:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 1/04/2010 11:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 1/04/2010 11:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 08:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 11:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 13:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 9/04/2010 13:14:29
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: dinsdag 14 september 2010 10:54
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'wuauclt.exe' - '42' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '63' Module(s) have been scanned
Scan process 'avcenter.exe' - '103' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'OSA.EXE' - '25' Module(s) have been scanned
Scan process 'PHNBMonitor.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'SupServ.exe' - '15' Module(s) have been scanned
Scan process 'mdm.exe' - '20' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '55' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '38' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '36' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'Explorer.EXE' - '103' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '24' Module(s) have been scanned
Scan process 'spoolsv.exe' - '67' Module(s) have been scanned
Scan process 'lexbces.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '170' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '67' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1737' files ).
Starting the file scan:
Begin scan in 'C:\' <jana>
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP11\A0000793.exe
[DETECTION] Is the TR/Jorik.Kbot.T.2 Trojan
Beginning disinfection:
C:\System Volume Information\_restore{99875BAE-4EB5-4ED0-990B-49FD474664BA}\RP11\A0000793.exe
[DETECTION] Is the TR/Jorik.Kbot.T.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '47c7edbb.qua'.
End of the scan: dinsdag 14 september 2010 12:05
Used time: 1:10:38 Hour(s)
The scan has been done completely.
8553 Scanned directories
238767 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
238766 Files not concerned
7323 Archives were scanned
0 Warnings
1 Notes
520615 Objects were scanned with rootkit scan
1 Hidden objects were found
EvelineGirl 14 September 2010, 12:10 Die gevonden items door Avira zitten in je systeemherstelpunten:
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
Hoe u de herstelpunten verwijderd leest u hier (http://www.malwareinfo.nl/malware/systeemherstel.html)
Hoe u zelf snel een nieuw systeemherstelpunt aan kunt maken leest u hier (http://www.malwareinfo.nl/handigetips/snelherstelpuntmaken.html)
Sinkfun 14 September 2010, 12:20 done & done,
maar dit had ik al gedaan bij een van uw vorige posts,...
Verder nog iets dat ik moet doen? nieuw logje ofzo? Ik wil jullie nog maals bedanken voor jullie hulp!
mvg. Maxim
EvelineGirl 14 September 2010, 12:21 Nee hoor alles is in orde zo. ;)
|
|