Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Userinit, Rundll32, Cmd ... Give 0xc0000005 Error


  • This topic is locked This topic is locked
10 replies to this topic

#1 Renni

Renni

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 07 July 2008 - 11:50 AM

Dear,

Since a couple of weeks my parents are suffering from a lot of 0xc0000005 -errors.
When starting up they have two userinit.exe errors, after that they have two rundll32.exe errors.
When I try to run the command prompt, it also gives an error.

It's really unpleasant and I hope someone can help me out here. (I saw that someone with the same problem also got helped in this topic)

The DSS-report:

main.txt

Deckard's System Scanner v20071014.68
Run by Laser on 2008-07-07 18:30:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-07-07 16:31:17 UTC - RP263 - Deckard's System Scanner Restore Point
80: 2008-07-06 16:43:18 UTC - RP262 - ComboFix created restore point
79: 2008-07-05 12:02:15 UTC - RP261 - ComboFix created restore point
78: 2008-07-05 10:59:34 UTC - RP260 - Avg8 Update
77: 2008-07-05 10:53:41 UTC - RP259 - Avg8 Update


-- First Restore Point --
1: 2008-06-14 17:24:28 UTC - RP183 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).


-- HijackThis (run as Laser.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:45, on 7/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Laser\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Laser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://misselle1986.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll dqfntsgl.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8701 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080705-170149-229 O2 - BHO: (no name) - {41A13DD0-CFC3-4A88-987B-2EAF8547B37E} - C:\WINDOWS\system32\mlJYqpqQ.dll (file missing)
backup-20080705-170149-938 O2 - BHO: {ab169888-da1a-cb0a-fa24-781fb958ce50} - {05ec859b-f187-42af-a0bc-a1ad888961ba} - C:\WINDOWS\system32\btpioftr.dll (file missing)
backup-20080705-170149-946 O2 - BHO: (no name) - {7CFF4993-4431-4E77-809D-F72F91ADAAEE} - C:\WINDOWS\system32\hgGawWMG.dll (file missing)
backup-20080706-182900-730 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
backup-20080706-182901-131 O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
backup-20080706-182901-209 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
backup-20080706-182901-462 O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
backup-20080706-182901-528 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
backup-20080706-182901-580 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
backup-20080706-182901-655 O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
backup-20080706-182901-732 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
backup-20080706-182901-766 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080706-182901-839 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080706-182901-934 O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
backup-20080706-182901-941 O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 windrvNT - c:\windows\system32\windrvnt.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys

S3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys
S3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"

S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-06 18:59:59 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-07-06 18:00:40 402 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-07-05 21:02:21 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-05-12 23:24:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-05 21:46:00 0 d-------- C:\Documents and Settings\Laser\Application Data\True Sword
2008-07-05 21:45:17 356352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-07-05 21:45:16 81920 --a------ C:\WINDOWS\eSellerateControl350.dll
2008-07-05 21:45:06 0 d-------- C:\WINDOWS\system32\backuped
2008-07-05 21:45:06 0 d-------- C:\Program Files\True Sword 4
2008-07-05 21:01:59 0 d-------- C:\Program Files\RegCure
2008-07-05 16:47:52 0 d-------- C:\Program Files\Trend Micro
2008-07-05 15:03:52 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-07-05 15:03:49 53248 --a------ C:\WINDOWS\system32\suppdll.dll
2008-07-05 15:03:23 73728 --a------ C:\WINDOWS\system32\FLKill.exe
2008-07-05 15:02:58 0 d-------- C:\Program Files\Folder Lock
2008-07-05 14:50:19 4722688 --a------ C:\WINDOWS\system32\AGZNQPP
2008-07-05 14:35:54 0 d-------- C:\WINDOWS\pss
2008-07-05 14:03:14 0 d-------- C:\cmdcons
2008-07-05 14:01:05 68096 --a------ C:\WINDOWS\zip.exe
2008-07-05 14:01:05 161792 --a------ C:\WINDOWS\swreg.exe
2008-07-05 14:01:05 80412 --a------ C:\WINDOWS\grep.exe
2008-07-05 14:01:04 98816 --a------ C:\WINDOWS\sed.exe
2008-07-05 14:01:04 89504 --a------ C:\WINDOWS\fdsv.exe
2008-07-05 14:01:03 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-05 14:00:57 136704 --a------ C:\WINDOWS\swsc.exe
2008-07-05 14:00:55 212480 --a------ C:\WINDOWS\swxcacls.exe
2008-07-05 13:10:25 0 d-------- C:\Documents and Settings\Laser\Application Data\Malwarebytes
2008-07-05 13:10:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 13:10:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 22:57:59 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-04 22:57:59 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-07-04 22:57:59 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-07-04 22:57:59 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-04 22:57:59 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-07-04 22:57:59 0 dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-04 22:57:59 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-07-04 22:57:59 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-04 22:57:59 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-04 22:37:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-04 22:37:01 0 d-------- C:\Documents and Settings\Administrator\Favorieten
2008-07-04 22:37:01 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-04 22:37:00 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-07-04 22:37:00 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-04 22:36:40 0 d-------- C:\WINDOWS\CSC
2008-07-04 21:39:30 0 d-------- C:\Documents and Settings\Laser\Application Data\ErrorSmart
2008-07-04 21:38:38 0 d-------- C:\Program Files\ErrorSmart
2008-06-24 15:55:36 136704 --a------ C:\WINDOWS\system32\dqfntsgl.dll
2008-06-22 18:56:40 0 d--h----- C:\$AVG8.VAULT$
2008-06-22 18:32:31 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 18:32:07 0 d-------- C:\Program Files\AVG
2008-06-22 18:32:07 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-18 14:09:54 0 d-------- C:\Program Files\MSXML 6.0
2008-06-18 14:03:40 0 d-------- C:\Program Files\MSXML 4.0


-- Find3M Report ---------------------------------------------------------------

2008-07-06 20:27:51 159001 --a------ C:\WINDOWS\hpoins21.dat
2008-07-06 19:14:56 0 d-------- C:\Documents and Settings\Laser\Application Data\Skype
2008-07-06 18:29:20 0 d-------- C:\Program Files\Google
2008-07-06 18:03:03 0 d-------- C:\Documents and Settings\Laser\Application Data\skypePM
2008-07-05 21:10:42 0 d-------- C:\Program Files\NVIDIA Corporation
2008-06-22 18:16:16 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-24 18:51:30 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-24 18:48:39 0 d-------- C:\Program Files\Skype
2008-05-24 18:48:33 0 d-------- C:\Program Files\Common Files\Skype
2008-05-24 18:48:32 0 d-------- C:\Program Files\Common Files
2008-05-16 09:07:39 0 d-------- C:\Documents and Settings\Laser\Application Data\HPAppData
2008-05-14 15:45:01 0 d-------- C:\Documents and Settings\Laser\Application Data\HP
2008-05-14 15:40:10 0 d-------- C:\Program Files\HP
2008-05-14 15:35:07 0 d-------- C:\Program Files\Common Files\HP
2008-05-14 15:34:06 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-14 15:33:38 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-04 00:01:43 506180 --a------ C:\WINDOWS\system32\perfh013.dat
2008-05-04 00:01:43 90232 --a------ C:\WINDOWS\system32\perfc013.dat


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-07-07 18:35:41 ------------






extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: Intel« Celeron« CPU 1.70GHz
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 511.48 MiB / 107.61 MiB
Pagefile Memory (total/avail): 1250.08 MiB / 648.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.28 GiB total, 20.74 GiB free.
D: is Fixed (NTFS) - 37.27 GiB total, 32.36 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SV8004H - 74.56 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.28 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 37.27 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------



-- User Profiles ---------------------------------------------------------------

Laser (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type977 / Warning
Event Submitted/Written: 07/04/2008 10:39:50 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
Provider OffProv11 is geregistreerd in de WMI-naamruimte (Root\MSAPPS11), maar heeft de eigenschap HostingModel niet opgegeven. Deze provider wordt uitgevoerd met de account LocalSystem. Deze account heeft bepaalde bevoegdheden en de provider veroorzaakt mogelijk een beveiligingsprobleem als gebruikersaanvragen niet juist worden verwerkt. Zorg ervoor dat de provider is gecontroleerd op het beveiligingsgedrag en werk de eigenschap HostingModel van de providerregistratie bij tot een account met de minimaal benodigde bevoegdheden voor de vereiste funtionaliteit.

Event Record #/Type976 / Warning
Event Submitted/Written: 07/04/2008 10:39:50 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
Provider OffProv11 is geregistreerd in de WMI-naamruimte (Root\MSAPPS11), maar heeft de eigenschap HostingModel niet opgegeven. Deze provider wordt uitgevoerd met de account LocalSystem. Deze account heeft bepaalde bevoegdheden en de provider veroorzaakt mogelijk een beveiligingsprobleem als gebruikersaanvragen niet juist worden verwerkt. Zorg ervoor dat de provider is gecontroleerd op het beveiligingsgedrag en werk de eigenschap HostingModel van de providerregistratie bij tot een account met de minimaal benodigde bevoegdheden voor de vereiste funtionaliteit.

Event Record #/Type974 / Error
Event Submitted/Written: 07/04/2008 10:33:28 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: ErrorSmart -- A later version of ErrorSmart is already installed.

Event Record #/Type972 / Error
Event Submitted/Written: 07/04/2008 10:32:36 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: ErrorSmart -- A later version of ErrorSmart is already installed.

Event Record #/Type930 / Error
Event Submitted/Written: 06/29/2008 02:28:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.3156, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11791 / Error
Event Submitted/Written: 07/07/2008 06:23:30 PM
Event ID/Source: 1002 / Dhcp
Event Description:
De IP-adreslease 192.168.1.100 voor de netwerkkaart met netwerkadres 000180106059 is geweigerd
door de DHCP-server 192.168.1.1. De DHCP-server heeft een DHCPNACK-bericht gezonden.

Event Record #/Type11790 / Warning
Event Submitted/Written: 07/07/2008 06:23:24 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Deze computer kan het netwerkadres niet vernieuwen (van de DHCP-
server) voor de netwerkkaart met netwerkadres 000180106059. De volgende fout is
opgetreden:
%%1223.
De computer zal doorgaan om zelf een adres van de netwerkadresserver
(DHCP-server) proberen te krijgen.

Event Record #/Type11787 / Error
Event Submitted/Written: 07/06/2008 09:45:17 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: stisvc.

Event Record #/Type11781 / Warning
Event Submitted/Written: 07/06/2008 08:19:17 PM
Event ID/Source: 20 / Print
Event Description:
Printerstuurprogramma HP Photosmart C6200 series voor Windows NT x86 Version-3 is toegevoegd of bijgewerkt. Bestanden: - UNIDRV.DLL, UNIDRVUI.DLL, hpo62003.GPD, UNIDRV.HLP, hpo6200a.ini, hpzst5ha.dll, hpz3c5ha.dll, hpzur5ha.dll, hpoc6200.xml, hpzsc5ha.dtd, hpzui5ha.dll, hpz3r5ha.dll, hpzpr5ha.dll, hpcdmc32.dll, hpbcfgre.dll, hpoc6200.exp, hpzsm5ha.gpd, hpz3m5ha.gpd, hpzev5ha.dll, hpzhl5ha.cab, STDNAMES.GPD, hpz3a5ha.dll, hpzss5ha.dll, hpfie5ha.dll, hpfig5ha.dll, hpfrs5ha.dll, hpfcn071.rpo, hpzc35ha.dll, HPBMIAPI.DLL, HPBOID.DLL, HPBOIDPS.DLL, HPBPRO.DLL, HPBPROPS.DLL, HPZIPM12.DLL, HPZINW12.DLL, HPZIPT12.DLL, HPZIPR12.DLL, HPZISN12.DLL, HPZIDR12.DLL, HPBNRAC2.DLL, HPBMINI.DLL, HPCEAC06.HPI, HPJCMN2U.DLL, HPJIPX1U.DLL, HPPAPTS0.DLL, HPPASNM0.DLL, HPPAPML0.DLL, UNIRES.DLL.

Event Record #/Type11778 / Error
Event Submitted/Written: 07/06/2008 08:15:05 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel« PRO/100 VE Network Connection: adapterverbinding verbroken



-- End of Deckard's System Scanner: finished at 2008-07-07 18:35:41 ------------





Hope someone can help me out. If you need more information or other scan reports, just tell me.


( ps: sorry for my English, I'm Dutch ;) )

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 AM

Posted 08 July 2008 - 07:21 AM

Hoi,

Lijkt me beter om je in het Nederlands te helpen...

Ik zie dat Regcure al de volledige lijst in je Software > programma's wijzigen/verwijderen heeft verwijderd. Dat is het nadeel van het gebruiken van "RegisterCleaners", want deze kunnen dit gevolg hebben. Helaas kan je de programma's die het daar heeft verwijdert niet meer terugkrijgen in die lijst. Geen nood, dit gaat enkel over registersleutels, de programma's zelf zijn nog intact.

Doe het volgende... * Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.

http://www.bleepingcomputer.com/combofix/n...ruikt-te-worden

Voer dus de instructies op die pagina uit, dus inclusief het installeren van de XP Recovery Console.
(Indien je geen XP hebt, mag je deze stap ivm de Recovery Console overslaan)

Daarna post je de log van Combofix in je volgende post samen met een nieuw HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Renni

Renni
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 10 July 2008 - 11:44 AM

Hey,

Leuk dat we in het Nederlands kunnen verder gaan!


Sorry voor de late reactie maar ik zat afgelope dagen aan zee ;)


Ik heb gedaan wat je gevraagd hebt en hieronder zijn de logs:


Combofix log

ComboFix 08-07-04.5 - Laser 2008-07-10 18:22:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.108 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Laser\Bureaublad\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))
.

2008-07-06 22:17 . 2008-07-06 22:17 <DIR> d-------- C:\Deckard
2008-07-05 23:31 . 2004-08-04 03:03 33,792 --a------ C:\WINDOWS\system32\rundll32.exe
2008-07-05 21:46 . 2008-07-05 21:46 <DIR> d-------- C:\Documents and Settings\Laser\Application Data\True Sword
2008-07-05 21:45 . 2008-07-05 21:45 <DIR> d-------- C:\WINDOWS\system32\backuped
2008-07-05 21:45 . 2008-07-05 21:46 <DIR> d-------- C:\Program Files\True Sword 4
2008-07-05 21:45 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-07-05 21:45 . 2003-06-06 11:21 81,920 --a------ C:\WINDOWS\eSellerateControl350.dll
2008-07-05 21:01 . 2008-07-05 21:12 <DIR> d-------- C:\Program Files\RegCure
2008-07-05 16:47 . 2008-07-05 16:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 16:45 . 2008-07-05 02:05 <DIR> d-------- C:\SDFix
2008-07-05 15:03 . 2002-12-25 09:44 380,928 --a------ C:\WINDOWS\system32\vaultskn.ocx
2008-07-05 15:03 . 2005-04-11 16:40 73,728 --a------ C:\WINDOWS\system32\FLKill.exe
2008-07-05 15:03 . 2008-07-05 15:03 53,248 --a------ C:\WINDOWS\system32\suppdll.dll
2008-07-05 15:03 . 2008-07-05 15:03 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-07-05 15:03 . 1999-04-23 22:22 20,992 --a------ C:\WINDOWS\system32\hhopen.ocx
2008-07-05 15:02 . 2008-07-05 15:13 <DIR> d-------- C:\Program Files\Folder Lock
2008-07-05 14:50 . 2008-07-05 14:50 4,722,688 --a------ C:\WINDOWS\system32\AGZNQPP
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Documents and Settings\Laser\Application Data\Malwarebytes
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 13:10 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 13:10 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-07-04 22:57 . 2008-07-05 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-04 22:57 . 2008-07-05 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-07-04 22:37 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-07-04 22:37 . 2007-07-09 21:19 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-07-04 22:37 . 2008-07-04 22:57 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-04 21:39 . 2008-07-04 22:57 <DIR> d-------- C:\Documents and Settings\Laser\Application Data\ErrorSmart
2008-07-04 21:38 . 2008-07-04 22:57 <DIR> d-------- C:\Program Files\ErrorSmart
2008-06-24 15:55 . 2008-06-24 15:55 136,704 --a------ C:\WINDOWS\system32\dqfntsgl.dll
2008-06-22 21:51 . 2008-06-22 21:51 244 --ah----- C:\sqmnoopt18.sqm
2008-06-22 21:51 . 2008-06-22 21:51 232 --ah----- C:\sqmdata18.sqm
2008-06-22 21:50 . 2008-06-22 21:50 244 --ah----- C:\sqmnoopt17.sqm
2008-06-22 21:50 . 2008-06-22 21:50 232 --ah----- C:\sqmdata17.sqm
2008-06-22 19:36 . 2008-06-22 19:36 244 --ah----- C:\sqmnoopt16.sqm
2008-06-22 19:36 . 2008-06-22 19:36 232 --ah----- C:\sqmdata16.sqm
2008-06-22 18:56 . 2008-07-07 19:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-22 18:32 . 2008-07-10 18:21 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 18:32 . 2008-06-22 18:32 <DIR> d-------- C:\Program Files\AVG
2008-06-22 18:32 . 2008-06-22 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-22 18:32 . 2008-07-05 12:56 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-22 18:32 . 2008-06-22 18:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-06-22 18:32 . 2008-07-05 12:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 13:08 . 2008-07-06 17:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-22 13:08 . 2008-06-22 13:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-18 14:09 . 2008-06-18 14:09 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-18 14:03 . 2008-06-18 14:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-18 14:03 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-18 13:56 . 2008-04-23 06:21 6,068,224 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-18 13:56 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-18 13:56 . 2007-03-08 07:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-18 13:56 . 2008-04-23 06:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-18 13:56 . 2008-04-23 06:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-18 13:56 . 2008-04-23 06:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-18 13:56 . 2008-04-23 06:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-18 13:56 . 2008-04-23 06:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-18 13:56 . 2008-04-22 10:02 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-18 13:52 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-18 13:52 . 2008-06-14 20:00 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 16:19 --------- d-----w C:\Documents and Settings\Laser\Application Data\skypePM
2008-07-10 16:18 --------- d-----w C:\Documents and Settings\Laser\Application Data\Skype
2008-07-06 16:29 --------- d-----w C:\Program Files\Google
2008-07-05 19:10 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-06-22 16:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-22 16:16 --------- d-----w C:\Program Files\ESET
2008-05-24 16:48 --------- d-----w C:\Program Files\Skype
2008-05-24 16:48 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-24 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-16 07:07 --------- d-----w C:\Documents and Settings\Laser\Application Data\HPAppData
2008-05-14 13:45 --------- d-----w C:\Documents and Settings\Laser\Application Data\HP
2008-05-14 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-14 13:40 --------- d-----w C:\Program Files\HP
2008-05-14 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-14 13:35 --------- d-----w C:\Program Files\Common Files\HP
2008-05-14 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-14 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-14 13:34 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-14 13:33 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-14 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-07 05:03 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:21 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2007-07-09 19:25 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007070920070710\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_18.51.10,53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 15:56:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 16:13:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-29 04:43:22 158,983 ----a-w C:\WINDOWS\hpoins21.dat
+ 2008-07-06 18:27:51 159,001 ----a-w C:\WINDOWS\hpoins21.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Picasa Media Detector"="C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-10 22:22 950664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 12:58 1232152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll dqfntsgl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 12:56]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 12:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Inhoud van de 'Gedeelde Taken' map
"2008-05-12 21:24:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-06 16:00:40 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-07-10 16:14:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-05 19:02:21 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 18:27:47
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden:

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\dqfntsgl.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\dqfntsgl.dll
.
Voltooingstijd: 2008-07-10 18:30:25
ComboFix-quarantined-files.txt 2008-07-10 16:30:03
ComboFix2.txt 2008-07-06 16:52:17
ComboFix3.txt 2008-07-05 16:22:33
ComboFix4.txt 2008-07-05 12:28:44

Pre-Run: 22,307,926,016 bytes beschikbaar
Post-Run: 22,331,056,128 bytes beschikbaar

201 --- E O F --- 2008-07-05 19:24:26







HijackThis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:43, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://misselle1986.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll dqfntsgl.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8567 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 AM

Posted 10 July 2008 - 11:56 AM

Hoi,

Eerst en vooral de´nstalleer Regcure en Errorsmart, want deze zijn beiden ten sterkste afgeraden. Alsook, de´nstalleer Folderlock voorlopig, want deze kan serieuze problemen opleveren wanneer tools worden gebruikt om malware te verwijderen.
Daarna herstart je je pc.
Na herstart,

* Open kladblok - Gebruik geen enkele andere texteditor dan kladblok het script zal falen!
Kopieer en plak hetgeen hieronder vetgedrukt staat in kladblok:

File::
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\system32\dqfntsgl.dll
Folder::
C:\Program Files\RegCure
C:\Program Files\ErrorSmart
C:\Documents and Settings\Laser\Application Data\ErrorSmart
Filelook::
C:\WINDOWS\system32\AGZNQPP
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="avgrsstx.dll"


Sla dit op als tekstbestand CFScript

Daarna sleep je de CFScript in ComboFix.exe zoals je in onderstaande screenshot ziet:

Posted Image

Dit zal Combofix opnieuw starten. Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende post samen met een nieuw HijackThislog.

Kan het kloppen dat je zelf rundll32.exe eerder had verwijdert en daarna hebt teruggeplaatst? Want het is een legitiem bestand en ik zie dat deze recent werd geplaatst.

Edited by miekiemoes, 10 July 2008 - 11:57 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Renni

Renni
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 10 July 2008 - 01:19 PM

Kan het kloppen dat je zelf rundll32.exe eerder had verwijdert en daarna hebt teruggeplaatst? Want het is een legitiem bestand en ik zie dat deze recent werd geplaatst.

Dit heb ik niet gedaan, maar een kennis. Maar dat is dus wel gebeurd ja... Hij dacht dat dit het probleem moest oplossen, maar niet dus.


Ik heb gedaan wat je gevraagd hebt en hieronder zijn de logs (moest trouwens niet heropstarten)

Combofix Log

ComboFix 08-07-04.5 - Laser 2008-07-10 19:43:57.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.94 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Laser\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laser\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active


FILE ::
C:\WINDOWS\system32\dqfntsgl.dll
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Laser\Application Data\ErrorSmart
C:\Documents and Settings\Laser\Application Data\ErrorSmart\Log\2008 Jul 06 - 05_59_28 PM_359.log
C:\Documents and Settings\Laser\Application Data\ErrorSmart\Registry Backups\2008-07-04_22-15-10.reg
C:\WINDOWS\system32\dqfntsgl.dll
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))
.

2008-07-10 18:38 . 2008-07-10 18:38 268 --ah----- C:\sqmdata19.sqm
2008-07-10 18:38 . 2008-07-10 18:38 244 --ah----- C:\sqmnoopt19.sqm
2008-07-06 22:17 . 2008-07-06 22:17 <DIR> d-------- C:\Deckard
2008-07-05 23:31 . 2004-08-04 03:03 33,792 --a------ C:\WINDOWS\system32\rundll32.exe
2008-07-05 21:46 . 2008-07-05 21:46 <DIR> d-------- C:\Documents and Settings\Laser\Application Data\True Sword
2008-07-05 21:45 . 2008-07-05 21:45 <DIR> d-------- C:\WINDOWS\system32\backuped
2008-07-05 21:45 . 2008-07-05 21:46 <DIR> d-------- C:\Program Files\True Sword 4
2008-07-05 21:45 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-07-05 21:45 . 2003-06-06 11:21 81,920 --a------ C:\WINDOWS\eSellerateControl350.dll
2008-07-05 16:47 . 2008-07-05 16:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 16:45 . 2008-07-05 02:05 <DIR> d-------- C:\SDFix
2008-07-05 15:03 . 2002-12-25 09:44 380,928 --a------ C:\WINDOWS\system32\vaultskn.ocx
2008-07-05 15:03 . 2005-04-11 16:40 73,728 --a------ C:\WINDOWS\system32\FLKill.exe
2008-07-05 15:03 . 1999-04-23 22:22 20,992 --a------ C:\WINDOWS\system32\hhopen.ocx
2008-07-05 15:03 . 2008-07-10 19:28 20 --a------ C:\sccfg.sys
2008-07-05 14:50 . 2008-07-05 14:50 4,722,688 --a------ C:\WINDOWS\system32\AGZNQPP
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Documents and Settings\Laser\Application Data\Malwarebytes
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 13:10 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 13:10 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-07-04 22:57 . 2008-07-05 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-04 22:57 . 2008-07-05 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-07-04 22:37 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-07-04 22:37 . 2007-07-09 21:19 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-07-04 22:37 . 2008-07-04 22:57 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-22 21:51 . 2008-06-22 21:51 244 --ah----- C:\sqmnoopt18.sqm
2008-06-22 21:51 . 2008-06-22 21:51 232 --ah----- C:\sqmdata18.sqm
2008-06-22 21:50 . 2008-06-22 21:50 244 --ah----- C:\sqmnoopt17.sqm
2008-06-22 21:50 . 2008-06-22 21:50 232 --ah----- C:\sqmdata17.sqm
2008-06-22 19:36 . 2008-06-22 19:36 244 --ah----- C:\sqmnoopt16.sqm
2008-06-22 19:36 . 2008-06-22 19:36 232 --ah----- C:\sqmdata16.sqm
2008-06-22 18:56 . 2008-07-07 19:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-22 18:32 . 2008-07-10 18:21 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 18:32 . 2008-06-22 18:32 <DIR> d-------- C:\Program Files\AVG
2008-06-22 18:32 . 2008-06-22 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-22 18:32 . 2008-07-05 12:56 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-22 18:32 . 2008-06-22 18:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-06-22 18:32 . 2008-07-05 12:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 13:08 . 2008-07-06 17:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-22 13:08 . 2008-06-22 13:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-18 14:09 . 2008-06-18 14:09 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-18 14:03 . 2008-06-18 14:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-18 14:03 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-18 13:56 . 2008-04-23 06:21 6,068,224 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-18 13:56 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-18 13:56 . 2007-03-08 07:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-18 13:56 . 2008-04-23 06:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-18 13:56 . 2008-04-23 06:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-18 13:56 . 2008-04-23 06:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-18 13:56 . 2008-04-23 06:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-18 13:56 . 2008-04-23 06:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-18 13:56 . 2008-04-22 10:02 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-18 13:52 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-18 13:52 . 2008-06-14 20:00 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 17:37 --------- d-----w C:\Documents and Settings\Laser\Application Data\Skype
2008-07-10 16:19 --------- d-----w C:\Documents and Settings\Laser\Application Data\skypePM
2008-07-06 16:29 --------- d-----w C:\Program Files\Google
2008-07-05 19:10 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-06-22 16:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-22 16:16 --------- d-----w C:\Program Files\ESET
2008-05-24 16:48 --------- d-----w C:\Program Files\Skype
2008-05-24 16:48 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-24 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-16 07:07 --------- d-----w C:\Documents and Settings\Laser\Application Data\HPAppData
2008-05-14 13:45 --------- d-----w C:\Documents and Settings\Laser\Application Data\HP
2008-05-14 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-14 13:40 --------- d-----w C:\Program Files\HP
2008-05-14 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-14 13:35 --------- d-----w C:\Program Files\Common Files\HP
2008-05-14 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-14 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-14 13:34 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-14 13:33 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-14 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-07 05:03 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:21 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2007-07-09 19:25 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007070920070710\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AGZNQPP -- Not a PE file.
MD5: be19efcb99e47c70b42ff19f29827781


((((((((((((((((((((((((((((( snapshot@2008-07-06_18.51.10,53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 15:56:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 17:50:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-29 04:43:22 158,983 ----a-w C:\WINDOWS\hpoins21.dat
+ 2008-07-06 18:27:51 159,001 ----a-w C:\WINDOWS\hpoins21.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Picasa Media Detector"="C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-10 22:22 950664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 12:58 1232152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 12:56]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 12:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Inhoud van de 'Gedeelde Taken' map
"2008-05-12 21:24:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 19:52:10
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


C:\WINDOWS\TEMP\371ee260-f6b0-42be-a122-511d2286ee2d.tmp

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Voltooingstijd: 2008-07-10 20:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 18:02:43
ComboFix2.txt 2008-07-10 16:30:28
ComboFix3.txt 2008-07-06 16:52:17
ComboFix4.txt 2008-07-05 16:22:33
ComboFix5.txt 2008-07-05 12:28:44

Pre-Run: 22,293,995,520 bytes beschikbaar
Post-Run: 22,286,753,792 bytes beschikbaar

219 --- E O F --- 2008-07-05 19:24:26






HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:17, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://misselle1986.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8788 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 AM

Posted 10 July 2008 - 01:30 PM

Hoi,

Heb je enig idee wat dit bestand is?

C:\WINDOWS\system32\AGZNQPP
Het is 4MB groot.. dus ik weet niet of het groot genoeg is om te uploaden. Probeer alvast eens, dus Ga naar deze pagina.
Plaats de url van deze thread in het eerste veld.
Waar het zegt, "browse to the file that you want to submit", Klik de "blader knop" ernaast en blader naar volgende bestand, selecteer het en klik daarna op ok:

C:\WINDOWS\system32\AGZNQPP

Daarna klik de Send File knop onderaan.

We zullen CFScript nog eens moeten gebruiken, dus.. * Open kladblok - Gebruik geen enkele andere texteditor dan kladblok het script zal falen!
Kopieer en plak hetgeen hieronder vetgedrukt staat in kladblok:

Rootkit::
C:\WINDOWS\TEMP\371ee260-f6b0-42be-a122-511d2286ee2d.tmp


Sla dit op als tekstbestand CFScript

Daarna sleep je de CFScript in ComboFix.exe zoals je in onderstaande screenshot ziet:

Posted Image

Dit zal Combofix opnieuw starten. Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende post samen met een nieuw HijackThislog.


Daarna,

Download deze tool: http://www2.gmer.net/mbr/mbr.exe
Plaats hem op je bureaublad en dubbelklik erop om de tool te starten.
Er wordt een logje geprodueerd dat mbr.log noemt.
Open het en post de inhoud ook.

Edited by miekiemoes, 10 July 2008 - 01:31 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Renni

Renni
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 10 July 2008 - 02:14 PM

Hey!

Het bestand is naar deze locatie geupload: http://renni.dumpspace.be/AGZNQPP


Combofix Log


ComboFix 08-07-04.5 - Laser 2008-07-10 20:50:22.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.130 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Laser\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laser\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\TEMP\371ee260-f6b0-42be-a122-511d2286ee2d.tmp

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))
.

2008-07-10 18:38 . 2008-07-10 18:38 268 --ah----- C:\sqmdata19.sqm
2008-07-10 18:38 . 2008-07-10 18:38 244 --ah----- C:\sqmnoopt19.sqm
2008-07-06 22:17 . 2008-07-06 22:17 <DIR> d-------- C:\Deckard
2008-07-05 23:31 . 2004-08-04 03:03 33,792 --a------ C:\WINDOWS\system32\rundll32.exe
2008-07-05 21:46 . 2008-07-05 21:46 <DIR> d-------- C:\Documents and Settings\Laser\Application Data\True Sword
2008-07-05 21:45 . 2008-07-05 21:45 <DIR> d-------- C:\WINDOWS\system32\backuped
2008-07-05 21:45 . 2008-07-05 21:46 <DIR> d-------- C:\Program Files\True Sword 4
2008-07-05 21:45 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-07-05 21:45 . 2003-06-06 11:21 81,920 --a------ C:\WINDOWS\eSellerateControl350.dll
2008-07-05 16:47 . 2008-07-05 16:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 16:45 . 2008-07-05 02:05 <DIR> d-------- C:\SDFix
2008-07-05 15:03 . 2002-12-25 09:44 380,928 --a------ C:\WINDOWS\system32\vaultskn.ocx
2008-07-05 15:03 . 2005-04-11 16:40 73,728 --a------ C:\WINDOWS\system32\FLKill.exe
2008-07-05 15:03 . 1999-04-23 22:22 20,992 --a------ C:\WINDOWS\system32\hhopen.ocx
2008-07-05 15:03 . 2008-07-10 19:28 20 --a------ C:\sccfg.sys
2008-07-05 14:50 . 2008-07-05 14:50 4,722,688 --a------ C:\WINDOWS\system32\AGZNQPP
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Documents and Settings\Laser\Application Data\Malwarebytes
2008-07-05 13:10 . 2008-07-05 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 13:10 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 13:10 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-07-04 22:57 . 2008-07-05 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-07-04 22:57 . 2008-07-04 22:57 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-04 22:57 . 2008-07-05 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-07-04 22:37 . 2008-07-04 22:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-07-04 22:37 . 2007-07-09 21:19 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-07-04 22:37 . 2008-07-04 22:57 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-22 21:51 . 2008-06-22 21:51 244 --ah----- C:\sqmnoopt18.sqm
2008-06-22 21:51 . 2008-06-22 21:51 232 --ah----- C:\sqmdata18.sqm
2008-06-22 21:50 . 2008-06-22 21:50 244 --ah----- C:\sqmnoopt17.sqm
2008-06-22 21:50 . 2008-06-22 21:50 232 --ah----- C:\sqmdata17.sqm
2008-06-22 19:36 . 2008-06-22 19:36 244 --ah----- C:\sqmnoopt16.sqm
2008-06-22 19:36 . 2008-06-22 19:36 232 --ah----- C:\sqmdata16.sqm
2008-06-22 18:56 . 2008-07-07 19:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-22 18:32 . 2008-07-10 18:21 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 18:32 . 2008-06-22 18:32 <DIR> d-------- C:\Program Files\AVG
2008-06-22 18:32 . 2008-06-22 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-22 18:32 . 2008-07-05 12:56 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-22 18:32 . 2008-06-22 18:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-06-22 18:32 . 2008-07-05 12:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 13:08 . 2008-07-06 17:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-22 13:08 . 2008-06-22 13:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-18 14:09 . 2008-06-18 14:09 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-18 14:03 . 2008-06-18 14:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-18 14:03 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-18 13:56 . 2008-04-23 06:21 6,068,224 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-18 13:56 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-18 13:56 . 2007-03-08 07:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-18 13:56 . 2008-04-23 06:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-18 13:56 . 2008-04-23 06:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-18 13:56 . 2008-04-23 06:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-18 13:56 . 2008-04-23 06:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-18 13:56 . 2008-04-23 06:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-18 13:56 . 2008-04-22 10:02 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-18 13:52 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-18 13:52 . 2008-06-14 20:00 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 17:37 --------- d-----w C:\Documents and Settings\Laser\Application Data\Skype
2008-07-10 16:19 --------- d-----w C:\Documents and Settings\Laser\Application Data\skypePM
2008-07-06 16:29 --------- d-----w C:\Program Files\Google
2008-07-05 19:10 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-06-22 16:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-22 16:16 --------- d-----w C:\Program Files\ESET
2008-05-24 16:48 --------- d-----w C:\Program Files\Skype
2008-05-24 16:48 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-24 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-16 07:07 --------- d-----w C:\Documents and Settings\Laser\Application Data\HPAppData
2008-05-14 13:45 --------- d-----w C:\Documents and Settings\Laser\Application Data\HP
2008-05-14 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-14 13:40 --------- d-----w C:\Program Files\HP
2008-05-14 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-14 13:35 --------- d-----w C:\Program Files\Common Files\HP
2008-05-14 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-14 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-14 13:34 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-14 13:33 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-14 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-07 05:03 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:21 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2007-07-09 19:25 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007070920070710\index.dat
2007-07-09 19:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_18.51.10,53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 15:56:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 18:56:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-29 04:43:22 158,983 ----a-w C:\WINDOWS\hpoins21.dat
+ 2008-07-06 18:27:51 159,001 ----a-w C:\WINDOWS\hpoins21.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Picasa Media Detector"="C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-10 22:22 950664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 12:58 1232152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 12:56]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 12:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Inhoud van de 'Gedeelde Taken' map
"2008-05-12 21:24:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 20:58:40
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Voltooingstijd: 2008-07-10 21:09:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 19:09:10
ComboFix2.txt 2008-07-10 18:03:19
ComboFix3.txt 2008-07-10 16:30:28
ComboFix4.txt 2008-07-06 16:52:17
ComboFix5.txt 2008-07-05 16:22:33

Pre-Run: 22,296,109,056 bytes beschikbaar
Post-Run: 22,284,976,128 bytes beschikbaar

206 --- E O F --- 2008-07-05 19:24:26



HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:20, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Documents and Settings\Laser\Bureaublad\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://misselle1986.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8783 bytes




MBR Log


Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 AM

Posted 10 July 2008 - 02:26 PM

Hoi,

Kan je dit bestand terug verwijderen vanop je webspace: http://renni.dumpspace.be/AGZNQPP want het is niet de bedoeling dat iedereen dit kan zien.
Het bevat keystrokes - dus maw, je paswoorden etc zijn geweten, want je mailadres, pass, andere info van je pc etc staat er allemaal in.
Dus, kortom, je moet alle paswoorden veranderen.
Dus, verwijder ook het bestand AGZNQPP die in je system32 map staat.
Je had dus blijkbaar met malware te maken die al je paswoorden etc van je pc verzamelde.

Daarna, Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

* Download Java Runtime Environment (JRE) 6 Update 7.
  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 7".
  • Klik op de "Download" knop aan de rechterkant.
  • Voor Platform kies je "Windows"
  • Voor Language kies je " Nederlands" indien aanwezig - indien je geen Nederlands kan selecteren, kies dan "English"
  • Lees de License Agreement en vink daarna het vakje aan waar er staat: "I agree to the Java SE Runtime Environment 6 License Agreement"
  • Klik Continue
  • De pagina zal herladen.
  • Klik op de link om Windows Offline Installation te downloaden, en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u7-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Daarna,

* Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /u

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik enter.

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

Laat me daarna weten hoe alles terug werkt.

Edited by miekiemoes, 10 July 2008 - 02:27 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Renni

Renni
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 11 July 2008 - 11:10 AM

Hey!

Het probleem is opgelost!

Echt hartelijk bedankt hiervoor! Gelukkig zijn er nog mensen zoals jij die anderen helpen ipv anderen hun pc willen verneuken ;-)


Veel groetjes en nogmaals bedankt!

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 AM

Posted 11 July 2008 - 12:43 PM

Graag gedaan. :thumbsup:

Lees alvast mijn Preventie pagina met info en tips hoe dit in de toekomst te voorkomen.
En lees deze pagina om je computer terug te optimaliseren na het verwijderen van malware.

Extra nota: Zorg ervoor dat je programma's up to date zijn - want oudere versies kunnen Security Leaks bevatten. Om na te gaan welke programma's je moet updaten, voer de Secunia Software Inspector Scan uit.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 AM

Posted 13 July 2008 - 02:01 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users