Ga naar inhoud

Trojaans paard Generic 17.BEMO

JohM
 Delen

Aanbevolen berichten

JohM Groentje

JohM

Geplaatst:
Geplaatst:

Er kwam een melding van AVG (free) op mijn pc dat er een trojaans paard Generic 17.BEMO gevonden was, ik weet niet hoe dit van mijn pc te krijgen dus besloot ik een Hijack this logje aan te maken. Ik hoop dat iemand mij kan helpen!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:18:05, on 14-6-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Zoeken - zoeken op het web

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = mijnAOL | HP

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2651248590-3374784785-4111504805-1013\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tanja')

O4 - HKUS\S-1-5-21-2651248590-3374784785-4111504805-1013\..\Run: [Google Update] "C:\Documents and Settings\Tanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Tanja')

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

--

End of file - 11699 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
JohM Groentje

JohM

Geplaatst:
  • Auteur
Geplaatst:

Hier de logfiles:

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4200

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15-6-2010 18:15:33

mbam-log-2010-06-15 (18-15-33).txt

Scantype: Snelle scan

Objecten gescand: 172004

Verstreken tijd: 7 minuut/minuten, 27 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\WINDOWS\system32\drivers\vkfheas.sys (Backdoor.IEbooot) -> Delete on reboot.

en

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:57:29, on 15-6-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe

C:\HP\KBD\KBD.EXE

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Zoeken - zoeken op het web

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = mijnAOL | HP

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

--

End of file - 11208 bytes

---------- Post toegevoegd om 17:00 ---------- Vorige post was om 16:58 ----------

Hier de logfiles:

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4200

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15-6-2010 18:15:33

mbam-log-2010-06-15 (18-15-33).txt

Scantype: Snelle scan

Objecten gescand: 172004

Verstreken tijd: 7 minuut/minuten, 27 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\WINDOWS\system32\drivers\vkfheas.sys (Backdoor.IEbooot) -> Delete on reboot.

en

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:57:29, on 15-6-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe

C:\HP\KBD\KBD.EXE

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Zoeken - zoeken op het web

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = mijnAOL | HP

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

--

End of file - 11208 bytes

Link naar reactie
Delen op andere sites
JohM Groentje

JohM

Geplaatst:
  • Auteur
Geplaatst:

Helaas geeft AVG nog steeds aan dat het Trojaans paard Generic 17.BEMO aanwezig is.

Na nog 2x uitvoeren van Malwarebytes is steeds de volgende regel te vinden in het logbestand:

Bestanden geïnfecteerd:

C:\WINDOWS\system32\drivers\vkfheas.sys (Backdoor.IEbooot) -> Delete on reboot.

Ook nog CCleaner een paar keer uitgevoerd zoals in een vergelijkbare oplossing stond.

Ik zal vanavond de laatste logbestanden HijackThis en Malwarebytes anders nog een keer sturen?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Komt die foutmelding van Malwarebytes terug nà het opstarten van de PC ? Want "delete on reboot" betekent - in dit geval - dat de besmetting pas verdwijnt na uitschakelen en terug opstarten van de PC.

Indien dit opstarten inmiddels wél gebeurd is, mag je dit uitvoeren :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Wacht maar even met nieuwe logjes van MBAM en HJT tot we dit log van Combofix gezien hebben.

Link naar reactie
Delen op andere sites
JohM Groentje

JohM

Geplaatst:
  • Auteur
Geplaatst:

Hier de ComboFix log:

ComboFix 10-06-15.04 - HP_Administrator 16-06-2010 19:00:06.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.958.544 [GMT 2:00]

Gestart vanuit: c:\documents and settings\HP_Administrator\Mijn documenten\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-16 to 2010-06-16 ))))))))))))))))))))))))))))))

.

2010-06-16 16:46 . 2010-06-16 16:50 -------- d--h--r- c:\documents and settings\HP_Administrator\Onlangs geopend

2010-06-15 18:27 . 2010-06-15 18:27 -------- d-----w- c:\documents and settings\Tanja\Application Data\Malwarebytes

2010-06-15 17:08 . 2010-06-15 17:08 -------- d-----w- c:\program files\CCleaner

2010-06-15 15:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-15 15:43 . 2010-06-15 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-15 15:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-14 17:17 . 2010-06-14 17:17 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-13 20:11 . 2010-06-13 20:11 63488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-13 20:11 . 2010-06-13 20:11 52224 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-13 20:11 . 2010-06-13 20:11 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-13 20:10 . 2010-06-13 20:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com

2010-06-13 15:34 . 2010-06-13 22:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Common Toolkit Suite

2010-06-13 15:10 . 2010-06-13 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2010-06-13 15:10 . 2010-06-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-13 10:15 . 2010-06-13 10:15 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert

2010-06-13 09:21 . 2010-06-13 09:21 -------- d-----w- c:\program files\Trend Micro

2010-06-12 19:42 . 2010-06-12 19:42 -------- d-----w- c:\documents and settings\LocalService\Bureaublad

2010-06-12 18:47 . 2010-06-12 18:47 -------- d-----w- C:\PFiles

2010-06-12 18:33 . 2010-01-27 11:51 767952 ----a-w- c:\windows\BDTSupport.dll

2010-06-12 18:33 . 2010-01-22 06:56 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-06-12 18:33 . 2010-01-22 06:56 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-06-12 18:33 . 2010-01-22 06:56 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-06-12 18:33 . 2009-10-27 22:36 1152444 ----a-w- c:\windows\UDB.zip

2010-06-12 18:33 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip

2010-06-12 18:29 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-12 18:28 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-12 18:28 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-12 18:28 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-12 18:28 . 2010-06-13 15:41 -------- d-----w- c:\program files\PC Tools Security

2010-06-12 18:28 . 2010-06-12 18:34 -------- d-----w- c:\program files\Common Files\PC Tools

2010-06-12 18:28 . 2010-06-12 18:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools

2010-06-12 18:28 . 2010-06-12 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-06-12 17:00 . 2010-06-12 17:00 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe

2010-06-12 17:00 . 2010-06-12 23:43 36640 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2010-06-12 17:00 . 2010-06-12 23:43 17825056 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-06-12 16:49 . 2010-06-12 18:25 -------- d-----w- c:\program files\Common Files\ParetoLogic

2010-06-12 16:49 . 2010-06-12 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2010-06-12 16:48 . 2010-06-12 16:48 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations

2010-06-11 19:26 . 2010-06-11 19:26 -------- d-----w- c:\program files\Windows Defender

2010-06-11 19:00 . 2010-06-13 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\clp

2010-06-11 19:00 . 2010-06-13 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite

2010-06-11 18:59 . 2010-06-13 15:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Fighters

2010-06-11 18:59 . 2010-06-11 18:59 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PackageAware

2010-06-11 18:11 . 2010-06-11 18:11 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-06-11 18:10 . 2010-06-11 18:10 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2010-06-11 15:21 . 2010-05-06 10:36 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-10 21:33 . 2010-06-15 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-10 21:33 . 2010-06-10 21:37 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-06-10 20:40 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-06-10 19:25 . 2010-06-16 16:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-10 16:53 . 2010-06-12 16:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent

2010-06-09 14:24 . 2010-06-16 17:06 772096 ----a-w- c:\windows\system32\drivers\vkfheas.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-15 17:38 . 2010-04-27 15:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate

2010-06-14 06:30 . 2006-11-09 12:39 -------- d-----w- c:\program files\Google

2010-06-12 23:43 . 2010-06-12 17:00 4460 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2010-06-12 23:43 . 2010-06-12 17:00 239804 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-06-12 16:10 . 2010-02-27 08:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit

2010-06-12 16:10 . 2006-11-09 12:25 -------- d-----w- c:\program files\Microsoft Works

2010-06-12 16:10 . 2008-07-27 11:57 -------- d-----w- c:\program files\CardRecovery

2010-06-12 16:09 . 2008-06-22 18:20 -------- d-----w- c:\program files\FinePixViewer

2010-06-12 16:09 . 2008-07-13 13:41 -------- d-----w- c:\documents and settings\Jelle\Application Data\uTorrent

2010-06-12 08:44 . 2006-01-27 10:38 92564 ----a-w- c:\windows\system32\perfc013.dat

2010-06-12 08:44 . 2006-01-27 10:38 513384 ----a-w- c:\windows\system32\perfh013.dat

2010-06-10 20:39 . 2007-01-23 19:58 69016 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-09 14:23 . 2010-06-09 14:23 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat

2010-06-05 07:48 . 2010-04-17 11:50 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-03 14:46 . 2009-04-16 12:16 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 14:46 . 2007-01-23 20:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-06 10:37 . 2004-09-02 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:10 . 2004-09-02 11:00 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-25 10:36 . 2007-01-25 11:47 69016 ----a-w- c:\documents and settings\Tanja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-20 05:35 . 2004-09-02 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2007-01-22 20:45 . 2007-01-22 20:45 22 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-30 284184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-09 180269]

"PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2006-05-11 376832]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-11-9 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-11-9 27136]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-1-22 49220]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12-6-2010 20:28 218592]

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [5-6-2007 18:25 15172]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10-5-2008 23:32 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16-4-2009 14:16 242896]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14-3-2010 12:14 308064]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12-6-2010 20:33 112592]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-7-2008 17:19 716272]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004};PCD5SRVC{8A863ACB-F5F6CC6A-05010004} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11-5-2006 7:26 21248]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12-6-2010 20:28 366840]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - vkfheas

.

Inhoud van de 'Gedeelde Taken' map

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651248590-3374784785-4111504805-1007Core.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-22 17:25]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651248590-3374784785-4111504805-1007UA.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-22 17:25]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651248590-3374784785-4111504805-1013Core.job

- c:\documents and settings\Tanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 17:25]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651248590-3374784785-4111504805-1013UA.job

- c:\documents and settings\Tanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 17:25]

2010-06-15 c:\windows\Tasks\HPpromotions journeysoftware.job

- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-16 19:06

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{8A863ACB-F5F6CC6A-05010004}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vkfheas]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(860)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

Voltooingstijd: 2010-06-16 19:08:56

ComboFix-quarantined-files.txt 2010-06-16 17:08

ComboFix2.txt 2010-06-13 10:03

Pre-Run: 92.380.295.168 bytes beschikbaar

Post-Run: 92.364.091.392 bytes beschikbaar

- - End Of File - - 4FE67DFEC35122BF83FAA4BA60E98C7C

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat

c:\windows\system32\drivers\vkfheas.sys

Driver::

vkfheas.sys

Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vkfheas]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van Malwarebytes.

Link naar reactie
Delen op andere sites
JohM Groentje

JohM

Geplaatst:
  • Auteur
Geplaatst:

Hier de logbestanden:

ComboFix 10-06-16.04 - HP_Administrator 17-06-2010 18:28:10.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.958.490 [GMT 2:00]

Gestart vanuit: c:\documents and settings\HP_Administrator\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\HP_Administrator\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Nieuw herstelpunt werd aangemaakt

FILE ::

"c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat"

"c:\windows\system32\drivers\vkfheas.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat

c:\windows\system32\drivers\vkfheas.sys

c:\windows\system32\win.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_vkfheas

-------\Service_vkfheas

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-17 to 2010-06-17 ))))))))))))))))))))))))))))))

.

2010-06-16 16:46 . 2010-06-17 16:17 -------- d--h--r- c:\documents and settings\HP_Administrator\Onlangs geopend

2010-06-15 18:27 . 2010-06-15 18:27 -------- d-----w- c:\documents and settings\Tanja\Application Data\Malwarebytes

2010-06-15 17:08 . 2010-06-15 17:08 -------- d-----w- c:\program files\CCleaner

2010-06-15 15:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-15 15:43 . 2010-06-15 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-15 15:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-14 17:17 . 2010-06-14 17:17 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-13 20:11 . 2010-06-13 20:11 63488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-13 20:11 . 2010-06-13 20:11 52224 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-13 20:11 . 2010-06-13 20:11 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-13 20:10 . 2010-06-13 20:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com

2010-06-13 15:34 . 2010-06-13 22:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Common Toolkit Suite

2010-06-13 15:10 . 2010-06-13 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2010-06-13 15:10 . 2010-06-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-13 10:15 . 2010-06-13 10:15 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert

2010-06-13 09:21 . 2010-06-13 09:21 -------- d-----w- c:\program files\Trend Micro

2010-06-12 19:42 . 2010-06-12 19:42 -------- d-----w- c:\documents and settings\LocalService\Bureaublad

2010-06-12 18:47 . 2010-06-12 18:47 -------- d-----w- C:\PFiles

2010-06-12 18:33 . 2010-01-27 11:51 767952 ----a-w- c:\windows\BDTSupport.dll

2010-06-12 18:33 . 2010-01-22 06:56 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-06-12 18:33 . 2010-01-22 06:56 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-06-12 18:33 . 2010-01-22 06:56 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-06-12 18:33 . 2009-10-27 22:36 1152444 ----a-w- c:\windows\UDB.zip

2010-06-12 18:33 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip

2010-06-12 18:29 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-12 18:28 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-12 18:28 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-12 18:28 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-12 18:28 . 2010-06-13 15:41 -------- d-----w- c:\program files\PC Tools Security

2010-06-12 18:28 . 2010-06-12 18:34 -------- d-----w- c:\program files\Common Files\PC Tools

2010-06-12 18:28 . 2010-06-12 18:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools

2010-06-12 18:28 . 2010-06-12 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-06-12 17:00 . 2010-06-12 17:00 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe

2010-06-12 17:00 . 2010-06-12 23:43 36640 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2010-06-12 17:00 . 2010-06-12 23:43 17825056 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-06-12 16:49 . 2010-06-12 18:25 -------- d-----w- c:\program files\Common Files\ParetoLogic

2010-06-12 16:49 . 2010-06-12 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2010-06-12 16:48 . 2010-06-12 16:48 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations

2010-06-11 19:26 . 2010-06-11 19:26 -------- d-----w- c:\program files\Windows Defender

2010-06-11 19:00 . 2010-06-13 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\clp

2010-06-11 19:00 . 2010-06-13 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite

2010-06-11 18:59 . 2010-06-13 15:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Fighters

2010-06-11 18:59 . 2010-06-11 18:59 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PackageAware

2010-06-11 18:11 . 2010-06-11 18:11 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-06-11 18:10 . 2010-06-11 18:10 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2010-06-11 15:21 . 2010-05-06 10:36 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-10 21:33 . 2010-06-16 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-10 21:33 . 2010-06-10 21:37 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-06-10 20:40 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-06-10 19:25 . 2010-06-17 16:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-10 16:53 . 2010-06-12 16:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-15 17:38 . 2010-04-27 15:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate

2010-06-14 06:30 . 2006-11-09 12:39 -------- d-----w- c:\program files\Google

2010-06-12 23:43 . 2010-06-12 17:00 4460 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2010-06-12 23:43 . 2010-06-12 17:00 239804 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-06-12 16:10 . 2010-02-27 08:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit

2010-06-12 16:10 . 2006-11-09 12:25 -------- d-----w- c:\program files\Microsoft Works

2010-06-12 16:10 . 2008-07-27 11:57 -------- d-----w- c:\program files\CardRecovery

2010-06-12 16:09 . 2008-06-22 18:20 -------- d-----w- c:\program files\FinePixViewer

2010-06-12 16:09 . 2008-07-13 13:41 -------- d-----w- c:\documents and settings\Jelle\Application Data\uTorrent

2010-06-12 08:44 . 2006-01-27 10:38 92564 ----a-w- c:\windows\system32\perfc013.dat

2010-06-12 08:44 . 2006-01-27 10:38 513384 ----a-w- c:\windows\system32\perfh013.dat

2010-06-10 20:39 . 2007-01-23 19:58 69016 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-05 07:48 . 2010-04-17 11:50 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-03 14:46 . 2009-04-16 12:16 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 14:46 . 2007-01-23 20:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-06 10:37 . 2004-09-02 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:10 . 2004-09-02 11:00 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-25 10:36 . 2007-01-25 11:47 69016 ----a-w- c:\documents and settings\Tanja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-20 05:35 . 2004-09-02 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2007-01-22 20:45 . 2007-01-22 20:45 22 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-06-16_17.06.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-17 16:37 . 2010-06-17 16:37 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-30 284184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-09 180269]

"PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2006-05-11 376832]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-11-9 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-11-9 27136]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-1-22 49220]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12-6-2010 20:28 218592]

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [5-6-2007 18:25 15172]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-7-2008 17:19 716272]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10-5-2008 23:32 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16-4-2009 14:16 242896]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14-3-2010 12:14 308064]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12-6-2010 20:33 112592]

R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004};PCD5SRVC{8A863ACB-F5F6CC6A-05010004} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11-5-2006 7:26 21248]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12-6-2010 20:28 366840]

.

Inhoud van de 'Gedeelde Taken' map

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651248590-3374784785-4111504805-1007Core.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-22 17:25]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651248590-3374784785-4111504805-1007UA.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-22 17:25]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651248590-3374784785-4111504805-1013Core.job

- c:\documents and settings\Tanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 17:25]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651248590-3374784785-4111504805-1013UA.job

- c:\documents and settings\Tanja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 17:25]

2010-06-16 c:\windows\Tasks\HPpromotions journeysoftware.job

- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-17 18:43

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys spye.sys >>UNKNOWN [0x8638C938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7696f28

\Driver\ACPI -> ACPI.sys @ 0xf73f3cb8

\Driver\atapi -> atapi.sys @ 0xf72c5b40

IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa

\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa

NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf715fbb0

PacketIndicateHandler -> NDIS.sys @ 0xf716ca21

SendHandler -> NDIS.sys @ 0xf714a87b

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{8A863ACB-F5F6CC6A-05010004}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(884)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(6988)

c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

.

**************************************************************************

.

Voltooingstijd: 2010-06-17 18:48:58 - machine werd herstart

ComboFix-quarantined-files.txt 2010-06-17 16:48

ComboFix2.txt 2010-06-16 17:08

ComboFix3.txt 2010-06-13 10:03

Pre-Run: 92.323.119.104 bytes beschikbaar

Post-Run: 92.126.982.144 bytes beschikbaar

- - End Of File - - 5F3FAB609144CE3E4075E0115DF8464E

en Malware:

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4200

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

17-6-2010 19:01:56

mbam-log-2010-06-17 (19-01-56).txt

Scantype: Snelle scan

Objecten gescand: 171277

Verstreken tijd: 9 minuut/minuten, 5 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Groeten Jos.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.