wimme

30 december 2010

Gescand en nog een paar files gevonden.

Computer herstart en geen enkel probleem meer.

Dus probleem opgelost waarvoor dank

30 december 2010

Nee panda vindt niets meer.

Hitmapro daarentegen wel.

Hitmapro vindt naast wat tracking cookies ook nog één malware bestand die ik niet verwijderd krijg.

Dit is een update exe bestand en staat in C: programadata gevolgd door een lange serienummer.

30 december 2010

MBAM logje

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes

Databaseversie: 5422

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/12/2010 14:19:01

mbam-log-2010-12-30 (14-19-01).txt

Scantype: Snelle scan

Objecten gescand: 135536

Verstreken tijd: 2 minuut/minuten, 34 seconde(n)

Geheugenprocessen geïnfecteerd: 4

Geheugenmodulen geïnfecteerd: 1

Registersleutels geïnfecteerd: 6

Registerwaarden geïnfecteerd: 3

Registerdata geïnfecteerd: 1

Mappen geïnfecteerd: 1

Bestanden geïnfecteerd: 11

Geheugenprocessen geïnfecteerd:

c:\Windows\System32\mshtmler32.exe (Trojan.Tracur.S) -> 3672 -> Unloaded process successfully.

c:\programdata\actionqueue32.exe (Trojan.Tracur.S) -> 3956 -> Unloaded process successfully.

c:\Windows\iepeerswow.exe (Trojan.Tracur.S) -> 4428 -> Unloaded process successfully.

c:\Windows\iepeerswow.exe (Trojan.Tracur.S) -> 4376 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

c:\programdata\amxread32.dll (Trojan.Tracur.S) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UxSms32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D8480335-3BBE-7565-5089-AD4717BAC926} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D8480335-3BBE-7565-5089-AD4717BAC926} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D8480335-3BBE-7565-5089-AD4717BAC926} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8480335-3BBE-7565-5089-AD4717BAC926} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iepeerswow.exe (Trojan.Tracur.S) -> Value: iepeerswow.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iepeerswow.exe (Trojan.Tracur.S) -> Value: iepeerswow.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WMSPDMODwow.exe (Trojan.TracurW.Gen) -> Value: WMSPDMODwow.exe -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.S) -> Bad: (C:\ProgramData\amxread32.dll) Good: () -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

c:\Users\Wim\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\Windows\System32\mshtmler32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\programdata\amxread32.dll (Trojan.Tracur.S) -> Delete on reboot.

c:\programdata\actionqueue32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\iepeerswow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\actionqueue32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Users\Wim\AppData\Roaming\SysWin\lsass.exe (Worm.Prolaco) -> Quarantined and deleted successfully.

c:\Windows\System32\02000000c7c86c621101c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\02000000c7c86c621101o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\02000000c7c86c621101p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\02000000c7c86c621101s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

HJtlog:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:21:01, on 15/08/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\EXPERTool\TBPANEL.exe

C:\Program Files\Creative\Software Update 3\SoftAuto.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Panda Security\Panda Global Protection 2010\PavBckPT.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A

O4 - HKCU\..\Run: [Google Update] "C:\Users\Wim\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [softAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"

O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe

O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe

--

End of file - 6905 bytes

30 december 2010

Hoi,

Mijn neef heeft een paar dagen geleden een virus ontvangen op zijn PC. Ik heb zowel de virusscanner (Panda) als hitman pro en adaware gebruikt.

Telkens als de pc opgestart wordt geeft panda aan dat er een vrius gedetecteerd is.

Met hitmapro vindt ik wel waar de malware zich situeert maar kan het niet verwijderen.

Hjt logje: