Ga naar inhoud

Trojan horse PSW.Agent.AUET

moofy
 Delen

Aanbevolen berichten

moofy Groentje

moofy

Geplaatst:
Geplaatst:

Hallo allemaal

Sinds een tijdje geeft onze PC problemen met inloggen en recenter ook met oa internet; blijkbaar last van de trojan horse PSW.Agent.AUET (gelijkaardig als in dit topic: http://www.pc-helpforum.be/f201/trojan-horse-psw-agent-auet-43131/). Hieronder de log van mijn HijackThis... Any help is appreciated!

moofy

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:48:20, on 2012/05/30

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\PROGRAMS\Launchy\Launchy.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\AVG\AVG2012\avgui.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://imecwww.imec.be

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IMEC

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aramis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - .DEFAULT User Startup: Settings.bat (User 'Default user')

O4 - Startup: Launchy.lnk = C:\PROGRAMS\Launchy\Launchy.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://imecwww.imec.be

O15 - Trusted Zone: *.imec.be

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247230370609

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = imec.be

O17 - HKLM\Software\..\Telephony: DomainName = imec.be

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = imec.be

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--

End of file - 9350 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
moofy Groentje

moofy

Geplaatst:
  • Auteur
Geplaatst:

Nieuwe logjes...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:20:46, on 2012/05/30

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRAMS\Launchy\Launchy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://imecwww.imec.be

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IMEC

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aramis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - .DEFAULT User Startup: Settings.bat (User 'Default user')

O4 - Startup: Launchy.lnk = C:\PROGRAMS\Launchy\Launchy.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://imecwww.imec.be

O15 - Trusted Zone: *.imec.be

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247230370609

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = imec.be

O17 - HKLM\Software\..\Telephony: DomainName = imec.be

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = imec.be

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe

O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--

End of file - 8803 bytes

Malwarebytes Anti-Malware 1.61.0.1400

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.05.30.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Aramis :: DC7600XP [administrator]

2012/05/30 22:39:38

mbam-log-2012-05-30 (22-39-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219505

Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKCR\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Documents and Settings\Aramis\Local Settings\Temp\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\Aramis\Local Settings\Temp\ClickPotatoLiteUpgrade.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\Aramis\Local Settings\Temp\153953.Uninstall\Uninstall.exe (Adware.InstallCore) -> Quarantined and deleted successfully.

C:\Documents and Settings\Aramis\Local Settings\Temp\ICReinstall\VideoConverterSetup.exe (Adware.InstallCore) -> Quarantined and deleted successfully.

(end)

Link naar reactie
Delen op andere sites
moofy Groentje

moofy

Geplaatst:
  • Auteur
Geplaatst:

Bij het heropstarten tijdens de stappen die je hierboven hebt beschreven, is de pc al niet vastgelopen bij het inloggen... Maar AVG geeft wel nog altijd melding van infections. Dit is de output die AVG genereert:

"";"C:\Documents and Settings\Aramis\Application Data\Sun\Java\Deployment\cache\6.0\38\48fe47e6-7828032d";"Trojan horse Java/Agent.EP";"Moved to Virus Vault"

"";"C:\Documents and Settings\Aramis\Application Data\Sun\Java\Deployment\cache\6.0\38\48fe47e6-7828032d:\buildService\BuildClass.class";"Trojan horse Java/Agent.EP";"Moved to Virus Vault"

"";"C:\Documents and Settings\Aramis\Application Data\Sun\Java\Deployment\cache\6.0\38\48fe47e6-7828032d:\buildService\ClassId.class";"Trojan horse Exploit_c.TYN";"Moved to Virus Vault"

"";"C:\Documents and Settings\Aramis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-1ba88ed4-72aee973.zip";"Trojan horse Java/Agent.EP";"Moved to Virus Vault"

"";"C:\Documents and Settings\Aramis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-1ba88ed4-72aee973.zip:\buildService\BuildClass.class";"Trojan horse Java/Agent.EP";"Moved to Virus Vault"

"";"C:\Documents and Settings\Aramis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-1ba88ed4-72aee973.zip:\buildService\ClassId.class";"Trojan horse Exploit_c.TYN";"Moved to Virus Vault"

"";"C:\Program Files\Mozilla Firefox\firefox.exe (356)";"Trojan horse PSW.Agent.ASJX";"Deleted"

"";"C:\Program Files\Mozilla Firefox\firefox.exe (356):\memory_02f40000";"Trojan horse PSW.Agent.ASJX";"Infected"

"";"C:\WINDOWS\explorer.exe (1992)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\explorer.exe (1992):\memory_01b00000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\services.exe (912)";"Trojan horse Generic27.AKPW";"Deleted"

"";"C:\WINDOWS\system32\services.exe (912):\memory_00fe0000";"Trojan horse Generic27.AKPW";"Infected"

"";"C:\WINDOWS\system32\services.exe (912):\memory_015c0000";"Trojan horse PSW.Generic9.UCX";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1088)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1088):\memory_02740000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\svchost.exe (1196)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\svchost.exe (1196):\memory_02f30000";"Trojan horse PSW.Agent.AUET";"Infected"

"";"C:\WINDOWS\system32\winlogon.exe (868)";"Trojan horse PSW.Agent.AUET";"Deleted"

"";"C:\WINDOWS\system32\winlogon.exe (868):\memory_010f0000";"Trojan horse PSW.Agent.AUET";"Infected"

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
moofy Groentje

moofy

Geplaatst:
  • Auteur
Geplaatst:

Logfile van ComboFix:

ComboFix 12-05-31.02 - Aramis 2012/05/31 18:00:59.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1033.18.1015.382 [GMT 2:00]

Running from: c:\documents and settings\Aramis\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\net

c:\windows\net\1028.mst

c:\windows\net\1030.mst

c:\windows\net\1031.mst

c:\windows\net\1033.mst

c:\windows\net\1034.mst

c:\windows\net\1035.mst

c:\windows\net\1036.mst

c:\windows\net\1040.mst

c:\windows\net\1041.mst

c:\windows\net\1042.mst

c:\windows\net\1043.mst

c:\windows\net\1044.mst

c:\windows\net\1046.mst

c:\windows\net\1053.mst

c:\windows\net\1054.mst

c:\windows\net\2052.mst

c:\windows\net\b57w2k.sys

c:\windows\net\b57win32.cat

c:\windows\net\b57win32.inf

c:\windows\net\b57xp32.sys

c:\windows\net\BCMUPDT.BAT

c:\windows\net\BDrvInst.msi

c:\windows\net\Files.cab

c:\windows\net\MgmtApps\setup.exe

c:\windows\net\MgmtApps\Silent.txt

c:\windows\net\RIS_2K\readme.txt

c:\windows\net\RIS_XP\readme.txt

c:\windows\net\RIS_XP\RIS8271.zip

c:\windows\net\setup.exe

c:\windows\net\Silent.txt

c:\windows\net\SP30375.CVA

c:\windows\net\SP30375.txt

c:\windows\net\WSSP30375.txt

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

-------\Legacy_IAS

-------\Service_xcpip

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))

.

.

2012-05-30 20:38 . 2012-05-30 20:38 -------- d-----w- c:\documents and settings\Aramis\Application Data\Malwarebytes

2012-05-30 20:37 . 2012-05-30 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-30 20:37 . 2012-05-30 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-30 20:37 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 18:44 . 2012-05-24 18:44 388096 ----a-r- c:\documents and settings\Aramis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-24 18:44 . 2012-05-24 18:44 -------- d-----w- c:\program files\Trend Micro

2012-05-23 22:41 . 2012-05-23 22:41 -------- d-----w- c:\documents and settings\Aramis\Application Data\AVG

2012-05-23 21:32 . 2012-05-23 21:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-05-23 21:32 . 2012-05-23 21:32 -------- d-----w- c:\documents and settings\Aramis\Local Settings\Application Data\AVG Secure Search

2012-05-23 21:32 . 2012-05-23 21:32 -------- d-----w- c:\documents and settings\Aramis\Application Data\AVG Secure Search

2012-05-23 21:32 . 2012-05-23 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-05-23 21:32 . 2012-05-23 21:32 -------- d-----w- c:\program files\AVG Secure Search

2012-05-23 21:32 . 2012-05-23 21:32 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-05-23 21:30 . 2012-05-23 21:30 -------- d-----w- C:\$AVG

2012-05-23 21:30 . 2012-05-31 15:48 -------- d-----w- c:\windows\system32\drivers\AVG

2012-05-23 21:30 . 2012-05-23 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-05-23 21:29 . 2012-05-24 05:16 -------- d-----w- c:\program files\AVG

2012-05-23 21:25 . 2012-05-31 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-05-23 17:47 . 2012-05-23 17:47 -------- d-----w- c:\windows\system32\wbem\Repository

2012-05-21 16:19 . 2012-05-21 16:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2012-05-09 20:53 . 2012-05-09 20:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-09 20:32 . 2012-05-09 20:32 -------- d-----w- c:\program files\BabylonToolbar

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-09 20:52 . 2011-12-22 18:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-11 13:14 . 2004-08-03 23:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 1980-01-01 00:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-19 03:17 . 2012-03-19 03:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-08-28 11:42 . 2011-08-15 16:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Cryptography Services Error !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-05-23 21:32 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-23 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Aramis\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Aramis\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Aramis\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Aramis\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]

"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-08-04 1294336]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-23 1116544]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Settings.bat [2007-6-20 1066]

.

c:\documents and settings\Aramis\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Aramis\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

Launchy.lnk - c:\programs\Launchy\Launchy.exe [2011-3-24 380928]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoMSAppLogo5ChannelNotify"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Aramis\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Documents and Settings\\Aramis\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-23 932736]

R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2005-07-26 43392]

R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2012-01-12 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]

S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2005-07-26 348352]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2012-01-12 30944]

S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - xcpip

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 11:34]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1275210071-1801674531-1005Core.job

- c:\documents and settings\Aramis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-09 20:57]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1275210071-1801674531-1005UA.job

- c:\documents and settings\Aramis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-09 20:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll

Trusted Zone: imec.be

TCP: DhcpNameServer = 195.130.130.1 195.130.131.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Aramis\Application Data\Mozilla\Firefox\Profiles\imec.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bca415874-3312-48f0-a6e6-9889e3e8bc38%7D&mid=&ds=AVG&v=11.0.0.9〈=en&pr=pr&d=2012-05-23%2023%3A32%3A05&sap=ku&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-05-31 18:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2352)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\documents and settings\Aramis\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\RTHDCPL.EXE

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Neoteris\Installer Service\NeoterisSetupService.exe

c:\windows\system32\wdfmgr.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

.

**************************************************************************

.

Completion time: 2012-05-31 18:16:07 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-31 16:15

.

Pre-Run: 8,987,500,544 bytes free

Post-Run: 9,520,152,576 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\="Previous Operating System on C:"

.

- - End Of File - - A3589E57598557C20AB76F08FF9C48AB

Link naar reactie
Delen op andere sites
moofy Groentje

moofy

Geplaatst:
  • Auteur
Geplaatst:
Verwijder manueel deze vetgedrukte map : c:\program files\BabylonToolbar

Geeft AVG nà het runnen van Combofix nog gelijkaardige foutmeldingen ?

Helaas wel, AVG geeft de laatste 11 meldingen uit post 5 opnieuw. De meldingen zijn identiek, alleen de memory-locaties (?) verschillen wat. Het is toch niet de bedoeling om "remove all unhealed" uit te voeren in AVG, of wel?

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Probeer eerst of dit helpt.

Ga naar start -alle programma's - bureauaccessoires.

Klik met rechts op het icoon van de opdrachtprompt en kies voor uitvoeren als administrator om het opdrachtprompt te openen.

Typ sfc /scannow en druk enter. (let op de spatie voor de / )

Alle windows systeembestanden worden nu gecontroleerd op fouten en indien nodig vervangen door een correcte versie.

Hou de windows installatie cd/dvd bij de hand (als je er een hebt) want er kan om gevraagd worden.

Na de scan krijg je een overzicht van de resutlaten en een verwijzing naar een CBS logbestand.

Typ nu findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log > "%userprofile%\Desktop\sfcdetails.txt" en druk enter.

Let op de spatie voor de / en %windir% en voor en na de >.

Nu zou je op je bureaublad het bestandje sfcdetails.txt moeten zien.

Voeg dit bestandje toe aan een volgend bericht.

Hoe je een bijlage toevoegt aan een bericht, kan je lezen in deze handleiding.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.