Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Virus Problem


  • Please log in to reply
3 replies to this topic

#1 jean74

jean74

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 30 August 2008 - 03:54 AM

hi anyone pls can help me out here?
here's my dss scan log :
Deckard's System Scanner v20071014.68
Run by jean-marc on 2008-08-30 10:53:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jean-marc.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53: VIRUS ALERT!, on 30/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jean-marc\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JEAN-M~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {108B77FC-1368-4D9D-8302-0EB3C66B8128} - C:\WINDOWS\system32\cbXRKCUN.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {82FE7773-FD0D-4303-88BE-CC13735BF5E8} - C:\WINDOWS\rodqgpvlqks.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: qalkfxor - {430C60E7-36D5-4BC3-8783-02B7FB0E966E} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Suitcase 11.0.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138230339702
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914...PSUploader4.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: rqbmvpso - {D4BEC0C9-D10F-49FA-A14C-EB813BD3BAB9} - C:\WINDOWS\rqbmvpso.dll
O21 - SSODL: pdoskegl - {96A5C05E-CB24-403D-9304-19972BC93854} - C:\WINDOWS\pdoskegl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11041 bytes

-- Files created between 2008-07-30 and 2008-08-30 -----------------------------

2008-08-30 10:47:25 0 d-------- C:\WINDOWS\privacy_danger
2008-08-30 10:36:57 0 d-------- C:\Documents and Settings\jean-marc\Application Data\TmpRecentIcons
2008-08-30 10:36:40 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll
2008-08-30 10:36:40 155648 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-30 10:36:40 233472 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-30 10:36:40 94208 --a------ C:\WINDOWS\eebr.exe
2008-08-30 10:36:39 86016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-30 10:36:39 188416 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-27 21:42:23 0 d-------- C:\WINDOWS\Prefetch
2008-08-27 21:26:29 0 d-------- C:\WINDOWS\system32\nl
2008-08-27 21:26:29 0 d-------- C:\WINDOWS\l2schemas
2008-08-27 21:22:03 0 d-------- C:\WINDOWS\network diagnostic
2008-08-27 00:31:44 0 d-------- C:\18b73c7ea165edb85a
2008-08-26 23:54:42 0 d-------- C:\WINDOWS\system32\RsFx
2008-08-26 23:33:52 0 d-------- C:\5b18db94266d4e28784dae25
2008-08-09 18:50:38 0 d-------- C:\Program Files\Navilog1
2008-08-09 12:37:16 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Malwarebytes
2008-08-09 12:37:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 12:37:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 00:18:15 0 d-------- C:\Program Files\Common Files\Digidesign
2008-08-04 00:18:11 163840 --a------ C:\WINDOWS\system32\ArtFfct.dll <Not Verified; ; BibliothŔque de liaison dynamique FDlg>
2008-08-04 00:18:11 0 d-------- C:\Program Files\Arturia
2008-08-03 11:59:32 0 d-------- C:\Program Files\Trend Micro
2008-08-02 16:27:21 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-02 16:22:26 0 d-------- C:\Program Files\Spyware Doctor
2008-08-02 16:22:26 0 d-------- C:\Documents and Settings\jean-marc\Application Data\PC Tools


-- Find3M Report ---------------------------------------------------------------

2008-08-29 22:11:22 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Azureus
2008-08-27 22:45:42 0 d-------- C:\Program Files\MSN Messenger
2008-08-27 21:44:35 550598 --a------ C:\WINDOWS\system32\perfh013.dat
2008-08-27 21:44:35 106110 --a------ C:\WINDOWS\system32\perfc013.dat
2008-08-27 21:29:26 0 d-------- C:\Program Files\Messenger
2008-08-27 21:26:28 0 d-------- C:\Program Files\Movie Maker
2008-08-27 21:23:19 0 d-------- C:\Program Files\Windows NT
2008-08-26 23:54:46 0 d-------- C:\Program Files\Microsoft SQL Server
2008-08-26 23:37:40 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-08-26 22:58:55 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Adobe
2008-08-13 17:13:16 0 d-------- C:\Program Files\Macromedia
2008-08-13 17:13:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-13 17:12:47 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Macromedia
2008-08-13 17:08:35 0 d-------- C:\Program Files\EPSON
2008-08-13 17:05:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-10 20:59:46 0 d-------- C:\Program Files\Java
2008-08-07 01:31:13 0 d-------- C:\Program Files\SoulseekNS
2008-08-04 00:18:15 0 d-------- C:\Program Files\Common Files
2008-08-03 22:42:05 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Extensis
2008-07-26 21:50:11 0 d-------- C:\Program Files\Apple Software Update
2008-07-12 19:15:47 0 d-------- C:\Program Files\Azureus
2008-07-02 01:45:44 0 d-------- C:\Documents and Settings\jean-marc\Application Data\vlc
2008-07-02 01:15:10 0 d-------- C:\Program Files\VideoLAN
2008-05-30 03:06:31 51 --a------ C:\smp.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{108B77FC-1368-4D9D-8302-0EB3C66B8128}]
C:\WINDOWS\system32\cbXRKCUN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82FE7773-FD0D-4303-88BE-CC13735BF5E8}]
30/08/2008 07:29: VIRUS ALERT! 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [01/12/2004 09:54: VIRUS ALERT! C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27: VIRUS ALERT!]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [27/05/2003 05:08: VIRUS ALERT!]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50: VIRUS ALERT!]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 07:31: VIRUS ALERT!]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 07:31: VIRUS ALERT!]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:32: VIRUS ALERT!]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:32: VIRUS ALERT!]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [02/07/2007 18:11: VIRUS ALERT!]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35: VIRUS ALERT!]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [30/11/1998 19:04: VIRUS ALERT!]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/01/2008 02:27: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16: VIRUS ALERT!]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/08/2008 17:27: VIRUS ALERT!]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [16/07/2008 09:16: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 19:02: VIRUS ALERT!]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54: VIRUS ALERT!]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [14/04/2005 16:56: VIRUS ALERT!]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 09:20: VIRUS ALERT!]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 00:06: VIRUS ALERT!]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [24/01/2007 22:21:09]
Suitcase 11.0.lnk - C:\WINDOWS\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [8/05/2008 0:15:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rqbmvpso"= {D4BEC0C9-D10F-49FA-A14C-EB813BD3BAB9} - C:\WINDOWS\rqbmvpso.dll [30/08/2008 07:29: VIRUS ALERT! 188416]
"pdoskegl"= {96A5C05E-CB24-403D-9304-19972BC93854} - C:\WINDOWS\pdoskegl.dll [30/08/2008 07:29: VIRUS ALERT! 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-30 10:53:53 ------------
thx for the help!

Edited by jean74, 30 August 2008 - 04:54 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 31 August 2008 - 05:13 AM

Hello Jean and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, and you're notified a more current version is available, please download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 jean74

jean74
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 31 August 2008 - 08:32 AM

hi, thx for helping me out here!

here are all the logs you asked :

Deckard's System Scanner v20071014.68
Run by jean-marc on 2008-08-31 15:30:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jean-marc.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:11, on 31/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jean-marc\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JEAN-M~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {82FE7773-FD0D-4303-88BE-CC13735BF5E8} - C:\WINDOWS\rodqgpvlqks.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: qalkfxor - {430C60E7-36D5-4BC3-8783-02B7FB0E966E} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Suitcase 11.0.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138230339702
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914...PSUploader4.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9842 bytes

-- Files created between 2008-07-31 and 2008-08-31 -----------------------------

2008-08-31 15:15:31 68096 --a------ C:\WINDOWS\zip.exe
2008-08-31 15:15:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-31 15:15:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-31 15:15:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-31 15:15:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-31 15:15:31 98816 --a------ C:\WINDOWS\sed.exe
2008-08-31 15:15:31 80412 --a------ C:\WINDOWS\grep.exe
2008-08-31 15:15:31 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-30 10:36:40 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll
2008-08-30 10:36:40 155648 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-30 10:36:40 233472 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-30 10:36:39 86016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-30 10:36:39 188416 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-27 21:42:23 0 d-------- C:\WINDOWS\Prefetch
2008-08-27 21:26:29 0 d-------- C:\WINDOWS\system32\nl
2008-08-27 21:26:29 0 d-------- C:\WINDOWS\l2schemas
2008-08-27 21:22:03 0 d-------- C:\WINDOWS\network diagnostic
2008-08-27 00:31:44 0 d-------- C:\18b73c7ea165edb85a
2008-08-26 23:54:42 0 d-------- C:\WINDOWS\system32\RsFx
2008-08-26 23:33:52 0 d-------- C:\5b18db94266d4e28784dae25
2008-08-09 18:50:38 0 d-------- C:\Program Files\Navilog1
2008-08-09 12:37:16 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Malwarebytes
2008-08-09 12:37:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 12:37:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 00:18:15 0 d-------- C:\Program Files\Common Files\Digidesign
2008-08-04 00:18:11 163840 --a------ C:\WINDOWS\system32\ArtFfct.dll <Not Verified; ; BibliothŔque de liaison dynamique FDlg>
2008-08-04 00:18:11 0 d-------- C:\Program Files\Arturia
2008-08-03 11:59:32 0 d-------- C:\Program Files\Trend Micro
2008-08-02 16:27:21 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-02 16:22:26 0 d-------- C:\Program Files\Spyware Doctor
2008-08-02 16:22:26 0 d-------- C:\Documents and Settings\jean-marc\Application Data\PC Tools


-- Find3M Report ---------------------------------------------------------------

2008-08-31 15:20:00 0 d-------- C:\Program Files\Common Files
2008-08-29 22:11:22 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Azureus
2008-08-27 22:45:42 0 d-------- C:\Program Files\MSN Messenger
2008-08-27 21:44:35 550598 --a------ C:\WINDOWS\system32\perfh013.dat
2008-08-27 21:44:35 106110 --a------ C:\WINDOWS\system32\perfc013.dat
2008-08-27 21:29:26 0 d-------- C:\Program Files\Messenger
2008-08-27 21:26:28 0 d-------- C:\Program Files\Movie Maker
2008-08-27 21:23:19 0 d-------- C:\Program Files\Windows NT
2008-08-26 23:54:46 0 d-------- C:\Program Files\Microsoft SQL Server
2008-08-26 23:37:40 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-08-26 22:58:55 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Adobe
2008-08-13 17:13:16 0 d-------- C:\Program Files\Macromedia
2008-08-13 17:13:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-13 17:12:47 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Macromedia
2008-08-13 17:08:35 0 d-------- C:\Program Files\EPSON
2008-08-13 17:05:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-10 20:59:46 0 d-------- C:\Program Files\Java
2008-08-07 01:31:13 0 d-------- C:\Program Files\SoulseekNS
2008-08-03 22:42:05 0 d-------- C:\Documents and Settings\jean-marc\Application Data\Extensis
2008-07-26 21:50:11 0 d-------- C:\Program Files\Apple Software Update
2008-07-12 19:15:47 0 d-------- C:\Program Files\Azureus
2008-07-02 01:45:44 0 d-------- C:\Documents and Settings\jean-marc\Application Data\vlc
2008-07-02 01:15:10 0 d-------- C:\Program Files\VideoLAN


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82FE7773-FD0D-4303-88BE-CC13735BF5E8}]
30/08/2008 07:29 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [01/12/2004 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [27/05/2003 05:08]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 07:31]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 07:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:32]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [02/07/2007 18:11]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [30/11/1998 19:04]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/01/2008 02:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/08/2008 17:27]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [16/07/2008 09:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 19:02]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [14/04/2005 16:56]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 09:20]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 00:06]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [24/01/2007 22:21:09]
Suitcase 11.0.lnk - C:\WINDOWS\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [8/05/2008 0:15:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-31 15:30:52 ------------



Malwarebytes' Anti-Malware 1.24
Database versie: 1035
Windows 5.1.2600 Service Pack 3

13:39:21 31/08/2008
mbam-log-8-31-2008 (13-39-21).txt

Scan type: Snelle Scan
Objecten gescand: 41939
Verstreken tijd: 6 minute(s), 10 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 5
Registerwaarden ge´nfecteerd: 0
Registerdata bestanden ge´nfecteerd: 16
Mappen ge´nfecteerd: 2
Bestanden ge´nfecteerd: 12

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55679-648-8637434-23117) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Bestanden ge´nfecteerd:
C:\WINDOWS\eebr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-marc\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-marc\Bureaublad\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-marc\Bureaublad\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-marc\Bureaublad\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-marc\Favorieten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-marc\Favorieten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-marc\Favorieten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.


ComboFix 08-08-30.03 - jean-marc 2008-08-31 15:16:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.538 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\jean-marc\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\jean-marc\Application Data\inst.exe
C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\#SharedObjects\YJFTDSX5\bin.clearspring.com
C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\#SharedObjects\YJFTDSX5\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\#SharedObjects\YJFTDSX5\interclick.com
C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\#SharedObjects\YJFTDSX5\interclick.com\ud.sol
C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\jean-marc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\smp.bat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\MSINET.oca

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))
.

2008-08-30 10:36 . 2008-08-30 07:29 405,504 --a------ C:\WINDOWS\rodqgpvlqks.dll
2008-08-30 10:36 . 2008-08-30 07:29 233,472 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-30 10:36 . 2008-08-30 07:29 188,416 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-30 10:36 . 2008-08-30 07:29 155,648 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-30 10:36 . 2008-08-30 07:29 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-27 21:26 . 2008-08-27 21:26 <DIR> d-------- C:\WINDOWS\system32\nl
2008-08-27 21:26 . 2008-08-27 21:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-27 00:31 . 2008-08-27 00:32 <DIR> d-------- C:\18b73c7ea165edb85a
2008-08-26 23:55 . 2008-07-11 02:28 50,200 --a------ C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-08-26 23:54 . 2008-08-26 23:54 <DIR> d-------- C:\WINDOWS\system32\RsFx
2008-08-26 23:33 . 2008-08-26 23:34 <DIR> d-------- C:\5b18db94266d4e28784dae25
2008-08-24 22:52 . 2008-08-24 22:52 268 --ah----- C:\sqmdata19.sqm
2008-08-24 22:52 . 2008-08-24 22:52 244 --ah----- C:\sqmnoopt19.sqm
2008-08-24 13:07 . 2008-04-14 19:02 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-24 13:05 . 2008-04-14 19:02 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-24 12:35 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-24 12:34 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-09 18:50 . 2008-08-09 19:48 <DIR> d-------- C:\Program Files\Navilog1
2008-08-09 12:37 . 2008-08-09 12:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 12:37 . 2008-08-09 12:37 <DIR> d-------- C:\Documents and Settings\jean-marc\Application Data\Malwarebytes
2008-08-09 12:37 . 2008-08-09 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 12:37 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-09 12:37 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-09 12:30 . 2008-08-09 12:30 <DIR> d-------- C:\_OTMoveIt
2008-08-04 00:18 . 2008-08-04 00:18 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-08-04 00:18 . 2008-08-04 00:18 <DIR> d-------- C:\Program Files\Arturia
2008-08-04 00:18 . 2006-09-20 14:11 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2008-08-03 13:44 . 2008-08-03 13:44 <DIR> d-------- C:\Deckard
2008-08-03 11:59 . 2008-08-03 11:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-02 16:27 . 2008-08-02 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-02 16:22 . 2008-08-29 17:39 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-02 16:22 . 2008-08-02 16:22 <DIR> d-------- C:\Documents and Settings\jean-marc\Application Data\PC Tools
2008-08-02 16:22 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-02 16:22 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-02 16:22 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-02 16:22 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-29 20:35 . 2008-07-29 20:35 326,160 --a------ C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 19:59 . 2008-07-29 19:59 781,344 --a------ C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 19:59 . 2008-07-29 19:59 105,016 --a------ C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 19:59 . 2008-07-29 19:59 43,544 --a------ C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 19:24 . 2008-07-29 19:24 622,080 --a------ C:\WINDOWS\system32\icardagt.exe
2008-07-29 19:24 . 2008-07-29 19:24 97,800 --a------ C:\WINDOWS\system32\infocardapi.dll
2008-07-29 19:24 . 2008-07-29 19:24 37,384 --a------ C:\WINDOWS\system32\infocardcpl.cpl
2008-07-29 19:24 . 2008-07-29 19:24 11,264 --a------ C:\WINDOWS\system32\icardres.dll
2008-07-29 05:49 . 2008-07-29 05:49 586,240 --a------ C:\WINDOWS\system32\icardres.dll.mui
2008-07-27 18:32 . 2008-08-07 01:31 <DIR> d-------- C:\Program Files\SoulseekNS
2008-07-25 11:16 . 2008-07-25 11:16 282,112 --a------ C:\WINDOWS\system32\mscoree.dll
2008-07-25 11:16 . 2008-07-25 11:16 158,720 --a------ C:\WINDOWS\system32\mscorier.dll
2008-07-25 11:16 . 2008-07-25 11:16 96,760 --a------ C:\WINDOWS\system32\dfshim.dll
2008-07-25 11:16 . 2008-07-25 11:16 83,968 --a------ C:\WINDOWS\system32\mscories.dll
2008-07-21 17:18 . 2008-07-21 17:18 <DIR> d-------- C:\Documents and Settings\jean-marc\DoctorWeb
2008-07-11 02:28 . 2008-07-11 02:28 34,328 --a------ C:\WINDOWS\system32\DTSPipelinePerf100.dll
2008-07-11 02:28 . 2008-07-11 02:28 26,292 --a------ C:\WINDOWS\system32\SQLServerManager10.msc
2008-07-10 02:49 . 2008-07-10 02:49 2,459,672 --a------ C:\WINDOWS\system32\sqlncli10.dll
2008-07-10 02:49 . 2008-07-10 02:49 242,712 --a------ C:\WINDOWS\system32\drivers\RsFx0102.sys
2008-07-10 02:49 . 2008-07-10 02:49 239,128 --a------ C:\WINDOWS\system32\drivers\RsFx0101.sys
2008-07-10 02:49 . 2008-07-10 02:49 235,416 --a------ C:\WINDOWS\system32\drivers\RsFx0100.sys
2008-07-10 02:49 . 2008-07-10 02:49 215,576 --a------ C:\WINDOWS\system32\SqlServerSpatial.dll
2008-07-07 22:30 . 2008-07-07 22:30 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-07-02 01:45 . 2008-07-02 01:45 <DIR> d-------- C:\Documents and Settings\jean-marc\Application Data\vlc

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 12:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 20:11 --------- d-----w C:\Documents and Settings\jean-marc\Application Data\Azureus
2008-08-29 15:26 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-27 20:45 --------- d-----w C:\Program Files\MSN Messenger
2008-08-26 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-26 21:54 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-08-26 21:37 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-08-13 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 15:13 --------- d-----w C:\Program Files\Macromedia
2008-08-13 15:08 --------- d-----w C:\Program Files\EPSON
2008-08-13 15:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-10 18:59 --------- d-----w C:\Program Files\Java
2008-08-03 20:42 --------- d-----w C:\Documents and Settings\jean-marc\Application Data\Extensis
2008-08-03 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Extensis
2008-07-26 19:50 --------- d-----w C:\Program Files\Apple Software Update
2008-07-12 17:15 --------- d-----w C:\Program Files\Azureus
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 12:06 575,488 ----a-w C:\WINDOWS\system32\xpsshhdr.dll
2008-07-06 12:06 117,760 ----a-w C:\WINDOWS\system32\prntvpt.dll
2008-07-06 12:06 1,676,288 ----a-w C:\WINDOWS\system32\xpssvcs.dll
2008-07-04 15:02 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 15:02 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-01 23:15 --------- d-----w C:\Program Files\VideoLAN
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:43 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-24 01:52 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-19 04:33 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll
2008-05-19 04:33 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll
2008-05-19 04:33 18,944 ----a-w C:\WINDOWS\system32\msisip.dll
2008-05-18 23:57 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-05-17 19:01 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2007-08-13 15:43 1 ----a-w C:\Documents and Settings\jean-marc\SI.bin
2007-05-31 17:53 47,360 ----a-w C:\Documents and Settings\jean-marc\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82FE7773-FD0D-4303-88BE-CC13735BF5E8}]
2008-08-30 07:29 405504 --a------ C:\WINDOWS\rodqgpvlqks.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{430C60E7-36D5-4BC3-8783-02B7FB0E966E}"= "C:\WINDOWS\qalkfxor.dll" [2008-08-30 07:29 155648]

[HKEY_CLASSES_ROOT\clsid\{430c60e7-36d5-4bc3-8783-02b7fb0e966e}]
[HKEY_CLASSES_ROOT\qalkfxor.1]
[HKEY_CLASSES_ROOT\TypeLib\{7E890B46-2548-4B43-B2A9-A89196DF5C9D}]
[HKEY_CLASSES_ROOT\qalkfxor]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 16:56 1957888]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 05:08 99840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 07:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 07:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 07:32 455168]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [2007-07-02 18:11 370176]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 19:04 497376]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-25 02:27 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 17:27 1235736]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:02 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-01-24 22:21:09 57344]
Suitcase 11.0.lnk - C:\WINDOWS\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [2008-05-08 00:15:58 9062]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"VIDC.MPG4"= msscmc32.dll
"VIDC.TR20"= tr2032.dll
"msacm.voxacm119"= vdk32119.acm
"vidc.vivo"= ivvideo.dll
"midi1"= KORGUMDD.DRV
"msacm.divxa32"= msaud32_divx.acm
"midi2"= KORGUMDD.DRV
"midi3"= KORGUMDD.DRV

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\SoulseekNS\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 17:26]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 17:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 17:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 17:02]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-11-15 02:00]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2005-12-20 01:07]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 02:28]
S4 RsFx0102;RsFx0102 Driver;C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 02:49]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 02:28]

*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map

2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{108B77FC-1368-4D9D-8302-0EB3C66B8128} - C:\WINDOWS\system32\cbXRKCUN.dll
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
C:\WINDOWS\Downloaded Program Files\IPSUploader4.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx

O16 -: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/int/EasyUpload/ImgUploader.cab
C:\WINDOWS\Downloaded Program Files\ImgUploader.inf
C:\WINDOWS\libcurl.dll
C:\WINDOWS\ImgUploaderLang_7.dll
C:\WINDOWS\ImgUploaderLang_3.dll
C:\WINDOWS\ImgUploaderLang_2.dll
C:\WINDOWS\ImgUploaderLang_1.dll
C:\WINDOWS\ImgUploaderLang_0.dll
C:\WINDOWS\Downloaded Program Files\ImgUploader.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 15:21:46
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-08-31 15:24:01
ComboFix-quarantined-files.txt 2008-08-31 13:23:38

Pre-Run: 38,229,471,232 bytes beschikbaar
Post-Run: 38,544,863,232 bytes beschikbaar

252 --- E O F --- 2008-08-29 20:25:27


see you

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 31 August 2008 - 01:36 PM

Hello Jean-Marc,

You haven't installed the Recovery Console !
Please do so first as a security precaution.

Then, let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/166370/major-virus-problem/
Collect::[9]
C:\WINDOWS\rodqgpvlqks.dll
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\rvoelbxt.exe
C:\WINDOWS\rqbmvpso.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82FE7773-FD0D-4303-88BE-CC13735BF5E8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{430C60E7-36D5-4BC3-8783-02B7FB0E966E}"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open.
Simply follow the instructions to copy/paste/send the requested file C:\QooBox\Quarantine\[9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users