ruitertje1969
Net Gestart
Leeftijd: 40
Geregistreerd op: 16-12-2005
Berichten: 3
Woonplaats: rotterdam
|
 Geplaatst: Za 29 Mei 2010, 9:16 Onderwerp: ongevraagd wordt website geopenend |
 |
|
Als ik aan het surfen bent wordt er ongevraagd een nieuwe website geopend, ongeacht op welke website is zelf surf.
bijv happytofind.com. Ik heb deze site nooit eerder aangevraagd
dit is de hijack:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:17, on 29-5-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.feyenoord.netwerk.to/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://vpn.erasmusmc.nl/nortel_cacheable/iewiper.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7694 bytes |
|
EvelineGirl
HijackThis Specialists
Leeftijd: 21
Geregistreerd op: 27-3-2010
Berichten: 60
Woonplaats: Spijkenisse
|
| Geplaatst: Za 29 Mei 2010, 13:09 Onderwerp: |
|
|
Hoi, 
Verwijder Spy Sweeper indien dit een trail is. Avast is verouderd, versie 5 is de nieuwste dus deze dient geupdate te worden. Je kan ook kiezen voor een andere:
Avg
Avast
Antivir
Microsoft Security Essentials
1.
Download TFC en sla deze op je Bureaublad op.
- Dubbelklik op TFC.exe om het programma te openen.
- Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
- Klik op de knop Start om het programma te starten. Hoe lang het programma nodig heeft, kan verschillen. Dit kan kan slechts een paar seconden zijn, maar ook 5 minuten. Laat het programma gewoon ongestoord zijn werk doen totdat het klaar is.
- Als het programma klaar is, dan zal het je computer opnieuw opstarten. Als dit niet gebeurt, start dan je computer handmatig opnieuw op.
2.
Bezoek de volgende pagina met de instructies voor het downloaden en gebruiken van Combofix Plaats Combofix op je bureaublad.
Schakel je Antivirus scanner uit alvorens Combofix op te starten.
Sommige scanners detecteren Combofix als malware en kunnen componenten verwijderen.
Indien dit gebeurt, download Combofix opnieuw.
Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.
- Dubbelklik op Combofix.exe om het te starten.
- Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
- Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
- Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
- Klik na afloop terug op Ja om het scannen op malware te starten.
- Tijdens het runnen van Combofix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
- Wanneer Combofix voltooid is en na herstart, zal de log Combofix.txt openen.
NOTE: Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.
Post het combofix.txt log samen met een nieuw HijackThis logje in je volgende antwoord.
Succes,
Eveline.  |
|
ruitertje1969
Net Gestart
Leeftijd: 40
Geregistreerd op: 16-12-2005
Berichten: 3
Woonplaats: rotterdam
|
| Geplaatst: Zo 30 Mei 2010, 11:55 Onderwerp: ongevraagd wordt website geopenend |
|
|
ComboFix 10-05-29.05 - Gebruiker 30-05-2010 11:21:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.639.405 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
Besmet exemplaar van c:\windows\system32\drivers\netbt.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :p
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-04-28 to 2010-05-30 ))))))))))))))))))))))))))))))
.
2010-05-30 08:30 . 2010-05-30 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-30 07:57 . 2010-05-30 08:05 46937472 ----a-w- c:\program files\setup_av_free_dut.exe
2010-05-29 07:34 . 2010-05-29 07:34 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-05-29 07:34 . 2010-05-29 07:34 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-29 07:34 . 2010-05-29 07:34 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-05-29 07:34 . 2010-05-29 07:34 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-29 07:07 . 2010-05-29 07:07 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-29 07:07 . 2010-05-29 07:07 -------- d-----w- c:\program files\Trend Micro
2010-05-28 19:22 . 2010-05-30 07:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-25 07:15 . 2010-05-25 07:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-25 07:15 . 2010-05-25 07:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-05 07:17 . 2010-05-05 07:17 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-05 06:49 . 2010-05-05 06:49 -------- d-----w- C:\sh4ldr
2010-05-05 06:49 . 2010-05-05 06:49 -------- d-----w- c:\program files\Enigma Software Group
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 08:33 . 2007-05-12 21:43 -------- d-----w- c:\program files\Alwil Software
2010-05-30 08:33 . 2007-05-14 09:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-30 07:54 . 2009-07-15 19:50 -------- d-----w- c:\program files\Windows Live
2010-05-30 07:42 . 2007-05-14 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-30 07:41 . 2009-12-31 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-30 07:36 . 2007-05-14 07:51 -------- d-----w- c:\program files\Hitman Pro
2010-05-30 07:31 . 2007-05-14 11:06 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Lavasoft
2010-05-29 11:06 . 2007-05-15 18:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-27 19:24 . 2007-05-14 13:13 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\ChessBase
2010-05-21 20:00 . 2010-05-18 18:29 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Spotify
2010-05-21 18:55 . 2010-05-21 18:54 4162456 ----a-w- c:\program files\Spotify Installer.exe
2010-05-21 15:20 . 2009-04-16 18:51 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Belastingdienst
2010-05-18 18:29 . 2010-05-18 18:29 655360 ----a-w- c:\documents and settings\Gebruiker\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-18 18:29 . 2010-05-18 18:29 282624 ----a-w- c:\documents and settings\Gebruiker\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-18 18:29 . 2010-05-18 18:29 208896 ----a-w- c:\documents and settings\Gebruiker\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-18 18:29 . 2010-05-18 18:29 -------- d-----w- c:\program files\Spotify
2010-05-17 08:39 . 2007-05-22 19:38 8704 ----a-w- c:\documents and settings\Gebruiker\Local Settings\Application Data\d3d9caps.dat
2010-05-06 20:59 . 2007-05-12 21:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2007-05-12 21:43 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2007-05-12 21:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-05 09:52 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2007-05-12 21:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2007-05-12 21:44 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2007-05-12 21:44 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-05 09:52 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2007-05-12 21:44 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 07:07 . 2009-11-17 05:26 -------- d-----w- c:\program files\QuickTime
2010-05-05 06:29 . 2007-06-23 11:14 4888 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-04 12:41 . 2001-09-07 10:00 91168 ----a-w- c:\windows\system32\perfc013.dat
2010-04-04 12:41 . 2001-09-07 10:00 509556 ----a-w- c:\windows\system32\perfh013.dat
2010-03-10 06:17 . 2004-08-04 00:03 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-12-30 16:43 . 2009-12-30 16:43 7079770 ----a-w- c:\program files\MegaMindy1.exe
2009-12-30 15:00 . 2009-07-15 19:04 2020136 ----a-w- c:\program files\SkypeSetup.exe
2009-09-16 09:37 . 2009-09-16 09:37 449563 ----a-w- c:\program files\FastImageResizer_098.exe
2009-03-27 09:09 . 2009-03-27 09:09 450521 ----a-w- c:\program files\PhotoResizr.zip
2009-03-12 11:03 . 2009-03-12 11:03 1345024 ----a-w- c:\program files\iview423_setup.exe
2008-12-19 21:22 . 2007-12-15 09:43 3533632 ----a-w- c:\program files\Acoustica-MP3-CD-Burner-Installer.exe
2008-12-06 23:02 . 2008-12-06 23:02 2942128 ----a-w- c:\program files\AiRoboForm-gtopa.exe
2008-11-16 19:07 . 2008-11-16 19:06 3436613 ----a-w- c:\program files\cotsetup.exe
2008-11-07 07:26 . 2008-11-07 07:26 11555320 ----a-w- c:\program files\chessimo.exe
2008-09-29 06:07 . 2008-09-29 06:07 2595501 ----a-w- c:\program files\Setup_ChessTheatre_v1.18.exe
2008-09-02 11:25 . 2008-09-02 11:24 2725906 ----a-w- c:\program files\ect701.exe
2008-08-23 13:41 . 2008-08-23 13:40 1305600 ----a-w- c:\program files\iview420_setup.exe
2008-07-26 06:51 . 2008-07-25 21:49 2595501 ----a-w- c:\program files\Setup_ChessTheatre_118.exe
2008-07-12 20:04 . 2008-07-12 20:04 923574 ----a-w- c:\program files\cpd107.zip
2008-07-11 05:59 . 2008-07-11 05:59 4662398 ----a-w- c:\program files\dhtml-chess.zip
2008-07-10 18:36 . 2008-07-10 17:46 1217367 ----a-w- c:\program files\pgntojs.zip
2008-07-06 19:26 . 2008-07-06 19:26 1648579 ----a-w- c:\program files\InstallVer11.zip
2008-06-09 12:27 . 2008-03-08 13:04 33953504 ----a-w- c:\program files\PlayChessSetup.exe
2008-06-04 12:06 . 2008-06-04 12:06 13665632 ----a-w- c:\program files\winzip112.exe
2008-05-28 08:53 . 2008-05-28 08:53 4888848 ----a-w- c:\program files\imsdwarfv2.exe
2008-04-13 19:15 . 2008-04-13 19:15 942512 ----a-w- c:\program files\7-Zip313.exe
2008-03-17 06:59 . 2008-03-17 06:58 2733520 ----a-w- c:\program files\ccsetup205.exe
2007-12-22 14:45 . 2007-12-22 14:45 3338210 ----a-w- c:\program files\LimeWire.zip
2007-12-20 14:13 . 2007-12-20 14:13 3126056 ----a-w- c:\program files\LimeWireWin.exe
2007-12-15 09:40 . 2007-12-15 09:40 2347372 ----a-w- c:\program files\setupneoaudio.exe
2007-05-20 13:30 . 2007-05-16 19:09 3796104 ----a-w- c:\program files\install_flash_player_8.zip
2007-05-14 08:15 . 2007-05-14 07:50 4011208 ----a-w- c:\program files\hitmanpro26.exe
2007-05-14 07:58 . 2007-05-14 07:58 2811335 ----a-w- c:\program files\PrintScreen40_Setup.exe
2007-05-13 06:27 . 2007-05-13 06:25 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe
2007-05-12 22:28 . 2007-05-12 22:28 855632 ----a-w- c:\program files\GoogleToolbarInstaller.exe
2007-05-12 21:43 . 2007-05-12 21:43 14673904 ----a-w- c:\program files\setupdut.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2007-04-23 11:06 507904 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:03 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-07 18:03 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\java.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"=
"c:\\Program Files\\DGT Projects\\DGT ChessTheatre\\ChessTheatre.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\UpWiz.exe"=
"c:\\Program Files\\play2p\\play2p.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\ChessBase\\ChessProgram8\\ChessProgram8.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5-4-2008 11:52 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5-4-2008 11:52 19024]
S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys --> c:\windows\system32\drivers\ctredrv.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-1-2010 1:35 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-5-2007 12:20 682232]
.
Inhoud van de 'Gedeelde Taken' map
2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 23:35]
2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 23:35]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.feyenoord.netwerk.to/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} - hxxps://vpn.erasmusmc.nl/nortel_cacheable/iewiper.cab
.
- - - - ORPHANS VERWIJDERD - - - -
MSConfigStartUp-Hitman Pro SurfRight Helper - c:\program files\Hitman Pro\srhelper.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 11:30
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,0c,ab,7d,
92,b5,9d,a5,b8,23,b0,14,70,cc,c4,53,e0,a3,50,8d,05,46,2c,68,b1,97,2b,51,6d,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-05-30 11:37:22
ComboFix-quarantined-files.txt 2010-05-30 09:37
Pre-Run: 60.677.758.976 bytes beschikbaar
Post-Run: 60.646.920.192 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 1B97D9E5652FF81E39E46119874FA561
hijack:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:05, on 30-5-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.feyenoord.netwerk.to/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://vpn.erasmusmc.nl/nortel_cacheable/iewiper.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 5980 bytes
bedankt alvast |
|
