Bramde-b
-
Items
15 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Bramde-b
-
-
Hierbij mijn logje.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:06:14, on 27-3-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
D:\programma's\AVG\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\programma's\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\programma's\AVG\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG_TRAY] "D:\programma's\AVG\avgtray.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\programma's\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 5] "D:\programma's\Advanced SystemCare 5\ASCTray.exe" /Manual
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3096431019-2602509743-585302501-1005\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3096431019-2602509743-585302501-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\programma's\AVG\avgpp.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - Adaptec, Inc. - (no file)
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\programma's\AVG\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
--
End of file - 4170 bytes
Heb vandaag mijn computer al gescand met AVG en Malwarebytes' Anti-Malware.
Ze hadden niks gevonden.
-
Hallo,
Ik kreeg vandaag van een paar vrienden te horen dat ik een virus naar hun had gestuurd via mijn e-mail adres.
Toen ik vervolgens wou inloggen bij hotmail moest ik eerst een code intoetsen en toen zag ik in mijn inbox allemaal berichten van postmaster@mail.hotmail.comDelivery Status Notification (Failure).
Via mijn email was naar een groot deel van mijn contacten een bericht gestuurd met een link er in. (virus)
Ik hoorde dat je via de header informatie van het bericht kon zien of het via je eigen account wordt verstuurd of via een andere.
Dit kon je zien met het IP nummer dacht ik ?
Hier de berichtbron:
x-store-info:D6taffyBScEUZsL+ZXbbDgLbVGSV1R4drFk9v1u13k27anrQfmiHRDqGAj0V6LqcdRy8tIODgvsy5ZcAiN82l/pNGh6xbD7e9YktF2LPDzuTBciMy4Gd08P2afyVOiJgAuthentication-Results: hotmail.com; sender-id=pass header.from=postmaster@mail.hotmail.com; dkim=none header.d=mail.hotmail.com; x-hmca=pass
X-SID-PRA: postmaster@mail.hotmail.com
X-SID-Result: Pass
X-DKIM-Result: None
X-AUTH-Result: PASS
X-Message-Delivery: Vj0xLjE7RD0wO0dEPTA7U0NMPTk7bD0x
X-Message-Info: AuEzbeVr9u5fkDpn2vR5iCu5wb6HBeY4iruBjnutBzpStnUabbM/X3OHG1tkHI7a3kMiU15mwZkdItk0fkPUd26iJME4hbgAR+RCB0ejIvg=
Received: from blu0-omc3-s14.blu0.hotmail.com ([65.55.116.89]) by BAY0-HMMC1-F12.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Tue, 27 Mar 2012 07:19:13 -0700
From: postmaster@mail.hotmail.com
To: XXXXXXXXXXXXXXX BRAM
Date: Tue, 27 Mar 2012 07:18:57 -0700
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01CCFD2E3AE04140003F6072blu0?omc3?s14.bl"
X-DSNContext: 7ce717b1 - 1142 - 00000001 - 00000000
Message-ID: <lVhb9lpp900300fd1@blu0-omc3-s14.blu0.hotmail.com>
Subject: Delivery Status Notification (Failure)
Return-Path: <>
X-OriginalArrivalTime: 27 Mar 2012 14:19:13.0806 (UTC) FILETIME=[95F882E0:01CD0C24]
This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.
--9B095B5ADSN=_01CCFD2E3AE04140003F6072blu0?omc3?s14.bl
Content-Type: text/plain; charset=unicode-1-1-utf-7
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
XXXXXXXXXXXXXXXXXXXXXXXXXX
--9B095B5ADSN=_01CCFD2E3AE04140003F6072blu0?omc3?s14.bl
Content-Type: message/delivery-status
Reporting-MTA: dns;blu0-omc3-s14.blu0.hotmail.com
Received-From-MTA: dns;BLU164-W52
Arrival-Date: Tue, 27 Mar 2012 07:18:43 -0700
Final-Recipient: XXXXXXXXXXXXXXXXXXXXXXX
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;550 Requested action not taken: mailbox unavailable
--9B095B5ADSN=_01CCFD2E3AE04140003F6072blu0?omc3?s14.bl
Content-Type: message/rfc822
Received: from BLU164-W52 ([65.55.116.74]) by blu0-omc3-s14.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 27 Mar 2012 07:18:43 -0700
Message-ID: <BLU164-W523930F26285171B3C0DC8C94A0@phx.gbl>
Return-Path: XXXXXXXXXXXXXXXXXXXX BRAM EMAILADRESSEN VERWIJDERD, KANS OP SPAM !
Content-Type: multipart/alternative;
boundary="_9b4991ca-5b54-4f9c-9c16-fdff0a75de63_"
X-Originating-IP: [93.87.209.35]
From: Bram Bijen <brambijtje@hotmail.com>
To: XXXXXXXXXXXXXXXXXXX
Subject:
Date: Tue, 27 Mar 2012 16:18:42 +0200
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 27 Mar 2012 14:18:43.0295 (UTC) FILETIME=[83C8E6F0:01CD0C24]
--_9b4991ca-5b54-4f9c-9c16-fdff0a75de63_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MOGELIJK SCHADELIJKE LINK VERWIJDERD DOOR MOD
Bram
XXXXXXXXXXXXXXXXXX Bram
6506baf0-91c5-4362-bdc7-1ce95b9d4c7c
3/27/2012 7:18:44 AM
=
--_9b4991ca-5b54-4f9c-9c16-fdff0a75de63_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'> MOGELIJK SCHADELIJKE LINK VERWIJDERD DOOR MOD
l<br>Bram <br>XXXXXXXXXXXXXXXX Bram<br>6506baf0-91c5-4362-bdc7-1ce95b=
9d4c7c<br>3/27/2012 7:18:44 AM<br> </div></body>
</html>=
--_9b4991ca-5b54-4f9c-9c16-fdff0a75de63_--
--9B095B5ADSN=_01CCFD2E3AE04140003F6072blu0?omc3?s14.bl--
Is mijn account gehackt ?
En hoe los ik dit probleem op?
Groeten,
Bram
-
Het is mij al gelukt.
Ik heb eens wat gezocht en ik kwam op een site waar ik zelf de plug-in moest downloaden.
Dit heb ik gedaan en toen pas uitgevoerd en nu doet die het weer.
Toch bedankt voor de hulp en wat die melding nou was geen idee maar hij doet het weer!
-
Het gaat over de website van mijn eigen stream radio waarmee ik elke zaterdag draai.
Listen2myradio.com - Get your own FREE online radio!Ook heb ik intenet Explorer geprobeerd hier had ik geen problemen.
De plug-in is gewoon die van windows media player om via het internet naar muziek te luisteren.
De naam is Windows Media Player Plugin.
Groetjes
-
Hallo,
Als webbrowser gebruik ik google chrome, nu wou ik graag naar online radio luisteren maar daarvoor moest ik een plug-in installeren.
Dit was een Windows media player plug-in.
Toen ik op plug-in downloaden drukte kreeg ik eerst even heel kort een command prompt en meteen daarna deze melding:
16 bit MS-DOS Subsystem
C:User\user\AppData\Local\Temp\WMPFIR~1.EXE
The NTVDM CPU has encountered an illegal instruction.
CS:057e IP:0104 OP:63 74 79 70 65 Choose 'Close' to terminate the application.
Wat nu ?
Ik heb antivirussoftware gedraait niks gevonden.
Ik heb de C schijf gecontroleerd op beschadigde bestanden.
Ik heb HijackThis gedraaid hier moest ik 1 item verwijderen maar dit loste ook mijn probleem niet op.
Weet iemand wat die fout melding inhoud en wat ik er tegen kan doen zodat ik de windows media player plug-in kan installeren?
MVG Bram
-
Hallo.
Erg bedankt voor de snelle reactie.
Ik heb gisteravond Windows XP opnieuw geinstaleerd.
Het probleem is nu opgelost.
Sorry voor het ongemak.
MVG Bram
-
Hallo ik heb een PC met windows XP home.
De laaste tijd was die erg traag op internet of hij ging niet meer op internet.
Nu krijg ik steeds de melding 16-bits windows-subsysteem
NTVDM en dan nog wat srry weet niet meer wat er nog meer staat.
ook als ik op google zit komt die met een melding dat die somige bestanden niet kan downloaden.
Ik snap er niks meer van dus.
Weet hier iemand raat mee.?
Sorry voor het onduidelijk uitleggen.
Gr Bram
-
Ik ben van het probeem af:)
Het lag idd aan sony vegas
Ik heb het het programa verweiderd en alle keys uit het register verweiderd met de naam sony vergas.
Toen nog een keertje gescant met AVG en geen infectie meer gevonden:)
Dus mijn Probleem is opgelost.(Y)
Bedankt voor je goede en snelle hulp.
Groeten Bram.
-
Ik heb heb ESET online scanner gedraait en hij vind 2 bestanden hier het logje:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=9e0c9d2079fa844b84575b1a38a5ddfb
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-20 12:28:52
# local_time=2011-02-20 01:28:52 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 97 3779 41495286 0 0
# compatibility_mode=8192 67108863 100 0 3700 3700 0 0
# scanned=2823
# found=1
# cleaned=1
# scan_time=39
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=9e0c9d2079fa844b84575b1a38a5ddfb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-20 01:22:35
# local_time=2011-02-20 02:22:35 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 97 3879 41495386 0 0
# compatibility_mode=8192 67108863 100 0 3800 3800 0 0
# scanned=49060
# found=2
# cleaned=2
# scan_time=3163
C:\System Volume Information\_restore{5907E018-0508-457C-8DF3-5D9C7B8A5129}\RP1\A0000002.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\setups\Sony Vegas Pro 10\Sony Vegas 10 Keygen + Patch.rar a variant of Win32/Keygen.AR application (deleted - quarantined) 00000000000000000000000000000000 C
Ik denk dat het in Sony Vegas pro zat ik has er namelijk een key generator bij zitten dus ik denk dat dat het was.
moet ik nu sony vegas verweideren
-
PS ik heb net AVG gedraait en hij vind nog steets dit:
"Objectnaam";"C:\WINDOWS\system32\pbsvc.exe"
"Detectienaam";"Het bestand is ondertekend met een beschadigd certificaat, uitgegeven door: Even Balance."
En AVG vind spyware:
"Objectnaam";"C:\System Volume Information\_restore{5907E018-0508-457C-8DF3-5D9C7B8A5129}\RP114\A0026099.dll"
"Detectienaam";"Adware Zango"
wat nu ???
-
Hallo ik heb het script in combofix gevoegt en nog een keer gedraait hier het logje:
ComboFix 11-02-19.02 - user 20-02-2011 10:47:13.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3070.2527 [GMT 1:00]
Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\user\Bureaublad\CFScript.txt..txt
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"e:\FXDrv32.sys"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FXDRV32
-------\Service_FXDrv32
(((((((((((((((((((( Bestanden Gemaakt van 2011-01-20 to 2011-02-20 ))))))))))))))))))))))))))))))
.
2011-02-19 17:15 . 2011-02-19 17:15 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-19 17:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 17:15 . 2011-02-19 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-19 17:15 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-19 14:27 . 2011-02-19 14:27 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-17 13:03 . 2011-02-19 14:36 -------- d--h--r- c:\documents and settings\user\Onlangs geopend
2011-02-17 07:46 . 2011-02-17 07:46 -------- d-----w- c:\documents and settings\user\Application Data\AVG10
2011-02-14 10:07 . 2011-02-14 10:07 -------- d-----w- c:\program files\Xvid
2011-02-14 10:07 . 2008-12-13 19:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-14 10:07 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-14 10:07 . 2008-12-04 20:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-11 16:43 . 2008-04-14 21:09 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-02-11 16:43 . 2008-04-14 21:09 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-02-11 15:43 . 2008-04-14 21:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-11 15:43 . 2008-04-14 21:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-11 15:43 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-11 15:43 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-02-07 14:46 . 2011-02-07 14:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Sony
2011-02-07 14:30 . 2011-02-07 14:30 -------- d-----w- c:\program files\Sony
2011-02-07 14:30 . 2011-02-07 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2011-02-07 14:28 . 2011-02-07 14:51 -------- d-----w- c:\documents and settings\user\Application Data\Sony
2011-02-07 09:23 . 2011-02-07 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2011-02-07 09:22 . 2011-02-07 09:22 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-07 09:22 . 2011-02-07 09:22 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-07 09:22 . 2011-02-07 09:22 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-07 09:22 . 2011-02-07 09:22 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-05 08:37 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-05 08:37 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-05 08:37 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-05 08:37 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-01-25 16:19 . 2011-01-25 16:19 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Identities
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-15 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-18 17:29 . 2011-01-18 17:29 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-07 14:09 . 2008-04-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-15 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-15 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-15 12:00 735232 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 15:31 . 2010-12-19 15:31 315392 ----a-w- c:\windows\HideWin.exe
2010-12-09 15:15 . 2008-04-15 12:00 739328 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 22:11 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-08 03:12 . 2010-09-07 02:48 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-02-19_13.44.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-19 14:27 . 2011-02-19 14:27 1094656 c:\windows\Installer\fb30e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-05-12 2158592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-08 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"AVG_TRAY"="d:\programma's\AVG\avgtray.exe" [2011-01-07 2747744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programma's\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- d:\programma's\SuperAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\avgchsvx.exe /sync\0d:\progra~1\AVG\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\programma's\\AVG\\avgmfapx.exe"=
"d:\\programma's\\utorrent\\uTorrent.exe"=
"d:\\spellen\\Modern Warfare 2\\iw4mp.exe"=
"d:\\spellen\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\programma's\\AVG\\avgdiagex.exe"=
"d:\\programma's\\AVG\\avgnsx.exe"=
"d:\\programma's\\AVG\\avgam.exe"=
"d:\\programma's\\AVG\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3069:TCP"= 3069:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 3:48 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-9-2010 3:48 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7-9-2010 3:49 299984]
R1 SASDIFSV;SASDIFSV;d:\programma's\SuperAntiSpyware\sasdifsv.sys [23-11-2009 8:43 9968]
R1 SAS***IL;SAS***IL;d:\programma's\SuperAntiSpyware\SAS***IL.SYS [23-11-2009 8:43 74480]
R2 avgfws;AVG Firewall;d:\programma's\AVG\avgfws.exe [22-11-2010 4:48 3226632]
R2 AVGIDSAgent;AVGIDSAgent;d:\programma's\AVG\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6-1-2011 15:23 6128720]
R2 avgwd;AVG WatchDog;d:\programma's\AVG\avgwdsvc.exe [22-10-2010 4:58 265400]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-8-2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-8-2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-8-2010 21:42 26192]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [19-12-2010 21:37 98432]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19-12-2010 19:39 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]
S3 SASENUM;SASENUM;d:\programma's\SuperAntiSpyware\SASENUM.SYS [23-11-2009 8:43 7408]
.
Inhoud van de 'Gedeelde Taken' map
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-19 18:39]
2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-19 18:39]
.
.
------- Bijkomende Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-20 10:51
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1244)
d:\programma's\SuperAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2948)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\progra~1\AVG\avgchsvx.exe
d:\progra~1\AVG\avgrsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
d:\programma's\AVG\avgnsx.exe
d:\programma's\AVG\avgemcx.exe
d:\programma's\AVG\Identity Protection\agent\bin\avgidsmonitor.exe
d:\programma's\AVG\avgcsrvx.exe
.
**************************************************************************
.
Voltooingstijd: 2011-02-20 10:53:03 - machine werd herstart
ComboFix-quarantined-files.txt 2011-02-20 09:53
ComboFix2.txt 2011-02-19 13:45
Pre-Run: 89.291.689.984 bytes beschikbaar
Post-Run: 89.253.154.816 bytes beschikbaar
- - End Of File - - B07BA963BBB241D6E1E47C6AF3ACECA4
Is de PC nu weer schoon?
Of moet ik ook nog een logje van HiJackThis plaatsen?
-
Hallo
Malwarebytes Anti-Malware is nu druk bezig met scannen;)
Dit lijst je heb ik ook verwijderd in HiJackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:56323
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
De scan is klaar hij vind 2 dingen: hier het logje
Malwarebytes' Anti-Malware 1.50.1.1100
Databaseversie: 5810
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19-2-2011 18:49:46
mbam-log-2011-02-19 (18-49-46).txt
Scantype: Snelle scan
Objecten gescand: 136996
Verstreken tijd: 1 minuut/minuten, 58 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Als laatst vroeg je mij of ik de opdracht met combofix heb gedaan.
Ik had combofix al gedraaid alleen nog niet met dat tekst bestand er in zetten ofzo.
Zou je mij dat nog 1 keer kunnen uit leggen ?
Ik heb nu een .txt bestand genaamt CFScript.txt in dit bestand heb ik deze tekst gezet:
File::
e:\FXDrv32.sys
Driver::
FXDrv32
Wat nu ???
Moet ik dat tekst bestandje nu in het combofix pictogram slepen en dan nog een keer combofix uitvoeren???
-
Hey Kape.
u schrijft: Plak nu het HJT logje in je bericht door CTRL en V-toets.
in welk bericht moet ik het HJT logje plaken?
PS dit is mijn HJT logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:48, on 19-2-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
D:\PROGRA~1\AVG\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\programma's\AVG\avgfws.exe
D:\programma's\AVG\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
D:\programma's\AVG\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\programma's\AVG\avgtray.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\programma's\AVG\Identity Protection\agent\bin\avgidsmonitor.exe
D:\programma's\AVG\avgam.exe
D:\programma's\AVG\avgnsx.exe
D:\programma's\AVG\avgemcx.exe
D:\programma's\AVG\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\AVG\avgrsx.exe
D:\programma's\AVG\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
D:\programma's\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:56323
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\programma's\AVG\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG_TRAY] D:\programma's\AVG\avgtray.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\programma's\AVG\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\programma's\SuperAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - D:\programma's\AVG\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - D:\programma's\AVG\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\programma's\AVG\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\programma's\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6362 bytes
-
Hallo.
Mijn antie virus programa AVG geeft steets de melding dat een bestand genaam pbvc.exe beschadigd is:hmpf:.
Nu heb ik combofix eens laten draaien en heb een logje.
Kan ienmand er eens naar kijken of mijn probleem nu is opgelost? zo nee wat ik dan nu moet doen?
mvg Bram
ComboFix 11-02-18.05 - user 19-02-2011 14:42:20.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3070.2479 [GMT 1:00]
Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-01-19 to 2011-02-19 ))))))))))))))))))))))))))))))
.
2011-02-17 13:03 . 2011-02-19 10:33 -------- d--h--r- c:\documents and settings\user\Onlangs geopend
2011-02-17 07:46 . 2011-02-17 07:46 -------- d-----w- c:\documents and settings\user\Application Data\AVG10
2011-02-14 10:07 . 2011-02-14 10:07 -------- d-----w- c:\program files\Xvid
2011-02-14 10:07 . 2008-12-13 19:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-14 10:07 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-14 10:07 . 2008-12-04 20:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-11 16:43 . 2008-04-14 21:09 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-02-11 16:43 . 2008-04-14 21:09 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-02-11 15:43 . 2008-04-14 21:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-11 15:43 . 2008-04-14 21:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-11 15:43 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-11 15:43 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-02-07 14:46 . 2011-02-07 14:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Sony
2011-02-07 14:30 . 2011-02-07 14:30 -------- d-----w- c:\program files\Sony
2011-02-07 14:30 . 2011-02-07 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2011-02-07 14:28 . 2011-02-07 14:51 -------- d-----w- c:\documents and settings\user\Application Data\Sony
2011-02-07 09:23 . 2011-02-07 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2011-02-07 09:22 . 2011-02-07 09:22 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-07 09:22 . 2011-02-07 09:22 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-07 09:22 . 2011-02-07 09:22 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-07 09:22 . 2011-02-07 09:22 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-05 08:37 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-05 08:37 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-05 08:37 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-05 08:37 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-01-25 16:19 . 2011-01-25 16:19 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Identities
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-15 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-18 17:29 . 2011-01-18 17:29 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-07 14:09 . 2008-04-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-15 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-15 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-15 12:00 735232 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 15:31 . 2010-12-19 15:31 315392 ----a-w- c:\windows\HideWin.exe
2010-12-09 15:15 . 2008-04-15 12:00 739328 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 22:11 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-08 03:12 . 2010-09-07 02:48 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-05-12 2158592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-08 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"AVG_TRAY"="d:\programma's\AVG\avgtray.exe" [2011-01-07 2747744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programma's\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- d:\programma's\SuperAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\avgchsvx.exe /sync\0d:\progra~1\AVG\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\programma's\\AVG\\avgmfapx.exe"=
"d:\\programma's\\utorrent\\uTorrent.exe"=
"d:\\spellen\\Modern Warfare 2\\iw4mp.exe"=
"d:\\spellen\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\programma's\\AVG\\avgdiagex.exe"=
"d:\\programma's\\AVG\\avgnsx.exe"=
"d:\\programma's\\AVG\\avgam.exe"=
"d:\\programma's\\AVG\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3069:TCP"= 3069:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-9-2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 3:48 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-9-2010 3:48 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7-9-2010 3:49 299984]
R1 SASDIFSV;SASDIFSV;d:\programma's\SuperAntiSpyware\sasdifsv.sys [23-11-2009 8:43 9968]
R1 SAS***IL;SAS***IL;d:\programma's\SuperAntiSpyware\SAS***IL.SYS [23-11-2009 8:43 74480]
R2 avgwd;AVG WatchDog;d:\programma's\AVG\avgwdsvc.exe [22-10-2010 4:58 265400]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-8-2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-8-2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-8-2010 21:42 26192]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [19-12-2010 21:37 98432]
S2 avgfws;AVG Firewall;d:\programma's\AVG\avgfws.exe [22-11-2010 4:48 3226632]
S2 AVGIDSAgent;AVGIDSAgent;d:\programma's\AVG\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6-1-2011 15:23 6128720]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19-12-2010 19:39 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-7-2010 4:33 30432]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 SASENUM;SASENUM;d:\programma's\SuperAntiSpyware\SASENUM.SYS [23-11-2009 8:43 7408]
.
Inhoud van de 'Gedeelde Taken' map
2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-19 18:39]
2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-19 18:39]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:56323
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-19 14:44
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1244)
d:\programma's\SuperAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3560)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-02-19 14:45:10
ComboFix-quarantined-files.txt 2011-02-19 13:45
Pre-Run: 89.221.001.216 bytes beschikbaar
Post-Run: 89.266.671.616 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - BD318E1B5089588544658D7FF729E42C
Virus verstuurt emails vanaf mijn mail adres.
in Archief Internet & Netwerk
Geplaatst:
Ik heb Uitvoeren/Zoekopdracht en tik in: sc stop AdvancedSystemCareService5 en Uitvoeren/Zoekopdracht en tik in: sc delete AdvancedSystemCareService5 gedaan.
Ik had mijn wachtwoord al veranderd en heb tot nu toe geen klachten meer gehad van contacten die spam van mij krijgen.
Hoop nu alleen dat het niet vaker voor komt anders moet ik maar een nieuw account aanmaken.
Erg bedankt voor jullie snelle reactie's.
Groet Bram.