politievirus

Kney · 27 december 2012

Ik ben momenteel bij kennissen en zij hadden last van een politievirus.

Nu ik had hier nog niet van gehoord en ik heb hier even wat informatie over opgezocht en heb dit virus uiteindelijk kunnen verwijderen.

Nu wil ik hun pc toch wel eens helemaal nakijken en heb ik ook even combofix en hijackthis gerunned.

Hieronder ever de logs.

Combofix

--------

ComboFix 12-12-27.03 - Jean-Pierre 27/02/2003 4:36:42.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1023.680 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Jean-Pierre\Bureaublad\ComboFix.exe

* Aanwezig AV is actief

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system\oeminfo.ini

C:\WINDOWS\system\winspool.drv

C:\WINDOWS\system32\URTTemp

C:\WINDOWS\system32\URTTemp\regtlib.exe

D:\Mijn documenten\~WRL0912.tmp

Besmet exemplaar van C:\WINDOWS\system32\msgsvc.dll werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll

(((((((((((((((((((( Bestanden Gemaakt van 2003-01-27 to 2003-02-27 ))))))))))))))))))))))))))))))

2012-09-29 10:06:03 . 2012-09-29 10:06:03 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Local Settings\Application Data\Identities

2012-09-29 07:51:52 . 2012-09-29 07:54:45 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Local Settings\Application Data\ApplicationHistory

2012-09-29 07:32:08 . 2012-09-29 07:32:08 -------- d-sh--w- C:\Documents and Settings\Jean-Pierre\IECompatCache

2012-09-29 07:31:19 . 2012-09-29 07:31:19 -------- d-sh--w- C:\Documents and Settings\Jean-Pierre\PrivacIE

2012-09-29 07:28:33 . 2012-09-29 07:28:33 -------- d-sh--w- C:\Documents and Settings\Jean-Pierre\IETldCache

2012-09-28 17:53:35 . 2012-08-28 15:17:20 521728 -c----w- C:\WINDOWS\system32\dllcache\jsdbgui.dll

2012-09-28 17:51:57 . 2011-08-16 10:45:39 6144 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll

2012-09-28 17:50:35 . 2012-08-28 15:17:21 630272 -c----w- C:\WINDOWS\system32\dllcache\msfeeds.dll

2012-09-28 17:50:35 . 2012-08-28 15:17:21 55296 -c----w- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2012-09-28 17:50:30 . 2012-08-28 15:17:18 2000384 -c----w- C:\WINDOWS\system32\dllcache\iertutil.dll

2012-09-28 17:50:30 . 2012-08-28 15:17:16 247808 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll

2012-09-28 17:50:29 . 2012-08-28 18:47:16 11111424 -c----w- C:\WINDOWS\system32\dllcache\ieframe.dll

2012-09-28 17:50:29 . 2012-08-28 15:17:10 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll

2012-09-28 17:49:13 . 2012-09-28 17:50:20 -------- dc-h--w- C:\WINDOWS\ie8

2012-09-28 17:12:52 . 2012-09-28 17:12:52 -------- d-----w- C:\WINDOWS\system32\winrm

2012-09-28 17:12:52 . 2012-09-28 17:12:52 -------- d-----w- C:\WINDOWS\system32\GroupPolicy

2012-09-28 17:12:41 . 2012-09-28 17:13:18 -------- dc-h--w- C:\WINDOWS\$968930Uinstall_KB968930$

2012-09-28 16:48:15 . 2012-09-28 16:48:17 -------- d-----w- C:\Program Files\Windows Media Connect 2

2012-09-28 16:43:54 . 2012-09-28 16:46:39 -------- d-----w- C:\WINDOWS\system32\drivers\UMDF

2012-09-28 16:43:54 . 2012-09-28 16:43:54 -------- d-----w- C:\WINDOWS\system32\LogFiles

2012-09-28 16:19:57 . 2011-07-15 13:29:31 456320 -c----w- C:\WINDOWS\system32\dllcache\mrxsmb.sys

2012-09-28 16:18:56 . 2011-03-11 14:10:38 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll

2012-09-28 16:14:57 . 2010-11-02 15:17:02 40960 -c----w- C:\WINDOWS\system32\dllcache\ndproxy.sys

2012-09-28 16:14:10 . 2010-09-18 06:53:44 953856 -c----w- C:\WINDOWS\system32\dllcache\mfc40u.dll

2012-09-28 16:14:09 . 2011-02-08 13:33:59 978944 -c----w- C:\WINDOWS\system32\dllcache\mfc42.dll

2012-09-28 16:13:29 . 2010-08-23 16:13:27 617472 -c----w- C:\WINDOWS\system32\dllcache\comctl32.dll

2012-09-28 16:11:23 . 2012-07-04 14:05:21 139784 -c----w- C:\WINDOWS\system32\dllcache\rdpwd.sys

2012-09-28 16:10:40 . 2010-06-14 14:31:20 744448 -c----w- C:\WINDOWS\system32\dllcache\helpsvc.exe

2012-09-28 16:09:07 . 2010-02-12 10:03:03 293376 ------w- C:\WINDOWS\system32\browserchoice.exe

2012-09-28 16:06:44 . 2011-04-21 13:37:43 105472 -c----w- C:\WINDOWS\system32\dllcache\mup.sys

2012-09-28 16:02:18 . 2009-10-15 16:38:41 81920 -c----w- C:\WINDOWS\system32\dllcache\fontsub.dll

2012-09-28 16:02:17 . 2010-08-27 08:03:56 119808 -c----w- C:\WINDOWS\system32\dllcache\t2embed.dll

2012-09-28 15:54:44 . 2010-06-18 13:36:12 3558912 -c----w- C:\WINDOWS\system32\dllcache\moviemk.exe

2012-09-28 15:54:36 . 2009-06-21 21:49:08 153088 -c----w- C:\WINDOWS\system32\dllcache\triedit.dll

2012-09-28 15:47:56 . 2012-05-05 03:15:02 2196992 -c----w- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2012-09-28 15:47:55 . 2009-03-06 14:23:43 285696 -c----w- C:\WINDOWS\system32\dllcache\pdh.dll

2012-09-28 15:47:54 . 2009-02-09 11:27:40 111104 -c----w- C:\WINDOWS\system32\dllcache\services.exe

2012-09-28 15:47:53 . 2009-02-09 10:56:07 401408 -c----w- C:\WINDOWS\system32\dllcache\rpcss.dll

2012-09-28 15:47:52 . 2009-02-09 10:56:06 473600 -c----w- C:\WINDOWS\system32\dllcache\fastprox.dll

2012-09-28 15:47:47 . 2009-02-09 10:56:07 684544 -c----w- C:\WINDOWS\system32\dllcache\advapi32.dll

2012-09-28 15:47:46 . 2010-12-20 17:25:55 735232 -c----w- C:\WINDOWS\system32\dllcache\lsasrv.dll

2012-09-28 15:47:45 . 2009-02-09 10:56:05 453120 -c----w- C:\WINDOWS\system32\dllcache\wmiprvsd.dll

2012-09-28 15:47:44 . 2010-12-09 15:15:34 739328 -c----w- C:\WINDOWS\system32\dllcache\ntdll.dll

2012-09-28 15:47:41 . 2012-05-05 03:15:00 2152960 -c----w- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2012-09-28 15:47:37 . 2012-05-05 03:14:59 2031104 -c----w- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2012-09-28 15:46:06 . 2008-05-01 14:37:01 331776 -c----w- C:\WINDOWS\system32\dllcache\msadce.dll

2012-09-28 15:44:56 . 2011-04-30 03:00:49 758784 -c--a-w- C:\WINDOWS\system32\dllcache\vgx.dll

2012-09-28 15:43:56 . 2008-06-14 17:36:45 272640 -c----w- C:\WINDOWS\system32\dllcache\bthport.sys

2012-09-28 15:43:40 . 2008-05-08 14:02:52 203136 -c----w- C:\WINDOWS\system32\dllcache\rmcast.sys

2012-09-28 15:43:36 . 2011-07-08 14:02:00 10496 -c----w- C:\WINDOWS\system32\dllcache\ndistapi.sys

2012-09-28 15:43:27 . 2012-01-11 19:07:15 3072 -c----w- C:\WINDOWS\system32\dllcache\iacenc.dll

2012-09-28 15:42:31 . 2010-10-11 14:59:30 45568 -c----w- C:\WINDOWS\system32\dllcache\wab.exe

2012-09-28 15:42:15 . 2010-08-16 08:45:25 590848 -c----w- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2012-09-28 13:50:00 . 2012-06-02 13:19:34 45080 ----a-w- C:\WINDOWS\system32\wups2.dll

2012-09-28 13:49:59 . 2012-06-02 13:19:44 18456 ----a-w- C:\WINDOWS\system32\wuaueng.dll.mui

2012-09-28 13:49:59 . 2012-06-02 13:19:18 24088 ----a-w- C:\WINDOWS\system32\wucltui.dll.mui

2012-09-28 13:49:58 . 2012-06-02 13:19:24 15896 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl.mui

2012-09-28 13:49:57 . 2012-06-02 13:19:30 15896 ----a-w- C:\WINDOWS\system32\wuapi.dll.mui

2012-09-28 13:35:04 . 2012-09-28 13:35:04 -------- d-sh--w- C:\Documents and Settings\Jean-Pierre\UserData

2012-09-28 13:33:57 . 2008-07-02 07:40:24 136704 ----a-r- C:\WINDOWS\system32\drivers\AtiHdmi.sys

2012-09-28 13:28:53 . 2006-03-02 12:00:00 221184 ----a-w- C:\WINDOWS\system32\wmpns.dll

2012-09-28 13:16:27 . 2006-12-28 22:31:32 19569 ----a-w- C:\WINDOWS\002569_.tmp

2012-09-28 13:15:14 . 2012-09-28 13:15:14 -------- d-----w- C:\WINDOWS\EHome

2012-09-28 12:59:18 . 2012-09-28 12:59:18 -------- d-----w- C:\Program Files\CodeStuff

2012-09-28 12:32:11 . 2012-09-28 12:32:16 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Application Data\EssentialPIM

2012-09-28 12:25:45 . 2012-09-28 12:25:45 -------- d-----w- C:\Program Files\EssentialPIM

2012-09-28 12:22:02 . 2012-09-28 12:22:02 -------- d-----w- C:\Documents and Settings\NetworkService\Menu Start

2012-09-28 12:18:51 . 2012-09-28 12:18:51 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Local Settings\Application Data\Sun

2012-09-28 12:06:31 . 2012-09-28 12:06:31 -------- d-----w- C:\Documents and Settings\LocalService\Menu Start

2012-09-28 12:05:34 . 2012-08-16 09:26:03 46816 ----a-w- C:\WINDOWS\system32\drivers\nvcw32mf.sys

2012-09-28 12:05:34 . 2011-12-02 08:32:54 108864 ----a-w- C:\WINDOWS\system32\drivers\ale_nf64.sys

2012-09-28 12:05:34 . 2011-12-02 08:32:29 99088 ----a-w- C:\WINDOWS\system32\drivers\ale_nf.sys

2012-09-28 12:05:34 . 2011-11-11 13:29:52 457048 ----a-w- C:\WINDOWS\system32\drivers\tdi_nf.sys

2012-09-28 12:05:34 . 2011-08-26 08:03:28 53928 ----a-w- C:\WINDOWS\system32\drivers\nnetsec.sys

2012-09-28 12:05:34 . 2011-08-11 11:52:59 34440 ----a-w- C:\WINDOWS\system32\drivers\nnetsecl64.sys

2012-09-28 12:05:34 . 2011-08-11 11:52:59 30856 ----a-w- C:\WINDOWS\system32\drivers\nnetsecl.sys

2012-09-28 12:05:33 . 2011-09-07 08:01:58 216824 ----a-w- C:\WINDOWS\system32\nscrnsav.scr

2012-09-28 12:05:20 . 2012-09-28 12:52:36 -------- d-----w- C:\Program Files\Norman

2012-09-28 12:02:40 . 2012-09-28 12:02:40 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Application Data\Copernic

2012-09-28 12:02:39 . 2012-09-28 12:02:40 -------- d-----w- C:\Program Files\Common Files\Copernic

2012-09-28 12:02:39 . 2012-09-28 12:02:39 -------- d-----w- C:\Program Files\Copernic Agent

2012-09-28 12:02:39 . 2001-07-11 13:09:32 109782 ----a-w- C:\WINDOWS\CopernicAgentUninstall.exe

2012-09-28 12:01:53 . 2012-09-28 12:01:53 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Tracing

2012-09-28 11:49:30 . 2006-11-29 11:06:18 3426072 ----a-w- C:\WINDOWS\system32\d3dx9_32.dll

2012-09-28 11:49:26 . 2012-09-28 11:49:26 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-09-28 11:49:05 . 2012-09-28 11:49:05 -------- d-----w- C:\Program Files\Microsoft

2012-09-28 11:48:51 . 2012-09-28 11:48:51 -------- d-----w- C:\Program Files\Windows Live SkyDrive

2012-09-28 11:48:32 . 2012-09-28 11:49:43 -------- d-----w- C:\Program Files\Windows Live

2012-09-28 11:42:35 . 2012-09-28 11:42:35 -------- d-----w- C:\Program Files\Common Files\Windows Live

2012-09-28 11:37:56 . 2012-09-28 11:37:56 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Application Data\LibreOffice

2012-09-28 11:37:43 . 2012-09-28 11:37:43 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Application Data\Media Player Classic

2012-09-28 11:37:36 . 2003-01-24 20:16:25 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Application Data\vlc

2012-09-28 11:37:30 . 2012-09-28 11:37:31 -------- d-----w- C:\Documents and Settings\Jean-Pierre\Local Settings\Application Data\Temp

2012-09-28 11:03:32 . 2012-09-28 11:03:32 -------- d-----w- C:\Program Files\Google

2012-09-28 11:03:15 . 2006-06-29 11:07:36 14048 ------w- C:\WINDOWS\system32\spmsg2.dll

2012-09-28 11:03:07 . 2012-09-29 07:27:42 -------- d-----w- C:\WINDOWS\system32\nl-NL

2012-09-28 11:02:00 . 2012-09-28 18:01:31 -------- d-----w- C:\WINDOWS\system32\XPSViewer

2012-09-28 11:01:58 . 2012-09-28 11:01:58 -------- d-----w- C:\Program Files\MSBuild

2012-09-28 11:01:54 . 2012-09-28 11:01:54 -------- d-----w- C:\Program Files\Reference Assemblies

2012-09-28 11:01:43 . 2008-07-06 12:06:10 89088 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-09-28 11:01:33 . 2008-07-06 12:06:10 89088 -c----w- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll

2012-09-28 11:01:33 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll

2012-09-28 11:01:33 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll

2012-09-28 11:01:33 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll

2012-09-28 11:01:33 . 2008-07-06 10:50:03 597504 -c----w- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe

2012-09-28 11:01:33 . 2008-07-06 10:50:03 597504 ------w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-09-28 10:59:48 . 2012-09-28 10:59:48 -------- d-----w- C:\Program Files\MSXML 6.0

2012-09-28 10:49:33 . 2012-09-29 08:41:02 -------- d-----w- C:\WINDOWS\ShellNew

2012-09-28 10:48:44 . 2012-09-28 10:49:33 -------- d-----w- C:\Program Files\LibreOffice 3.6

2012-09-28 10:39:42 . 2012-09-28 10:39:46 -------- d-----w- C:\Program Files\Common Files\Adobe

2012-09-28 10:37:33 . 2012-09-28 10:37:33 -------- d-----w- C:\Program Files\VideoLAN

2012-09-28 10:36:54 . 2008-04-14 20:32:46 712704 ----a-w- C:\WINDOWS\system32\windowscodecs.dll

2012-09-28 10:36:50 . 2012-06-09 17:21:56 178688 ----a-w- C:\WINDOWS\system32\unrar.dll

2012-09-28 10:36:47 . 2012-09-28 10:36:55 -------- d-----w- C:\Program Files\K-Lite Codec Pack

2012-09-28 10:35:08 . 2012-09-12 13:32:08 88688 ----a-w- C:\WINDOWS\system32\cpwmon2k.dll

2012-09-28 10:35:05 . 2012-09-28 10:35:05 -------- d-----w- C:\Program Files\Acro Software

2012-09-28 10:34:56 . 2012-09-28 10:34:56 -------- d-----w- C:\Program Files\GPLGS

2012-09-28 10:34:31 . 2012-09-28 10:34:33 -------- d-----w- C:\Program Files\FastStone Image Viewer

2012-09-28 10:34:19 . 2012-09-28 10:34:20 -------- d-----w- C:\Program Files\WinMerge

2012-09-28 10:34:19 . 2008-12-21 21:22:54 1047552 ----a-w- C:\WINDOWS\system32\mfc71u.dll

2012-09-28 10:34:11 . 2012-09-28 10:34:11 -------- d-----w- C:\Program Files\IrfanView

2012-09-28 10:30:16 . 2012-09-28 10:30:16 -------- d-----w- C:\Program Files\7-Zip

2012-09-28 10:30:11 . 2012-09-28 10:30:11 -------- d-----w- C:\WINDOWS\system32\Adobe

2012-09-28 10:29:59 . 2012-09-28 10:29:59 -------- d-----w- C:\Program Files\Common Files\Java

2012-09-28 10:29:58 . 2012-09-28 10:29:49 821736 ----a-w- C:\WINDOWS\system32\npDeployJava1.dll

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-04 14:05:21 . 2003-01-10 10:09:17 139784 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys

2012-06-04 15:35:32 . 2003-01-10 10:11:05 210968 ----a-w- C:\WINDOWS\system32\wuweb.dll

2012-06-02 13:19:38 . 2003-01-10 10:11:05 329240 ----a-w- C:\WINDOWS\system32\wucltui.dll

2012-06-02 13:19:38 . 2003-01-10 10:11:05 219160 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl

2012-06-02 13:19:34 . 2003-01-10 10:11:05 53784 ----a-w- C:\WINDOWS\system32\wuauclt.exe

2012-06-02 13:19:34 . 2003-01-10 10:11:05 35864 ----a-w- C:\WINDOWS\system32\wups.dll

2012-06-02 13:19:24 . 2003-01-10 10:11:05 577048 ----a-w- C:\WINDOWS\system32\wuapi.dll

2012-06-02 13:19:18 . 2003-01-10 10:11:05 1933848 ----a-w- C:\WINDOWS\system32\wuaueng.dll

2011-10-10 14:22:51 . 2003-01-10 10:10:50 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll

2011-03-11 14:10:38 . 2006-03-02 12:00:00 471552 ----a-w- C:\WINDOWS\apppatch\aclayers.dll

2011-02-02 07:58:57 . 2003-01-10 10:09:17 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll

2011-01-27 11:57:06 . 2003-01-10 10:09:16 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe

2010-11-18 18:15:46 . 2003-01-10 10:10:48 86016 ----a-w- C:\WINDOWS\system32\isign32.dll

2010-06-14 14:31:20 . 2003-01-10 10:10:56 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

2009-12-17 07:42:53 . 2003-01-10 10:09:18 345600 ----a-w- C:\WINDOWS\system32\mspaint.exe

2009-02-09 10:56:06 . 2003-01-10 10:09:09 473600 ----a-w- C:\WINDOWS\system32\wbem\fastprox.dll

2009-02-09 10:56:05 . 2003-01-10 10:09:11 453120 ----a-w- C:\WINDOWS\system32\wbem\wmiprvsd.dll

2009-02-06 10:10:02 . 2003-01-10 10:09:11 227840 ----a-w- C:\WINDOWS\system32\wbem\wmiprvse.exe

2009-01-07 16:21:26 . 2003-01-10 10:13:28 26144 ----a-w- C:\WINDOWS\system32\spupdsvc.exe

2008-08-08 08:49:59 . 2003-01-10 12:44:30 425984 ----a-r- C:\WINDOWS\system32\ATIDEMGX.dll

2008-08-08 08:31:43 . 2003-01-10 12:44:34 307200 ----a-r- C:\WINDOWS\system32\atiiiexx.dll

2008-06-12 14:24:18 . 2003-01-10 10:09:15 956928 ----a-w- C:\WINDOWS\system32\msdtctm.dll

2008-06-12 14:24:18 . 2003-01-10 10:09:15 91648 ----a-w- C:\WINDOWS\system32\mtxoci.dll

2008-06-12 14:24:18 . 2003-01-10 10:09:15 428032 ----a-w- C:\WINDOWS\system32\msdtcprx.dll

2008-06-12 14:24:18 . 2003-01-10 10:09:15 161792 ----a-w- C:\WINDOWS\system32\msdtcuiu.dll

2008-06-12 14:24:18 . 2003-01-10 10:09:14 58880 ----a-w- C:\WINDOWS\system32\msdtclog.dll

2008-04-14 21:33:22 . 2002-12-31 22:05:38 16384 ----a-w- C:\WINDOWS\system32\ipsink.ax

2008-04-14 21:33:22 . 2002-12-31 22:04:48 91648 ----a-w- C:\WINDOWS\system32\kswdmcap.ax

2008-04-14 21:33:22 . 2002-12-31 22:04:48 61952 ----a-w- C:\WINDOWS\system32\kstvtune.ax

2008-04-14 21:33:22 . 2002-12-31 22:04:47 43008 ----a-w- C:\WINDOWS\system32\ksxbar.ax

2008-04-14 21:33:22 . 2002-12-31 22:04:47 20992 ----a-w- C:\WINDOWS\system32\dshowext.ax

2008-04-14 21:32:46 . 2002-12-31 22:04:47 54272 ----a-w- C:\WINDOWS\system32\vfwwdm32.dll

2008-04-14 20:33:48 . 2003-01-10 10:09:16 87176 ----a-w- C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:33:46 . 2003-01-10 10:09:17 21896 ----a-w- C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 20:33:46 . 2003-01-10 10:09:17 12040 ----a-w- C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 20:33:46 . 2003-01-10 10:09:01 40840 ----a-w- C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 20:33:24 . 2003-01-10 10:10:54 192512 ----a-w- C:\WINDOWS\system32\msh261.drv

2008-04-14 20:33:22 . 2003-01-10 11:24:04 129536 ----a-w- C:\WINDOWS\system32\ksproxy.ax

2008-04-14 20:33:22 . 2003-01-10 10:11:05 167936 ----a-w- C:\WINDOWS\system32\wuauclt1.exe

2008-04-14 20:33:22 . 2003-01-10 10:09:19 70656 ----a-w- C:\WINDOWS\system32\access.cpl

2008-04-14 20:33:20 . 2003-01-10 10:09:11 196608 ----a-w- C:\WINDOWS\system32\wbem\wmiadap.exe

2008-04-14 20:33:20 . 2003-01-10 10:09:11 126464 ----a-w- C:\WINDOWS\system32\wbem\wmiapsrv.exe

2008-04-14 20:33:18 . 2003-01-10 10:13:34 28672 ------w- C:\WINDOWS\system32\verclsid.exe

2008-04-14 20:33:18 . 2003-01-10 10:10:58 151040 ----a-w- C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe

2008-04-14 20:33:18 . 2003-01-10 10:09:11 118784 ----a-w- C:\WINDOWS\system32\wbem\wbemtest.exe

2008-04-14 20:33:16 . 2003-01-10 10:09:18 132608 ----a-w- C:\WINDOWS\system32\sndrec32.exe

2008-04-14 20:33:16 . 2003-01-10 10:09:17 539136 ----a-w- C:\WINDOWS\system32\spider.exe

2008-04-14 20:33:14 . 2003-01-10 10:09:16 142336 ----a-w- C:\WINDOWS\system32\sessmgr.exe

2008-04-14 20:33:14 . 2003-01-10 10:09:10 36352 ----a-w- C:\WINDOWS\system32\wbem\scrcons.exe

2008-04-14 20:33:12 . 2003-01-10 10:09:16 67072 ----a-w- C:\WINDOWS\system32\rdshost.exe

2008-04-14 20:33:12 . 2003-01-10 10:09:16 62976 ----a-w- C:\WINDOWS\system32\rdpclip.exe

2008-04-14 20:33:12 . 2003-01-10 10:09:16 20480 ----a-w- C:\WINDOWS\system32\qprocess.exe

2008-04-14 20:33:12 . 2003-01-10 10:09:16 13824 ----a-w- C:\WINDOWS\system32\rdsaddin.exe

2008-04-14 20:33:10 . 2003-01-10 10:36:28 70144 ----a-w- C:\WINDOWS\notepad.exe

2008-04-14 20:33:08 . 2003-01-10 10:10:56 172032 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

2008-04-14 20:33:08 . 2003-01-10 10:10:49 12288 ----a-w- C:\WINDOWS\system32\mstinit.exe

2008-04-14 20:33:08 . 2003-01-10 10:09:18 124416 ----a-w- C:\WINDOWS\system32\mplay32.exe

2008-04-14 20:33:08 . 2003-01-10 10:09:14 6144 ----a-w- C:\WINDOWS\system32\msdtc.exe

2008-04-14 20:33:06 . 2003-01-10 10:10:54 32768 ----a-w- C:\WINDOWS\system32\mnmsrvc.exe

2008-04-14 20:33:06 . 2003-01-10 10:09:10 17408 ----a-w- C:\WINDOWS\system32\wbem\mofcomp.exe

2008-04-14 20:33:02 . 2003-01-10 10:10:56 769024 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

2008-04-14 20:33:02 . 2003-01-10 10:10:56 18432 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe

2008-04-14 20:33:00 . 2003-01-10 10:10:55 23040 ----a-w- C:\WINDOWS\system32\fltmc.exe

2008-04-14 20:32:54 . 2003-01-10 10:09:24 6144 ----a-w- C:\WINDOWS\system32\dcomcnfg.exe

2008-04-14 20:32:52 . 2003-01-10 10:09:18 103936 ----a-w- C:\WINDOWS\system32\clipbrd.exe

2008-04-14 20:32:50 . 2003-01-10 10:09:19 187904 ----a-w- C:\WINDOWS\system32\accwiz.exe

2008-04-14 20:32:48 . 2003-01-10 10:11:05 6656 ----a-w- C:\WINDOWS\system32\wuauserv.dll

2008-04-14 20:32:48 . 2003-01-10 10:11:05 183808 ----a-w- C:\WINDOWS\system32\wuaueng1.dll

2008-04-14 20:32:48 . 2003-01-10 10:09:15 11776 ----a-w- C:\WINDOWS\system32\xolehlp.dll

2008-04-14 20:32:46 . 2006-03-02 12:00:00 33280 ----a-w- C:\WINDOWS\help\sstub.dll

2008-04-14 20:32:46 . 2006-03-02 12:00:00 279040 ----a-w- C:\WINDOWS\help\tshoot.dll

2008-04-14 20:32:46 . 2003-01-10 10:59:05 76288 ----a-w- C:\WINDOWS\system32\usbui.dll

2008-04-14 20:32:46 . 2003-01-10 10:36:28 76288 ----a-w- C:\WINDOWS\system32\storprop.dll

2008-04-14 20:32:46 . 2003-01-10 10:11:09 726590 ----a-w- C:\WINDOWS\srchasst\srchui.dll

2008-04-14 20:32:46 . 2003-01-10 10:11:09 58434 ----a-w- C:\WINDOWS\srchasst\srchctls.dll

2008-04-14 20:32:46 . 2003-01-10 10:10:55 67584 ----a-w- C:\WINDOWS\system32\srclient.dll

2008-04-14 20:32:46 . 2003-01-10 10:10:55 241152 ----a-w- C:\WINDOWS\system32\srrstr.dll

2008-04-14 20:32:46 . 2003-01-10 10:10:55 171008 ----a-w- C:\WINDOWS\system32\srsvc.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:23 59392 ----a-w- C:\WINDOWS\system32\stclient.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:17 94208 ----a-w- C:\WINDOWS\system32\tscfgwmi.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:16 297472 ----a-w- C:\WINDOWS\system32\termsrv.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 98304 ----a-w- C:\WINDOWS\system32\wbem\wmiutils.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 88576 ----a-w- C:\WINDOWS\system32\wbem\wmiaprpl.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 62464 ----a-w- C:\WINDOWS\system32\wbem\wmipjobj.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 61952 ----a-w- C:\WINDOWS\system32\wbem\wmipiprt.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 60928 ----a-w- C:\WINDOWS\system32\wbem\wmicookr.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 531456 ----a-w- C:\WINDOWS\system32\wbem\wbemcore.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 43520 ----a-w- C:\WINDOWS\system32\wbem\wbemsvc.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 41472 ----a-w- C:\WINDOWS\system32\wbem\wmipsess.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 273920 ----a-w- C:\WINDOWS\system32\wbem\wbemess.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 197120 ----a-w- C:\WINDOWS\system32\wbem\wbemupgd.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 18944 ----a-w- C:\WINDOWS\system32\wbem\wbemprox.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 178176 ----a-w- C:\WINDOWS\system32\wbem\wbemdisp.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 156672 ----a-w- C:\WINDOWS\system32\wbem\wmipcima.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 145408 ----a-w- C:\WINDOWS\system32\wbem\wmisvc.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 144896 ----a-w- C:\WINDOWS\system32\wbem\wmiprov.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 140800 ----a-w- C:\WINDOWS\system32\wbem\wmidcprv.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:11 132096 ----a-w- C:\WINDOWS\system32\wbem\wmipdskq.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:10 86528 ----a-w- C:\WINDOWS\system32\wbem\stdprov.dll

2008-04-14 20:32:46 . 2003-01-10 10:09:10 71680 ----a-w- C:\WINDOWS\system32\wbem\wbemcons.dll

2012-09-06 01:26:03 . 2012-09-28 10:27:17 266720 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

En hieronder het logje van hijackthis

----------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:44:22, on 27/02/2003

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Norman\Npm\Bin\elogsvc.exe

C:\Program Files\Norman\Ngs\Bin\Nnf.exe

C:\Program Files\Norman\Ngs\Bin\Nprosec.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Norman\npm\bin\nvoy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norman\Nvc\bin\nhs.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Norman\Npm\Bin\ZLH.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

C:\Program Files\Norman\Npm\Bin\scheduler.exe

C:\Program Files\Norman\Npm\Bin\Njeeves.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Norman\Nvc\Bin\nvcoas.exe

C:\Program Files\Norman\Nvc\Bin\cclaw.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norman Hash Server (NHS) - Unknown owner - C:\Program Files\Norman\Nvc\bin\nhs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe

O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe

O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe

--

End of file - 7834 bytes

Is hier nog iets abnormaals op te zien?

kape · 28 december 2012

Combofix heeft wat dubieuze bestanden verwijderd én een besmet exemplaar vervangen door een correct bestand. Dat is dus netjes verlopen. Verder geen aanduidingen dat er iets fout mee is. Al blijft Combofix natuurlijk een tool waarmee je best niet té snel ingrijpt, zonder eerst andere stappen gezet te hebben. Maar goed ... hier is alles correct verlopen.

Dan HijackThis. Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Verder valt op dat er zowel Norman als AdAware op de PC aanwezig zijn. Indien de versie van AdAware ook het antivirus-element bevat, zijn het twee gelijkaardige programma's en die kunnen elkaar wel eens tegenwerken. Best is dan een keuze te maken en één van de twee te verwijderen en het andere actief te gebruiken. Maar dat is de beslissing van de gebruiker, uiteraard.

Indien je verder geen merkbare problemen meer ontdekt, mag je Combofix op de geijkte manier verwijderen.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Inloggen

politievirus

Aanbevolen berichten

Kney

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie