HTML:Iframe-inf - Virus/Worm

[Zhu]

Dag kape,

opnieuw bedankt voor de snelle reactie! Met Malwarebytes heb ik nog steeds hetzelfde probleem en ondertussen komt er een nieuwe foutmelding op het scherm: "regsvr32.exe", atl.dll kan niet worden gevonden.

In ieder geval, hier zijn de logbestandjes van HiJackThis and Combofix.

Het logbestandje van HiJackThis.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:07:14, on 30-8-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.21283)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

D:\Documents and Settings\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\regsvr32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Documents and Settings\aawservice.exe

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

--

End of file - 8699 bytes

Logbestandje van Combofix:

ComboFix 10-08-28.02 - Zhu 30-08-2010 11:06:03.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.751 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Zhu\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Zhu\Bureaublad\CFScript.txt

AV: avast! antivirus 4.8.1368 [VPS 100819-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))

.

2010-08-30 07:53 . 2010-08-30 07:53 -------- d-----w- c:\windows\system32\wbem\snmp

2010-08-30 07:53 . 2010-08-30 07:53 -------- d-----w- c:\windows\system32\xircom

2010-08-30 07:53 . 2010-08-30 07:53 -------- d-----w- c:\program files\microsoft frontpage

2010-08-20 09:20 . 2010-08-20 09:20 388096 ----a-r- c:\documents and settings\Zhu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-20 09:20 . 2010-08-20 09:20 -------- d-----w- c:\program files\Trend Micro

2010-08-20 09:12 . 2010-08-20 09:12 -------- d-----w- c:\program files\Common Files\Deterministic Networks

2010-08-19 16:00 . 2010-08-19 16:00 -------- d-----w- c:\documents and settings\Zhu\Application Data\Registry Mechanic

2010-08-19 14:34 . 2010-08-19 17:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-19 14:33 . 2010-08-19 14:33 -------- d-----w- c:\program files\Common Files\PC Tools

2010-08-19 14:05 . 2010-08-19 14:18 -------- d-----w- c:\documents and settings\Zhu\Application Data\Uniblue

2010-08-04 13:08 . 2010-08-04 13:08 -------- d-----w- c:\documents and settings\Zhu\Local Settings\Application Data\Yahoo

2010-08-04 13:07 . 2010-08-04 13:07 -------- d-----w- c:\documents and settings\Zhu\Application Data\Yahoo!

2010-08-04 12:58 . 2010-08-04 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-08-04 12:58 . 2010-04-20 14:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

2010-08-04 12:51 . 2010-08-04 12:58 -------- d-----w- c:\program files\Yahoo!

2010-08-01 11:42 . 2010-08-01 11:44 2568656 ----a-w- c:\documents and settings\Zhu\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-29 16:53 . 2001-09-07 12:00 91074 ----a-w- c:\windows\system32\perfc013.dat

2010-08-29 16:53 . 2001-09-07 12:00 509122 ----a-w- c:\windows\system32\perfh013.dat

2010-08-19 16:48 . 2009-07-19 13:28 -------- d-----w- c:\documents and settings\Zhu\Application Data\vlc

2010-08-19 14:45 . 2009-10-24 23:23 -------- d-----w- c:\documents and settings\Zhu\Application Data\BitTorrent

2010-08-17 16:53 . 2009-01-07 13:15 12543 ----a-w- c:\windows\system32\nvModes.dat

2010-08-16 16:25 . 2009-04-06 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-16 14:54 . 2007-11-11 01:24 29232 ----a-w- c:\documents and settings\Zhu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-15 22:04 . 2009-04-06 12:20 -------- d-----w- c:\program files\Microsoft Works

2010-08-09 11:48 . 2010-04-29 12:31 -------- d-----w- c:\program files\Hotspot Shield

2010-08-08 11:50 . 2007-11-11 01:17 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:19 . 2008-07-05 09:16 841216 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:19 . 2008-07-05 09:16 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:19 . 2008-07-05 09:16 17408 ----a-w- c:\windows\system32\corpol.dll

2010-06-24 09:02 . 2008-04-14 20:05 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-04-13 22:45 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2008-04-14 20:32 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2007-11-11 01:08 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:43 . 2008-04-14 20:32 1172480 ----a-w- c:\windows\system32\msxml3.dll

2008-02-07 19:46 . 2008-02-07 19:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-02-07 19:46 . 2008-02-07 19:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-02-07 19:46 . 2008-02-07 19:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-02-07 19:46 . 2008-02-07 19:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-02-07 19:46 . 2008-02-07 19:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-02-07 19:46 . 2008-02-07 19:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-02-07 19:46 . 2008-02-07 19:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-03-16 15:27 . 2007-03-16 15:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2007-03-16 15:27 . 2007-03-16 15:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2007-03-16 15:27 . 2007-03-16 15:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2007-07-20 10:47 . 2007-07-20 10:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-02-07 19:46 . 2008-02-07 19:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-08-29_19.15.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-30 08:00 . 2010-08-30 08:00 16384 c:\windows\Temp\Perflib_Perfdata_618.dat

+ 2010-08-30 08:02 . 2010-08-30 08:02 16384 c:\windows\Temp\Perflib_Perfdata_2d8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-10 4501504]

"nwiz"="nwiz.exe" [2008-11-10 323584]

"D-Link AirPlus XtremeG DWL-G122"="c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2010-06-24 124928]

c:\documents and settings\Zhu\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2009-12-29 1611152]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Zhu\\Mijn documenten\\Mijn video's\\age\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13-1-2010 15:29 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13-1-2010 15:29 20560]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [19-8-2010 16:56 583640]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28-1-2010 18:39 691696]

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.scroogle.org/cgi-bin/scraper.htm

FF - prefs.js: keyword.URL -

FF - component: c:\documents and settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-30 11:42

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(744)

c:\windows\system32\msi.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Voltooingstijd: 2010-08-30 11:51:34

ComboFix-quarantined-files.txt 2010-08-30 09:51

Pre-Run: 2.334.842.880 bytes beschikbaar

Post-Run: 2.325.803.008 bytes beschikbaar

- - End Of File - - D3E59FB42C789B6C1546CF499D4283D0

[kape]

Zijn dit "regsvr32.exe", atl.dll twee aparte meldingen die je krijgt of is dat er maar eentje. Wil je dan even de juiste formulering in je bericht plaatsen aub ?

[Zhu]

Hallo kape,

het gaat om één foutmelding met "regsvr32.exe" in de titelbalk (meen ik me toch te herinneren, de foutmelding kwam vandaag niet op het scherm) en met de tekst atl.dll kan niet worden gevonden. De precieze formulering weet ik niet meer.

Vandaag kwam er wel de volgende foutmelding op:

in de titelbalk: daemon tools lite. Tekst: dit programma heeft minstens Windows 2000 met SPTD 1.60 of hoger nodig. Kernell debugger moet gedeactiveerd zijn.

[kape]

Ga naar Kaspersky Online Scanner en klik onderaan op Accept.

Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.

• Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
  
• Klik vervolgens op de toets Scan.
  Start nu het scannen door op de tekst My Computer te klikken.
  Hou er rekening mee dat deze scan een tijdje in beslag neemt.
  
• Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
  Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt
  

Post dit rapport in je volgende bericht.

[Zhu]

Dag kape,

opnieuw bedankt voor je reactie, maar weer stuit ik op een probleem.

Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.

Ik heb Java dan maar gedownload en geinstalleerd, maar opnieuw krijg ik hetzelfde bericht.

Ik gebruik Mozilla Firefox. Misschien heeft dat er iets mee te maken, want ik kan me herinneren dat ik nog wel eens problemen heb gehad met Java.

[kape]

Heb je ook Internet Explorer op je PC staan ? Zo ja, probeer het daar eens mee !

[Zhu]

Heb je ook Internet Explorer op je PC staan ? Zo ja, probeer het daar eens mee !

Dag kape,

Als ik het met Internet Explorer probeer, krijg ik het volgende bericht:

"Launch of Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program."

Worden al deze problemen veroorzaakt door het virus/worm?

Alvast bedankt,

Zhu

[kape]

Start je PC eens op in "veilige modus", kies voor de netwerkverbinding ... en probeer dan eens of Kaspersky on-line wél lukt ?