Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:11:04, on 12/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\viviane\Mijn documenten\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Skynet.be - LE portail belge – DE Belgische portaalsite!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Unigro : online shoppen - acheter en ligne

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 5497 bytes

  • Reacties 65
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Geplaatst:

Dit logje ziet er er prima uit :-)

Probeer dit nog eens even als extraatje :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Geplaatst:

hier het logje van combofix.

ComboFix 10-03-11.05 - viviane 12/03/2010 13:07:52.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.959.745 [GMT 1:00]

Gestart vanuit: c:\documents and settings\viviane\Bureaublad\ComboFix.exe

AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\viviane\Application Data\.#

c:\documents and settings\viviane\Application Data\explorer

c:\documents and settings\viviane\Application Data\SQLite3.dll

c:\recycler\S-1-5-21-790525478-117609710-839522115-1003

c:\windows\system32\Explorer

c:\windows\system32\syoepk_lib0.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

(((((((((((((((((((( Bestanden Gemaakt van 2010-02-12 to 2010-03-12 ))))))))))))))))))))))))))))))

.

2010-03-12 00:17 . 2010-03-12 00:17 -------- d-sh--w- c:\documents and settings\viviane\Onlangs geopend

2010-03-11 22:08 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-03-11 22:08 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-03-11 22:08 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-03-11 22:08 . 2010-03-11 22:08 -------- d-----w- c:\program files\Avira

2010-03-11 22:08 . 2010-03-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-03-11 21:19 . 2010-03-11 21:19 -------- d-----w- c:\documents and settings\viviane\Local Settings\Application Data\Opera

2010-03-11 21:19 . 2010-03-11 22:03 -------- d-----w- c:\program files\Opera

2010-03-11 12:33 . 2010-03-11 12:33 503808 ----a-w- c:\documents and settings\viviane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-15d2e141-n\msvcp71.dll

2010-03-11 12:33 . 2010-03-11 12:33 499712 ----a-w- c:\documents and settings\viviane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-15d2e141-n\jmc.dll

2010-03-11 12:33 . 2010-03-11 12:33 348160 ----a-w- c:\documents and settings\viviane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-15d2e141-n\msvcr71.dll

2010-03-11 12:33 . 2010-03-11 12:33 61440 ----a-w- c:\documents and settings\viviane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b8d1250-n\decora-sse.dll

2010-03-11 12:33 . 2010-03-11 12:33 12800 ----a-w- c:\documents and settings\viviane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b8d1250-n\decora-d3d.dll

2010-03-11 12:11 . 2010-03-11 12:11 -------- d-----w- c:\program files\Common Files\Java

2010-03-10 22:25 . 2010-03-11 11:40 -------- d-----w- c:\program files\a-squared Anti-Malware

2010-03-10 13:28 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-07 20:32 . 2010-03-07 20:32 -------- d-----w- c:\program files\Conduit

2010-03-07 20:32 . 2010-03-07 20:32 -------- d-----w- c:\documents and settings\viviane\Local Settings\Application Data\Conduit

2010-03-04 19:23 . 2010-03-04 19:35 -------- d-----w- c:\documents and settings\viviane\Application Data\FILEminimizerPictures

2010-03-03 16:52 . 2010-03-03 16:52 197057 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe

2010-03-03 16:52 . 2010-03-03 16:52 -------- d-----w- c:\program files\Common Files\Thraex Software

2010-03-03 16:52 . 2010-03-03 16:52 -------- d-----w- c:\program files\Photo Pos Pro

2010-03-03 15:34 . 2010-03-03 16:38 -------- d-----w- c:\program files\Photobie

2010-02-21 18:10 . 2010-03-01 11:54 -------- d-----w- c:\documents and settings\viviane\Tracing

2010-02-15 19:44 . 2010-02-15 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems

2010-02-15 19:43 . 2010-02-15 19:43 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-12 12:12 . 2009-09-09 18:47 12 ----a-w- c:\windows\bthservsdp.dat

2010-03-11 20:27 . 2009-08-16 15:03 -------- d-----w- c:\program files\Picture Resize Genius

2010-03-11 12:32 . 2009-03-30 21:52 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-11 12:17 . 2009-03-30 21:52 -------- d-----w- c:\program files\Java

2010-03-10 15:00 . 2009-03-17 13:32 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-04 10:38 . 2010-02-04 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-03 23:10 . 2009-03-29 12:26 -------- d-----w- c:\program files\CCleaner

2010-03-03 16:26 . 2009-04-10 17:56 -------- d-----w- c:\program files\Common Files\Adobe

2010-02-24 18:28 . 2009-03-17 13:44 44608 ----a-w- c:\documents and settings\viviane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-22 16:39 . 2009-10-12 22:41 -------- d-----w- c:\program files\Photo Effects Studio

2010-02-07 22:09 . 2010-02-07 22:09 -------- d-----w- c:\documents and settings\viviane\Application Data\GeoVid

2010-02-07 17:53 . 2010-02-07 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{7E26768F-1223-4C84-B447-09FB5ED2C81E}

2010-02-05 11:25 . 2009-10-05 14:52 -------- d-----w- c:\program files\AquaSoft

2010-02-04 23:05 . 2009-03-29 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-04 12:26 . 2010-02-04 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2010-02-02 22:55 . 2009-10-05 14:52 -------- d-----w- c:\documents and settings\viviane\Application Data\AquaSoft

2010-01-21 13:56 . 2010-01-21 13:48 -------- d-----w- c:\documents and settings\viviane\Application Data\PhotoFiltre

2010-01-20 20:10 . 2009-11-09 18:54 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 12:10 . 2010-01-20 12:10 -------- d-----w- c:\program files\Selteco

2010-01-12 11:00 . 2009-03-25 08:25 -------- d-----w- c:\documents and settings\viviane\Application Data\Skype

2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:10 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-21 10:42 . 2008-06-01 13:31 69632 ----a-w- c:\windows\system32\PosMessageLib.dll

2009-12-17 07:42 . 2009-03-17 13:09 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:10 . 2004-08-03 23:03 33280 ----a-w- c:\windows\system32\csrsrv.dll

.

------- Sigcheck -------

[-] 2008-04-14 . 0667A612D847BD87667F3CB1FC4C0D6C . 979456 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 0667A612D847BD87667F3CB1FC4C0D6C . 979456 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-03 . A1D7304A87FC3093150F5E3CC7B0F338 . 1035776 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2004-03-26 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2003-08-14 23:34 57344 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 0 (0x0)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/05/2009 21:03 721904]

R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [10/03/2010 23:25 1915496]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/03/2010 23:08 108289]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 12:13 38144]

R2 PowerSave;PowerSave Service;c:\program files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [6/04/2009 10:35 1002016]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 9:18 202016]

S3 a2acc;a2acc;c:\program files\a-squared Anti-Malware\a2accx86.sys [10/03/2010 23:41 67784]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 14:02 287232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.unigro.be/

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: unigro.be\www

.

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

ActiveSetup-{BAA5C04B-48DD-C12F-8BC2-0CD999A1EECA} - c:\windows\system32\java1.exe

AddRemove-WinAVI Video Converter 9.09.0 - c:\windows\WinAVI Video Converter 9.0\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-03-12 13:15

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe hal.dll CLASSPNP.SYS disk.sys ACPI.sys atapi.sys spuj.sys >>UNKNOWN [0x8564E938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28

\Driver\ACPI -> ACPI.sys @ 0xbae9dcb8

\Driver\atapi -> atapi.sys @ 0xbae32b40

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

NDIS: VIA Compatable Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xbad3bbb0

PacketIndicateHandler -> NDIS.sys @ 0xbad48a21

SendHandler -> NDIS.sys @ 0xbad2687b

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3204)

c:\windows\system32\SHDOCVW.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\windows\system32\VTTimer.exe

.

**************************************************************************

.

Voltooingstijd: 2010-03-12 13:17:49 - machine werd herstart

ComboFix-quarantined-files.txt 2010-03-12 12:17

Pre-Run: 185.463.291.904 bytes beschikbaar

Post-Run: 185.384.402.944 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6ECAE06F49A9B72D16F8BD287F1921DE

Geplaatst:

ja ik gebruik een router,ik denk dat de fout daar moet zitten maar waar ?

heb al naar de provider gebeld en email gestuurd naar de website zelf

maar allemaal zonder resultaat

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.