[OPGELOST] malware en fout

filkill · 2 juni 2008

Combofix log en hijactis log

ComboFix 08-06-01.6 - Hilde 2008-06-02 19:25:40.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.409 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Hilde\Bureaublad\ComboFix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))

.

2009-04-15 05:06 . 2009-04-15 05:10 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Logitech

2009-04-15 05:06 . 2005-10-05 12:00 47,104 --a------ C:\WINDOWS\system32\drivers\vserial.sys

2009-04-15 05:06 . 2006-12-22 16:50 27,536 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys

2009-04-15 05:06 . 2005-10-05 12:00 18,167 --a------ C:\WINDOWS\system32\drivers\vsb.sys

2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2009-04-15 05:04 . 2009-04-15 05:07 <DIR> d-------- C:\Program Files\Logitech

2009-04-15 05:04 . 2009-04-15 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2009-04-15 05:03 . 2009-04-15 05:03 <DIR> d-------- C:\Program Files\WIDCOMM

2009-04-15 05:03 . 2006-12-04 23:33 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys

2009-04-15 05:03 . 2006-12-04 23:33 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys

2009-04-15 05:03 . 2006-12-04 23:33 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll

2009-04-15 05:03 . 2006-12-04 23:33 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys

2009-04-15 05:03 . 2006-12-04 23:33 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys

2009-04-15 05:03 . 2006-12-04 23:33 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys

2009-04-14 22:30 . 2008-04-04 11:02 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Microsoft Games

2009-04-14 22:29 . 2009-04-14 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games

2009-04-14 22:24 . 2008-04-24 18:50 <DIR> d-------- C:\Program Files\Microsoft Games

2008-06-02 19:14 . 2008-06-02 19:14 <DIR> d-------- C:\Program Files\GV_Killer

2008-06-02 19:14 . 2001-09-07 11:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb

2008-06-02 19:14 . 2008-06-02 19:14 125 --a------ C:\GV_Killer.gvk

2008-05-31 19:18 . 2008-05-31 19:18 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Creative

2008-05-31 19:16 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-05-31 19:16 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-05-31 19:16 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys

2008-05-31 19:14 . 2008-05-31 19:16 <DIR> d-------- C:\Program Files\Creative

2008-05-31 19:14 . 1998-11-13 13:08 308,224 --a------ C:\WINDOWS\IsUn0413.exe

2008-05-31 13:09 . 2008-05-31 13:10 <DIR> d-------- C:\Program Files\SubSync

2008-05-31 12:59 . 2008-05-31 12:59 <DIR> d-------- C:\Program Files\uTorrent

2008-05-31 12:59 . 2008-06-02 17:56 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\uTorrent

2008-05-31 09:46 . 2008-05-31 09:46 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-05-31 09:46 . 2008-05-31 09:46 <DIR> d-------- C:\Program Files\Norton Security Scan

2008-05-30 16:42 . 2008-05-30 16:43 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-30 10:16 . 2008-05-30 10:27 <DIR> d-------- C:\hilde

2008-05-26 19:31 . 2008-05-26 19:31 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\CDBurnerXP_Soft

2008-05-26 19:30 . 2008-05-26 19:30 <DIR> d-------- C:\Program Files\CDBurnerXP

2008-05-25 11:34 . 2008-05-25 11:34 <DIR> d-------- C:\Ares Tube

2008-05-24 15:02 . 2008-05-24 15:08 <DIR> d-------- C:\Program Files\AV Music Morpher Gold

2008-05-24 15:00 . 2008-05-24 15:01 <DIR> d-------- C:\Program Files\AV Vcs 6.0

2008-05-21 13:30 . 2008-05-21 13:30 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Handbrake

2008-05-15 17:23 . 2008-05-15 17:23 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\dvdcss

2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\WINDOWS\Applian FLV Player

2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\Program Files\FLV Player

2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\WINDOWS\My Video Downloader

2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\Program Files\My Video Downloader

2008-05-13 21:02 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2008-05-13 21:02 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2008-05-13 20:39 . 2008-05-13 20:39 <DIR> d-------- C:\Program Files\Jocsoft

2008-05-13 20:39 . 2008-05-13 20:42 <DIR> d-------- C:\DVDVideoSoft

2008-05-09 17:27 . 2008-05-09 17:27 1,431 --a------ C:\WINDOWS\cmgt_z.ini

2008-05-09 17:25 . 2008-05-09 17:27 <DIR> d-------- C:\Program Files\PhotoZoom Pro 2

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Malwarebytes

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-08 20:37 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-08 20:37 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-07 17:15 . 2008-05-07 17:33 <DIR> d-------- C:\Program Files\3D Flash Animator 4.9.8.4

2008-05-07 17:15 . 2008-05-07 17:15 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\3DFA

2008-05-07 17:15 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-15 03:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Logitech

2009-04-15 03:05 --------- d-----w C:\Program Files\Common Files\Logitech

2009-04-14 07:25 512 ----a-w C:\ScanSectorLog.dat

2008-06-02 17:28 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Skype

2008-06-02 17:27 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DNA

2008-06-02 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-02 15:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\skypePM

2008-06-02 15:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-31 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-31 15:03 --------- d-----w C:\Program Files\ArtMoney

2008-05-31 11:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-05-31 11:09 249,856 ------w C:\WINDOWS\Setup1.exe

2008-05-30 21:01 --------- d-----w C:\Program Files\Cheat Engine

2008-05-24 15:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\LimeWire

2008-05-24 15:55 --------- d-----w C:\Program Files\LimeWire

2008-05-22 17:48 --------- d-----w C:\Documents and Settings\Hilde\Application Data\FrostWire

2008-05-21 11:12 481,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-21 11:12 35,874,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-21 11:12 212,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-21 11:12 2,254,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-16 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-13 19:06 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft

2008-05-13 19:04 --------- d-----w C:\Program Files\DVDVideoSoft

2008-05-13 19:02 --------- d-----w C:\Program Files\Xilisoft

2008-05-09 04:38 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-08 18:27 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DeskSlide

2008-05-08 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-30 17:34 --------- d-----w C:\Program Files\Ares

2008-04-25 19:24 --------- d-----w C:\Program Files\Java

2008-04-25 15:44 --------- d-----w C:\Program Files\Electronic Arts

2008-04-25 15:44 --------- d-----w C:\Program Files\EA Games

2008-04-23 12:19 --------- d-----w C:\Program Files\Axis Communications

2008-04-22 15:22 --------- d-----w C:\Program Files\FrostWire

2008-04-22 14:42 --------- d-----w C:\Program Files\Virtual Earth 3D

2008-04-19 21:03 --------- d-----w C:\Documents and Settings\Hilde\Application Data\BitTorrent

2008-04-19 20:05 --------- d-----w C:\Program Files\Avi2Dvd

2008-04-19 18:07 --------- d-----w C:\Program Files\AviSynth 2.5

2008-04-19 16:04 --------- d-----w C:\Program Files\DeskSlide

2008-04-19 12:00 --------- d-----w C:\Program Files\Free Download Manager

2008-04-19 11:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Software Informer

2008-04-19 10:29 --------- d-----w C:\Program Files\EncryptDrop Free Edition

2008-04-19 10:29 --------- d-----w C:\Documents and Settings\Hilde\Application Data\EncryptDrop

2008-04-17 19:21 --------- d-----w C:\Program Files\Shareaza Applications

2008-04-17 19:21 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Shareaza

2008-04-17 18:15 --------- d-----w C:\Program Files\Cheatbook Database 2007

2008-04-16 16:48 --------- d-----w C:\Program Files\GamesBar

2008-04-16 12:04 --------- d-----w C:\Program Files\WinAVI Video Converter

2008-04-16 11:32 --------- d-----w C:\Documents and Settings\Hilde\Application Data\vlc

2008-04-16 11:26 --------- d-----w C:\Program Files\VideoLAN

2008-04-10 16:29 --------- d-----w C:\Program Files\Native Instruments

2008-04-10 16:24 --------- d-----w C:\Program Files\WinXMedia

2008-04-08 16:01 --------- d-----w C:\Program Files\DNA

2008-04-08 16:01 --------- d-----w C:\Program Files\BitTorrent

2008-04-08 15:24 --------- d-----w C:\Program Files\BitLord

2008-04-05 12:32 --------- d-----w C:\Program Files\Cheating-Death

2008-04-05 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-04-04 11:16 --------- d-----w C:\Program Files\Counter-Strike 1.6

2008-03-31 10:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-12-07 20:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

.

Files Infected - Win32.Agent.zb

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-03-14 14:05 2494464]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 12:10 289088]

"DeskSlide"="C:\Program Files\DeskSlide\DeskSlide.exe" [2006-08-30 23:33 774144]

"ares"="C:\Program Files\Ares\Ares.exe" [2007-04-12 01:50 947200]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"SurfAccuracy"="C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-14 14:05 153136]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-14 14:05 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]

"KBD"="C:\HP\KBD\KBD.EXE" [2008-03-14 14:05 61440]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-03-14 14:05 118837]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-03-14 14:05 110592]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-14 14:05 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-14 14:05 267048]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"Logitech BT Wizard"="LBTWiz.exe" []

"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

"encryptdrop"="C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" [2005-10-17 02:51 150016]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664]

DeskPins.lnk - C:\Program Files\DeskPins\DeskPins.exe [2004-05-02 19:02:51 62464]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-04-15 05:05:03 688128]

Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 02:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= C:\WINDOWS\system32\Ir41_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-03-14 14:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TabletService"=2 (0x2)

"gusvc"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\FrostWire\\FrostWire.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe" [2008-01-31 09:37]

R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]

S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 03:55]

S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

*Newly Created Service* - CATCHME

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-19 08:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-05-31 07:46:46 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-02 19:28:16

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-06-02 19:29:36

ComboFix-quarantined-files.txt 2008-06-02 17:29:25

ComboFix2.txt 2008-05-31 13:15:46

Pre-Run: 165,069,565,952 bytes beschikbaar

Post-Run: 165,059,170,304 bytes beschikbaar

248 --- E O F --- 2007-12-28 14:27:14

______________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:32:55, on 2/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\DeskSlide\DeskSlide.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\DeskPins\DeskPins.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\WgaTray.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [surfAccuracy] C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

--

End of file - 10574 bytes

Xeno · 3 juni 2008

Hoi Philkill,

Open kladblok en kopieer en plak volgende aanwezig in het citaatvenster erin:

(vergeet REGEDIT4 niet te kopieren en plakken!)

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SurfAccuracy"=-

Sla dit op als fix.reg kies voor opslaan als alle bestanden en plaats het op je bureaublad.

Zo moet die regfix er nadien uitzien:

Dubbelklik erop.

Bij de vraag of je het wilt toevoegen aan het register, klik je op ja/ok.

Wil je nu terug een scan uitvoeren met MBAM en de log posten, laat wel MBAM éérst updaten.

Groetjes,

Xeno

filkill · 4 juni 2008

gedaan

hier mbam log

Malwarebytes' Anti-Malware 1.12

Database versie: 722

Scan type: Snelle Scan

Objecten gescand: 51070

Verstreken tijd: 16 minute(s), 11 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 15

Registerwaarden geïnfecteerd: 2

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 1

Bestanden geïnfecteerd: 8

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\malwarealarm.webinstall (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\malwarealarm.webinstall.1 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{4a3d609a-43b8-4406-b793-84f244246325} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\webinst.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Documents and Settings\Hilde\Local Settings\Temp\us0105.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\MalwareAlarm\MalwareAlarm.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.

C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.

C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.

C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.

C:\Program Files\MalwareAlarm\routines.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.

C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Bureaublad\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Xeno · 4 juni 2008

Oei vergeten, mag ik ook een verse HJT log please.

Xeno:)

filkill · 4 juni 2008

Hier

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:27:34, on 4/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\DeskSlide\DeskSlide.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\DeskPins\DeskPins.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Documents and Settings\Hilde\Bureaublad\uTorrent.exe