Ga naar inhoud

Tropic

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    7

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door Tropic

    Trage Pc

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Hierbij de logfiles:

    Malware bytes:

    Malwarebytes' Anti-Malware 1.11

    Database versie: 689

    Scan type: Snelle Scan

    Objecten gescand: 53115

    Verstreken tijd: 32 minute(s), 36 second(s)

    Geheugenprocessen geïnfecteerd: 6

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 3

    Registerwaarden geïnfecteerd: 19

    Registerdata bestanden geïnfecteerd: 0

    Mappen geïnfecteerd: 0

    Bestanden geïnfecteerd: 13

    Geheugenprocessen geïnfecteerd:

    C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Unloaded process successfully.

    C:\WINDOWS\svzip.exe (Trojan.Agent) -> Unloaded process successfully.

    C:\WINDOWS\runsql.exe (Trojan.Agent) -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Google Online Search Service (Trojan.Downloader) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netx (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net64 (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netzip (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runsql (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:

    C:\Documents and Settings\Gijs\Local Settings\Temp\682870043.exe (Malware.Trace) -> Quarantined and deleted successfully.

    C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\svc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\sv.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\svzip.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\runsql.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\2052v.exe (Worm.Sdbot) -> Delete on reboot.

    C:\WINDOWS\system32\winlogans.tmp (Malware.Trace) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Gijs\Favorieten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\svchost.t__ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Combofix:

    ComboFix 08-04-26.3 - Gijs 2008-04-27 10:58:28.2 - FAT32x86

    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.106 [GMT 2:00]

    Gestart vanuit: C:\Documents and Settings\Gijs\Bureaublad\ComboFix.exe

    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\kmd.exe

    C:\WINDOWS\system32\kmd.exe

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))

    .

    2008-04-27 08:15 . 2008-04-27 08:15 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\Malwarebytes

    2008-04-27 08:14 . 2008-04-27 08:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

    2008-04-27 08:14 . 2008-04-27 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    2008-04-25 18:57 . 2008-04-25 18:50 180,224 --a------ C:\WINDOWS\svw.exe

    2008-04-25 18:57 . 2008-04-25 19:07 144 --ahs---- C:\WINDOWS\system32\3495402579.dat

    2008-04-18 18:36 . 2008-04-18 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse

    2008-04-18 17:49 . 2008-04-18 17:49 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\PlayFirst

    2008-04-18 17:47 . 2008-04-18 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-11 17:16 1,534 ----a-w C:\WINDOWS\system32\tmp.reg

    2008-02-08 21:55 85,504 ----a-w C:\WINDOWS\system32\VACFix.exe

    2008-02-08 08:37 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe

    2008-02-07 21:15 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

    2008-02-07 21:15 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

    .

    ------- Sigcheck -------

    2004-08-03 22:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-03 22:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]

    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:15 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-22 19:38 579584]

    "NWEReboot"="" []

    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

    "netw"="C:\WINDOWS\svw.exe" [2008-04-25 18:50 180224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 23:15 219136]

    "jkdfj94kgdftdf"="C:\WINDOWS\TEMP\winlogan.exe" [ ]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 20:50]

    *Newly Created Service* - CATCHME

    .

    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-27 11:01:32

    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond

    verborgen bestanden: 0

    **************************************************************************

    .

    Voltooingstijd: 2008-04-27 11:02:21

    ComboFix2.txt 2008-02-11 17:38:12

    ComboFix-quarantined-files.txt 2008-04-27 09:02:18

    Pre-Run: 2,040,647,680 bytes beschikbaar

    Post-Run: 2,399,141,888 bytes beschikbaar

    75

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx

    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:16:30, on 27/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\svw.exe

    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

    O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204055285046

    O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.6.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.playfirst.com/play/game/feedingfrenzy/SproutLauncher.cab

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --

    End of file - 4620 bytes

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx

    Hopelijk is alles hiermee terug in orde.

    Hij werkt alleszins al terug sneller!

    Trage Pc

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Hierbij reeds de logfile van hijack this. kan iemand mij vertellen wat weg mag en hoe ik ervan af geraak?

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 20:46:45, on 25/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

    C:\WINDOWS\runsql.exe

    C:\WINDOWS\svhoster.exe

    C:\WINDOWS\svzip.exe

    C:\WINDOWS\vlc.exe

    C:\WINDOWS\svx.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\WINDOWS\wdmon.exe

    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    C:\WINDOWS\svw.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

    C:\Program Files\internet explorer\iexplore.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

    O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe

    O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe

    O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe

    O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe

    O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe

    O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe

    O4 - HKLM\..\Run: [updateWin] C:\WINDOWS\system32\2052v.exe

    O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe

    O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe

    O4 - HKLM\..\RunServices: [updateWin] C:\WINDOWS\system32\2052v.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [updateWin] C:\WINDOWS\system32\2052v.exe

    O4 - HKCU\..\RunServices: [updateWin] C:\WINDOWS\system32\2052v.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204055285046

    O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.6.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.playfirst.com/play/game/feedingfrenzy/SproutLauncher.cab

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlagons.exe (file missing)

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --

    End of file - 5557 bytes

    Alvast bedankt voor de reacties!

    Probleem: icthis virus

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Hierbij de logbestanden:

    Smitfraudfix

    SmitFraudFix v2.286

    Scan done at 19:16:36,31, ma 11/02/2008

    Run from C:\Documents and Settings\Gijs\Mijn documenten\SmitfraudFix\SmitfraudFix

    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT

    The filesystem type is FAT32

    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{747e1fbe-b70f-441d-bbca-6e536c04924a}"="didact"

    [HKEY_CLASSES_ROOT\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]

    @="C:\WINDOWS\system32\wuuawkz.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]

    @="C:\WINDOWS\system32\wuuawkz.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix

    Credits: Malware Analysis & Diagnostic

    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\wuuawkz.dll -> Hoax.Win32.Renos.gen.o

    C:\WINDOWS\system32\wuuawkz.dll -> Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\DOCUME~1\ALLUSE~1\MENUST~1\Online Security Guide.url Deleted

    C:\DOCUME~1\ALLUSE~1\MENUST~1\Security Troubleshooting.url Deleted

    C:\DOCUME~1\ALLUSE~1\BUREAU~1\Online Security Guide.url Deleted

    C:\DOCUME~1\ALLUSE~1\BUREAU~1\Security Troubleshooting.url Deleted

    C:\Program Files\Helper\ Deleted

    C:\Program Files\Online Add-on\ Deleted

    C:\Program Files\VirusHeat 3.9\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix

    Credits: Malware Analysis & Diagnostic

    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D84EA966-FA90-40DA-8F01-E76C536191AC}: DhcpNameServer=195.130.129.161 195.130.130.161

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D84EA966-FA90-40DA-8F01-E76C536191AC}: DhcpNameServer=195.130.129.161 195.130.130.161

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D84EA966-FA90-40DA-8F01-E76C536191AC}: DhcpNameServer=195.130.129.161 195.130.130.161

    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.130.129.161 195.130.130.161

    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.130.129.161 195.130.130.161

    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.130.129.161 195.130.130.161

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End

    Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 19:30:15, on 11/02/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --

    End of file - 3542 bytes

    Combofix

    ComboFix 08-02.05.3 - Gijs 2008-02-11 19:33:56.1 - FAT32x86

    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.73 [GMT 1:00]

    Gestart vanuit: C:\Documents and Settings\Gijs\Bureaublad\ComboFix.exe

    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))

    .

    2008-02-11 19:16 . 2008-02-11 19:16 1,534 --a------ C:\WINDOWS\system32\tmp.reg

    2008-02-11 19:15 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

    2008-02-11 19:15 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

    2008-02-11 19:15 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe

    2008-02-11 19:15 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe

    2008-02-11 19:15 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

    2008-02-11 19:15 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

    2008-02-11 19:15 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

    2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen

    2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend

    2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving

    2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten

    2008-02-11 19:02 . 2008-02-07 21:49 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start

    2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten

    2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad

    2008-02-10 09:43 . 2008-02-10 09:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

    2008-02-10 09:43 . 2008-02-10 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

    2008-02-10 09:10 . 2008-02-10 09:10 <DIR> d-------- C:\Program Files\Spyware Doctor

    2008-02-10 09:10 . 2008-02-10 09:10 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\PC Tools

    2008-02-10 09:10 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

    2008-02-10 09:10 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

    2008-02-10 09:10 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

    2008-02-10 09:10 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    2008-02-09 23:12 . 2008-02-09 23:12 <DIR> d-------- C:\Program Files\Trend Micro

    2008-02-09 22:16 . 2008-02-09 22:16 <DIR> dr-h----- C:\$VAULT$.AVG

    2008-02-09 21:44 . 2008-02-09 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

    2008-02-09 20:49 . 2008-02-09 20:49 <DIR> d-------- C:\Program Files\Google

    2008-02-09 18:34 . 2008-02-09 22:14 69 --a------ C:\WINDOWS\NeroDigital.ini

    2008-02-07 23:31 . 2008-02-07 23:31 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\Ahead

    2008-02-07 23:26 . 2008-02-07 23:26 <DIR> d-------- C:\Program Files\Nero

    2008-02-07 23:26 . 2008-02-07 23:26 <DIR> d-------- C:\Program Files\Common Files\Ahead

    2008-02-07 23:22 . 2008-02-07 23:22 <DIR> d--hs---- C:\Recycled

    2008-02-07 23:16 . 2008-02-07 23:16 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\AVG7

    2008-02-07 23:15 . 2008-02-07 23:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

    2008-02-07 23:15 . 2008-02-07 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

    2008-02-07 23:15 . 2008-02-07 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

    2008-02-07 23:15 . 2008-02-07 23:15 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

    2008-02-07 23:15 . 2008-02-07 23:15 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

    2008-02-07 23:01 . 2008-02-07 23:01 395 --a------ C:\WINDOWS\ODBC.INI

    2008-02-07 23:00 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-07 21:59 --------- d-----w C:\Program Files\Microsoft.NET

    2008-02-07 21:33 --------- d-----w C:\Program Files\microsoft frontpage

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]

    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:15 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 23:17 579072]

    "NWEReboot"="" []

    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 23:15 219136]

    R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 20:50]

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-02-11 19:36:57

    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    detected NTDLL code modification:

    ZwClose

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond

    verborgen bestanden: 0

    **************************************************************************

    .

    Voltooingstijd: 2008-02-11 19:38:10

    Na het gebruik van SmitFraudFix was volgens mij alles al weg. Ik heb in de 2 andere programmas alvast niks teruggevonden van wat je gezegd hebt.

    Hopelijk is hiermee het probleem opgelost.

    Probleem: icthis virus

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Na wat surfen kwam ik op hijackthis uit die het volgende resultaat gaf:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 23:52:15, on 9/02/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\PROGRA~1\Grisoft\AVG7\avgwb.dat

    C:\Program Files\Online Add-on\icmntr.exe

    C:\Program Files\Online Add-on\icthis.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202589825.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    --

    End of file - 3561 bytes

    Probleem: icthis virus

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Hey

    Telkens ik op mijn pc werk krijg ik van die security alerts dat er spyware is gevonden en wanneer ik aan het surfen ben krijg ik steeds pop ups. Ik denk dat het gelegen is aan de volgende map: C:/ Program files/ Online Add on.

    Ik heb er echter geen idee van hoe ik deze weg krijg. Krijg steeds de melding dat de bestanden in gebruik zijn.

    Graag jullie raad!!!!

    Alvast bedankt

    tropic

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.