 Major Virus Problem, Dektop gone white, virus alerts, program files gone,... |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Aug 30 2008, 03:54 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 13 Joined: 3-August 08 Member No.: 227,210  |
here's my dss scan log : Deckard's System Scanner v20071014.68 Run by jean-marc on 2008-08-30 10:53:01 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as jean-marc.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:53: VIRUS ALERT!, on 30/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\jean-marc\Bureaublad\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\JEAN-M~1.EXE C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {108B77FC-1368-4D9D-8302-0EB3C66B8128} - C:\WINDOWS\system32\cbXRKCUN.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: QXK Olive - {82FE7773-FD0D-4303-88BE-CC13735BF5E8} - C:\WINDOWS\rodqgpvlqks.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: qalkfxor - {430C60E7-36D5-4BC3-8783-02B7FB0E966E} - C:\WINDOWS\qalkfxor.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Suitcase 11.0.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138230339702 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914...PSUploader4.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O21 - SSODL: rqbmvpso - {D4BEC0C9-D10F-49FA-A14C-EB813BD3BAB9} - C:\WINDOWS\rqbmvpso.dll O21 - SSODL: pdoskegl - {96A5C05E-CB24-403D-9304-19972BC93854} - C:\WINDOWS\pdoskegl.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 11041 bytes -- Files created between 2008-07-30 and 2008-08-30 ----------------------------- 2008-08-30 10:47:25 0 d-------- C:\WINDOWS\privacy_danger 2008-08-30 10:36:57 0 d-------- C:\Documents and Settings\jean-marc\Application Data\TmpRecentIcons 2008-08-30 10:36:40 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll 2008-08-30 10:36:40 155648 --a------ C:\WINDOWS\qalkfxor.dll 2008-08-30 10:36:40 233472 --a------ C:\WINDOWS\pdoskegl.dll 2008-08-30 10:36:40 94208 --a------ C:\WINDOWS\eebr.exe 2008-08-30 10:36:39 86016 --a------ C:\WINDOWS\rvoelbxt.exe 2008-08-30 10:36:39 188416 --a------ C:\WINDOWS\rqbmvpso.dll 2008-08-27 21:42:23 0 d-------- C:\WINDOWS\Prefetch 2008-08-27 21:26:29 0 d-------- C:\WINDOWS\system32\nl 2008-08-27 21:26:29 0 d-------- C:\WINDOWS\l2schemas 2008-08-27 21:22:03 0 d-------- C:\WINDOWS\network diagnostic 2008-08-27 00:31:44 0 d-------- C:\18b73c7ea165edb85a 2008-08-26 23:54:42 0 d-------- C:\WINDOWS\system32\RsFx 2008-08-26 23:33:52 0 d-------- C:\5b18db94266d4e28784dae25 2008-08-09 18:50:38 0 d-------- C:\Program Files\Navilog1 2008-08-09 12:37:16 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Malwarebytes 2008-08-09 12:37:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-09 12:37:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-04 00:18:15 0 d-------- C:\Program Files\Common Files\Digidesign 2008-08-04 00:18:11 163840 --a------ C:\WINDOWS\system32\ArtFfct.dll <Not Verified; ; Bibliothèque de liaison dynamique FDlg> 2008-08-04 00:18:11 0 d-------- C:\Program Files\Arturia 2008-08-03 11:59:32 0 d-------- C:\Program Files\Trend Micro 2008-08-02 16:27:21 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-02 16:22:26 0 d-------- C:\Program Files\Spyware Doctor 2008-08-02 16:22:26 0 d-------- C:\Documents and Settings\jean-marc\Application Data\PC Tools -- Find3M Report --------------------------------------------------------------- 2008-08-29 22:11:22 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Azureus 2008-08-27 22:45:42 0 d-------- C:\Program Files\MSN Messenger 2008-08-27 21:44:35 550598 --a------ C:\WINDOWS\system32\perfh013.dat 2008-08-27 21:44:35 106110 --a------ C:\WINDOWS\system32\perfc013.dat 2008-08-27 21:29:26 0 d-------- C:\Program Files\Messenger 2008-08-27 21:26:28 0 d-------- C:\Program Files\Movie Maker 2008-08-27 21:23:19 0 d-------- C:\Program Files\Windows NT 2008-08-26 23:54:46 0 d-------- C:\Program Files\Microsoft SQL Server 2008-08-26 23:37:40 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0 2008-08-26 22:58:55 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Adobe 2008-08-13 17:13:16 0 d-------- C:\Program Files\Macromedia 2008-08-13 17:13:16 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-08-13 17:12:47 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Macromedia 2008-08-13 17:08:35 0 d-------- C:\Program Files\EPSON 2008-08-13 17:05:49 0 d-------- C:\Program Files\Common Files\Adobe 2008-08-10 20:59:46 0 d-------- C:\Program Files\Java 2008-08-07 01:31:13 0 d-------- C:\Program Files\SoulseekNS 2008-08-04 00:18:15 0 d-------- C:\Program Files\Common Files 2008-08-03 22:42:05 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Extensis 2008-07-26 21:50:11 0 d-------- C:\Program Files\Apple Software Update 2008-07-12 19:15:47 0 d-------- C:\Program Files\Azureus 2008-07-02 01:45:44 0 d-------- C:\Documents and Settings\jean-marc\Application Data\vlc 2008-07-02 01:15:10 0 d-------- C:\Program Files\VideoLAN 2008-05-30 03:06:31 51 --a------ C:\smp.bat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{108B77FC-1368-4D9D-8302-0EB3C66B8128}] C:\WINDOWS\system32\cbXRKCUN.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82FE7773-FD0D-4303-88BE-CC13735BF5E8}] 30/08/2008 07:29: VIRUS ALERT! 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [01/12/2004 09:54: VIRUS ALERT! C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27: VIRUS ALERT!] "EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [27/05/2003 05:08: VIRUS ALERT!] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50: VIRUS ALERT!] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 07:31: VIRUS ALERT!] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 07:31: VIRUS ALERT!] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:32: VIRUS ALERT!] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:32: VIRUS ALERT!] "FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [02/07/2007 18:11: VIRUS ALERT!] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35: VIRUS ALERT!] "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [30/11/1998 19:04: VIRUS ALERT!] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/01/2008 02:27: VIRUS ALERT!] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37: VIRUS ALERT!] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36: VIRUS ALERT!] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16: VIRUS ALERT!] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/08/2008 17:27: VIRUS ALERT!] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [16/07/2008 09:16: VIRUS ALERT!] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 19:02: VIRUS ALERT!] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54: VIRUS ALERT!] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [14/04/2005 16:56: VIRUS ALERT!] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 09:20: VIRUS ALERT!] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 00:06: VIRUS ALERT!] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [24/01/2007 22:21:09] Suitcase 11.0.lnk - C:\WINDOWS\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [8/05/2008 0:15:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) "DisableRegistryTools"=1 (0x1) "NoDispCPL"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"=1 (0x1) "StartMenuLogoff"=1 (0x1) "NoStartMenuMorePrograms"=1 (0x1) "NoSetFolders"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "rqbmvpso"= {D4BEC0C9-D10F-49FA-A14C-EB813BD3BAB9} - C:\WINDOWS\rqbmvpso.dll [30/08/2008 07:29: VIRUS ALERT! 188416] "pdoskegl"= {96A5C05E-CB24-403D-9304-19972BC93854} - C:\WINDOWS\pdoskegl.dll [30/08/2008 07:29: VIRUS ALERT! 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc -- End of Deckard's System Scanner: finished at 2008-08-30 10:53:53 ------------ thx for the help! This post has been edited by jean74: Aug 30 2008, 04:54 AM |
 |
 
|
|
Aug 31 2008, 05:13 AM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 2,353 Joined: 12-December 05 From: Belgium Member No.: 44,294 |
Hello Jean and welcome to BleepingComputer,
1. * Clean your Cache and Cookies in IE:
Doubleclick mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 3. Restart your computer. 4. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !). The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC) In the event you already have Combofix, and you're notified a more current version is available, please download the latest version as described in the tutorial. It must be saved directly to your desktop. Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze. Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply.  If you have any questions along the way, STOP and ask them before proceeding !! Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------  - If I have helped you in any way, please consider a donation to help me continue the fight against malware.----------------------------------------------------------------------- Stand Up & Be Counted -->  <-- And make a difference |
|
|
|
|
Aug 31 2008, 08:32 AM
Post
#3
|
|
|
New Member Group: Members Posts: 13 Joined: 3-August 08 Member No.: 227,210 |
hi, thx for helping me out here!
here are all the logs you asked : Deckard's System Scanner v20071014.68 Run by jean-marc on 2008-08-31 15:30:05 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as jean-marc.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:30:11, on 31/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\jean-marc\Bureaublad\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\JEAN-M~1.EXE C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: QXK Olive - {82FE7773-FD0D-4303-88BE-CC13735BF5E8} - C:\WINDOWS\rodqgpvlqks.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: qalkfxor - {430C60E7-36D5-4BC3-8783-02B7FB0E966E} - C:\WINDOWS\qalkfxor.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Suitcase 11.0.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138230339702 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914...PSUploader4.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9842 bytes -- Files created between 2008-07-31 and 2008-08-31 ----------------------------- 2008-08-31 15:15:31 68096 --a------ C:\WINDOWS\zip.exe 2008-08-31 15:15:31 49152 --a------ C:\WINDOWS\VFind.exe 2008-08-31 15:15:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-08-31 15:15:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-08-31 15:15:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-08-31 15:15:31 98816 --a------ C:\WINDOWS\sed.exe 2008-08-31 15:15:31 80412 --a------ C:\WINDOWS\grep.exe 2008-08-31 15:15:31 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-08-30 10:36:40 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll 2008-08-30 10:36:40 155648 --a------ C:\WINDOWS\qalkfxor.dll 2008-08-30 10:36:40 233472 --a------ C:\WINDOWS\pdoskegl.dll 2008-08-30 10:36:39 86016 --a------ C:\WINDOWS\rvoelbxt.exe 2008-08-30 10:36:39 188416 --a------ C:\WINDOWS\rqbmvpso.dll 2008-08-27 21:42:23 0 d-------- C:\WINDOWS\Prefetch 2008-08-27 21:26:29 0 d-------- C:\WINDOWS\system32\nl 2008-08-27 21:26:29 0 d-------- C:\WINDOWS\l2schemas 2008-08-27 21:22:03 0 d-------- C:\WINDOWS\network diagnostic 2008-08-27 00:31:44 0 d-------- C:\18b73c7ea165edb85a 2008-08-26 23:54:42 0 d-------- C:\WINDOWS\system32\RsFx 2008-08-26 23:33:52 0 d-------- C:\5b18db94266d4e28784dae25 2008-08-09 18:50:38 0 d-------- C:\Program Files\Navilog1 2008-08-09 12:37:16 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Malwarebytes 2008-08-09 12:37:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-09 12:37:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-04 00:18:15 0 d-------- C:\Program Files\Common Files\Digidesign 2008-08-04 00:18:11 163840 --a------ C:\WINDOWS\system32\ArtFfct.dll <Not Verified; ; Bibliothèque de liaison dynamique FDlg> 2008-08-04 00:18:11 0 d-------- C:\Program Files\Arturia 2008-08-03 11:59:32 0 d-------- C:\Program Files\Trend Micro 2008-08-02 16:27:21 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-02 16:22:26 0 d-------- C:\Program Files\Spyware Doctor 2008-08-02 16:22:26 0 d-------- C:\Documents and Settings\jean-marc\Application Data\PC Tools -- Find3M Report --------------------------------------------------------------- 2008-08-31 15:20:00 0 d-------- C:\Program Files\Common Files 2008-08-29 22:11:22 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Azureus 2008-08-27 22:45:42 0 d-------- C:\Program Files\MSN Messenger 2008-08-27 21:44:35 550598 --a------ C:\WINDOWS\system32\perfh013.dat 2008-08-27 21:44:35 106110 --a------ C:\WINDOWS\system32\perfc013.dat 2008-08-27 21:29:26 0 d-------- C:\Program Files\Messenger 2008-08-27 21:26:28 0 d-------- C:\Program Files\Movie Maker 2008-08-27 21:23:19 0 d-------- C:\Program Files\Windows NT 2008-08-26 23:54:46 0 d-------- C:\Program Files\Microsoft SQL Server 2008-08-26 23:37:40 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0 2008-08-26 22:58:55 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Adobe 2008-08-13 17:13:16 0 d-------- C:\Program Files\Macromedia 2008-08-13 17:13:16 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-08-13 17:12:47 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Macromedia 2008-08-13 17:08:35 0 d-------- C:\Program Files\EPSON 2008-08-13 17:05:49 0 d-------- C:\Program Files\Common Files\Adobe 2008-08-10 20:59:46 0 d-------- C:\Program Files\Java 2008-08-07 01:31:13 0 d-------- C:\Program Files\SoulseekNS 2008-08-03 22:42:05 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Extensis 2008-07-26 21:50:11 0 d-------- C:\Program Files\Apple Software Update 2008-07-12 19:15:47 0 d-------- C:\Program Files\Azureus 2008-07-02 01:45:44 0 d-------- C:\Documents and Settings\jean-marc\Application Data\vlc 2008-07-02 01:15:10 0 d-------- C:\Program Files\VideoLAN -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82FE7773-FD0D-4303-88BE-CC13735BF5E8}] 30/08/2008 07:29 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [01/12/2004 09:54 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27] "EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [27/05/2003 05:08] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 07:31] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 07:31] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:32] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:32] "FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [02/07/2007 18:11] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35] "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [30/11/1998 19:04] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/01/2008 02:27] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/08/2008 17:27] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [16/07/2008 09:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 19:02] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [14/04/2005 16:56] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 09:20] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 00:06] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [24/01/2007 22:21:09] Suitcase 11.0.lnk - C:\WINDOWS\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [8/05/2008 0:15:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc -- End of Deckard's System Scanner: finished at 2008-08-31 15:30:52 ------------ Malwarebytes' Anti-Malware 1.24 Database versie: 1035 Windows 5.1.2600 Service Pack 3 13:39:21 31/08/2008 mbam-log-8-31-2008 (13-39-21).txt Scan type: Snelle Scan Objecten gescand: 41939 Verstreken tijd: 6 minute(s), 10 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 5 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 16 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 12 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55679-648-8637434-23117) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\eebr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\jean-marc\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\jean-marc\Bureaublad\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jean-marc\Bureaublad\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jean-marc\Bureaublad\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jean-marc\Favorieten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jean-marc\Favorieten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jean-marc\Favorieten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. ComboFix 08-08-30.03 - jean-marc 2008-08-31 15:16:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.538 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\jean-marc\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\jean-marc\Application Data\inst.exe C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\#SharedObjects\YJFTDSX5\bin.clearspring.com C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\#SharedObjects\YJFTDSX5\bin.clearspring.com\clearspring.sol C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\#SharedObjects\YJFTDSX5\interclick.com C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\#SharedObjects\YJFTDSX5\interclick.com\ud.sol C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\smp.bat C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\MSINET.oca . (((((((((((((((((((( Bestanden Gemaakt van 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))) . 2008-08-30 10:36 . 2008-08-30 07:29 405,504 --a------ C:\WINDOWS\rodqgpvlqks.dll 2008-08-30 10:36 . 2008-08-30 07:29 233,472 --a------ C:\WINDOWS\pdoskegl.dll 2008-08-30 10:36 . 2008-08-30 07:29 188,416 --a------ C:\WINDOWS\rqbmvpso.dll 2008-08-30 10:36 . 2008-08-30 07:29 155,648 --a------ C:\WINDOWS\qalkfxor.dll 2008-08-30 10:36 . 2008-08-30 07:29 86,016 --a------ C:\WINDOWS\rvoelbxt.exe 2008-08-27 21:26 . 2008-08-27 21:26 <DIR> d-------- C:\WINDOWS\system32\nl 2008-08-27 21:26 . 2008-08-27 21:26 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-27 00:31 . 2008-08-27 00:32 <DIR> d-------- C:\18b73c7ea165edb85a 2008-08-26 23:55 . 2008-07-11 02:28 50,200 --a------ C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2008-08-26 23:54 . 2008-08-26 23:54 <DIR> d-------- C:\WINDOWS\system32\RsFx 2008-08-26 23:33 . 2008-08-26 23:34 <DIR> d-------- C:\5b18db94266d4e28784dae25 2008-08-24 22:52 . 2008-08-24 22:52 268 --ah----- C:\sqmdata19.sqm 2008-08-24 22:52 . 2008-08-24 22:52 244 --ah----- C:\sqmnoopt19.sqm 2008-08-24 13:07 . 2008-04-14 19:02 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-08-24 13:05 . 2008-04-14 19:02 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-08-24 12:35 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-24 12:34 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-09 18:50 . 2008-08-09 19:48 <DIR> d-------- C:\Program Files\Navilog1 2008-08-09 12:37 . 2008-08-09 12:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-09 12:37 . 2008-08-09 12:37 <DIR> d-------- C:\Documents and Settings\jean-marc\Application Data\Malwarebytes 2008-08-09 12:37 . 2008-08-09 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-09 12:37 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-09 12:37 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-09 12:30 . 2008-08-09 12:30 <DIR> d-------- C:\_OTMoveIt 2008-08-04 00:18 . 2008-08-04 00:18 <DIR> d-------- C:\Program Files\Common Files\Digidesign 2008-08-04 00:18 . 2008-08-04 00:18 <DIR> d-------- C:\Program Files\Arturia 2008-08-04 00:18 . 2006-09-20 14:11 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll 2008-08-03 13:44 . 2008-08-03 13:44 <DIR> d-------- C:\Deckard 2008-08-03 11:59 . 2008-08-03 11:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-02 16:27 . 2008-08-02 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-02 16:22 . 2008-08-29 17:39 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-08-02 16:22 . 2008-08-02 16:22 <DIR> d-------- C:\Documents and Settings\jean-marc\Application Data\PC Tools 2008-08-02 16:22 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-02 16:22 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-02 16:22 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-02 16:22 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-07-29 20:35 . 2008-07-29 20:35 326,160 --a------ C:\WINDOWS\system32\PresentationHost.exe 2008-07-29 19:59 . 2008-07-29 19:59 781,344 --a------ C:\WINDOWS\system32\PresentationNative_v0300.dll 2008-07-29 19:59 . 2008-07-29 19:59 105,016 --a------ C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2008-07-29 19:59 . 2008-07-29 19:59 43,544 --a------ C:\WINDOWS\system32\PresentationHostProxy.dll 2008-07-29 19:24 . 2008-07-29 19:24 622,080 --a------ C:\WINDOWS\system32\icardagt.exe 2008-07-29 19:24 . 2008-07-29 19:24 97,800 --a------ C:\WINDOWS\system32\infocardapi.dll 2008-07-29 19:24 . 2008-07-29 19:24 37,384 --a------ C:\WINDOWS\system32\infocardcpl.cpl 2008-07-29 19:24 . 2008-07-29 19:24 11,264 --a------ C:\WINDOWS\system32\icardres.dll 2008-07-29 05:49 . 2008-07-29 05:49 586,240 --a------ C:\WINDOWS\system32\icardres.dll.mui 2008-07-27 18:32 . 2008-08-07 01:31 <DIR> d-------- C:\Program Files\SoulseekNS 2008-07-25 11:16 . 2008-07-25 11:16 282,112 --a------ C:\WINDOWS\system32\mscoree.dll 2008-07-25 11:16 . 2008-07-25 11:16 158,720 --a------ C:\WINDOWS\system32\mscorier.dll 2008-07-25 11:16 . 2008-07-25 11:16 96,760 --a------ C:\WINDOWS\system32\dfshim.dll 2008-07-25 11:16 . 2008-07-25 11:16 83,968 --a------ C:\WINDOWS\system32\mscories.dll 2008-07-21 17:18 . 2008-07-21 17:18 <DIR> d-------- C:\Documents and Settings\jean-marc\DoctorWeb 2008-07-11 02:28 . 2008-07-11 02:28 34,328 --a------ C:\WINDOWS\system32\DTSPipelinePerf100.dll 2008-07-11 02:28 . 2008-07-11 02:28 26,292 --a------ C:\WINDOWS\system32\SQLServerManager10.msc 2008-07-10 02:49 . 2008-07-10 02:49 2,459,672 --a------ C:\WINDOWS\system32\sqlncli10.dll 2008-07-10 02:49 . 2008-07-10 02:49 242,712 --a------ C:\WINDOWS\system32\drivers\RsFx0102.sys 2008-07-10 02:49 . 2008-07-10 02:49 239,128 --a------ C:\WINDOWS\system32\drivers\RsFx0101.sys 2008-07-10 02:49 . 2008-07-10 02:49 235,416 --a------ C:\WINDOWS\system32\drivers\RsFx0100.sys 2008-07-10 02:49 . 2008-07-10 02:49 215,576 --a------ C:\WINDOWS\system32\SqlServerSpatial.dll 2008-07-07 22:30 . 2008-07-07 22:30 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll 2008-07-02 01:45 . 2008-07-02 01:45 <DIR> d-------- C:\Documents and Settings\jean-marc\Application Data\vlc . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-31 12:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-29 20:11 --------- d-----w C:\Documents and Settings\jean-marc\Application Data\Azureus 2008-08-29 15:26 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-27 20:45 --------- d-----w C:\Program Files\MSN Messenger 2008-08-26 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-26 21:54 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-08-26 21:37 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0 2008-08-13 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-13 15:13 --------- d-----w C:\Program Files\Macromedia 2008-08-13 15:08 --------- d-----w C:\Program Files\EPSON 2008-08-13 15:05 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-10 18:59 --------- d-----w C:\Program Files\Java 2008-08-03 20:42 --------- d-----w C:\Documents and Settings\jean-marc\Application Data\Extensis 2008-08-03 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Extensis 2008-07-26 19:50 --------- d-----w C:\Program Files\Apple Software Update 2008-07-12 17:15 --------- d-----w C:\Program Files\Azureus 2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-06 12:06 575,488 ----a-w C:\WINDOWS\system32\xpsshhdr.dll 2008-07-06 12:06 117,760 ----a-w C:\WINDOWS\system32\prntvpt.dll 2008-07-06 12:06 1,676,288 ----a-w C:\WINDOWS\system32\xpssvcs.dll 2008-07-04 15:02 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-04 15:02 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-01 23:15 --------- d-----w C:\Program Files\VideoLAN 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:43 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-24 01:52 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2008-05-19 04:33 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll 2008-05-19 04:33 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll 2008-05-19 04:33 18,944 ----a-w C:\WINDOWS\system32\msisip.dll 2008-05-18 23:57 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe 2008-05-17 19:01 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 05:12 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll 2007-08-13 15:43 1 ----a-w C:\Documents and Settings\jean-marc\SI.bin 2007-05-31 17:53 47,360 ----a-w C:\Documents and Settings\jean-marc\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82FE7773-FD0D-4303-88BE-CC13735BF5E8}] 2008-08-30 07:29 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{430C60E7-36D5-4BC3-8783-02B7FB0E966E}"= "C:\WINDOWS\qalkfxor.dll" [2008-08-30 07:29 155648] [HKEY_CLASSES_ROOT\clsid\{430c60e7-36d5-4bc3-8783-02b7fb0e966e}] [HKEY_CLASSES_ROOT\qalkfxor.1] [HKEY_CLASSES_ROOT\TypeLib\{7E890B46-2548-4B43-B2A9-A89196DF5C9D}] [HKEY_CLASSES_ROOT\qalkfxor] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 16:56 1957888] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 05:08 99840] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 07:31 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:31 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 07:32 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 07:32 455168] "FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [2007-07-02 18:11 370176] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 19:04 497376] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-25 02:27 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 17:27 1235736] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 77824 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:02 15360] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-01-24 22:21:09 57344] Suitcase 11.0.lnk - C:\WINDOWS\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [2008-05-08 00:15:58 9062] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VDOM"= vdowave.drv "VIDC.MPG4"= msscmc32.dll "VIDC.TR20"= tr2032.dll "msacm.voxacm119"= vdk32119.acm "vidc.vivo"= ivvideo.dll "midi1"= KORGUMDD.DRV "msacm.divxa32"= msaud32_divx.acm "midi2"= KORGUMDD.DRV "midi3"= KORGUMDD.DRV [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\SoulseekNS\\slsk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 17:26] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 17:27] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 17:26] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 17:02] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-11-15 02:00] S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2005-12-20 01:07] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 02:28] S4 RsFx0102;RsFx0102 Driver;C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 02:49] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 02:28] *Newly Created Service* - PROCEXP90 . Inhoud van de 'Gedeelde Taken' map 2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . - - - - ORPHANS REMOVED - - - - BHO-{108B77FC-1368-4D9D-8302-0EB3C66B8128} - C:\WINDOWS\system32\cbXRKCUN.dll HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 -: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab C:\WINDOWS\Downloaded Program Files\IPSUploader4.inf C:\WINDOWS\system32\unicows.dll C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx O16 -: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/int/EasyUpload/ImgUploader.cab C:\WINDOWS\Downloaded Program Files\ImgUploader.inf C:\WINDOWS\libcurl.dll C:\WINDOWS\ImgUploaderLang_7.dll C:\WINDOWS\ImgUploaderLang_3.dll C:\WINDOWS\ImgUploaderLang_2.dll C:\WINDOWS\ImgUploaderLang_1.dll C:\WINDOWS\ImgUploaderLang_0.dll C:\WINDOWS\Downloaded Program Files\ImgUploader.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 15:21:46 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-08-31 15:24:01 ComboFix-quarantined-files.txt 2008-08-31 13:23:38 Pre-Run: 38,229,471,232 bytes beschikbaar Post-Run: 38,544,863,232 bytes beschikbaar 252 --- E O F --- 2008-08-29 20:25:27 see you |
|
|
|
|
Aug 31 2008, 01:36 PM
Post
#4
|
|
|
Forum Addict Group: HJT Team Posts: 2,353 Joined: 12-December 05 From: Belgium Member No.: 44,294 |
Hello Jean-Marc,
You haven't installed the Recovery Console ! Please do so first as a security precaution. Then, let's clean up some more : Open Notepad - don't use any other texteditor than Notepad or the script will fail ! Copy/paste the bold, blue text below into an empty notepad window:
Collect::[9] C:\WINDOWS\rodqgpvlqks.dll C:\WINDOWS\qalkfxor.dll C:\WINDOWS\pdoskegl.dll C:\WINDOWS\rvoelbxt.exe C:\WINDOWS\rqbmvpso.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82FE7773-FD0D-4303-88BE-CC13735BF5E8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{430C60E7-36D5-4BC3-8783-02B7FB0E966E}"=- Then drag the CFScript into ComboFix.exe as you see in the screenshot below.  This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog. When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file C:\QooBox\Quarantine\[9]-Submit_Date_Time.zip. Are you still having problems ? Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ...
----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference |
|
|
|