Vraag & Antwoord
hulp gevraagd met laptop
9 antwoorden
- sinds een tijdje start mijn laptop zeer traag op (is een acer, de besturingssoftware komt er pas na een goed kwartier laden), hapert constant. Ook waren er constant popups, maar denk dat ik dit gisteren al heb kunnen verhelpen met adaware en spyware doctor. Beveiliging gebeurde tot voor kort met norton, maar die heb ik verwijderd omdat die toch meer doorliet dan tegenhield. In de plaats heb ik bitdefender 9 professional plus geïnstalleerd.
bitdefender log:
//—————————————————————–
//
// Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// Gemaakt op: 28/06/2007 10:18:13
//
//—————————————————————–
Statistieken
Pad scannen : C:\
D:\
Mappen : 5102
Bestanden : 297553
Archieven : 7385
Ingepakte bestanden : 18962
Geïdentificeerde virussen : 12
Geïnfecteerde bestanden : 48
Waarschuwingen : 0
Verdachte bestanden : 0
Gedesinfecteerde bestanden : 0
Verwijderde bestanden : 0
Gekopieerde bestanden : 0
Verplaatste bestanden : 35
Hernoemde bestanden : 0
I/O-fouten : 32
Scantijd : 00:35:41
Scansnelheid (bestanden/sec) : 138
Spyware-statistieken
Geheugenprocessen gescand : 67
Geheugenprocessen geïnfecteerd : 1
Registersleutels gescand : 1857
Registersleutels geïnfecteerd : 3
Cookies gescand : 28
Cookies geïnfecteerd : 0
Spyware-bestanden geïnfecteerd : 2
Spyware-bedreigingen gedetecteerd : 1
Virusdefinities : 646938
Plug-ins voor scannen : 16
Plug-ins voor archieven : 41
Plug-ins uitpakken : 6
Plug-ins verzenden : 6
Systeemplug-ins : 5
Scanopties
Detectie
[X] Opstartsectoren scannen
[X] Archieven scannen
[X] Ingepakte bestanden scannen
[X] E-mail scannen
Bestandsmasker
[ ] Programma's
[X] Alle bestanden
[ ] Door de gebruiker gedefinieerde extensies:
[ ] Extensies uitsluiten: ;
Actie
Geïnfecteerde objecten
[ ] Negeren
[X] Desinfecteren
[ ] Verwijderen
[ ] Kopiëren naar quarantaine
[ ] Verplaatsen naar quarantaine
[ ] Naam wijzigen
[ ] Gebruiker vragen
Tweede actie
[ ] Negeren
[ ] Verwijderen
[ ] Kopiëren naar quarantaine
[X] Verplaatsen naar quarantaine
[ ] Naam wijzigen
[ ] Gebruiker vragen
Scanopties
[X] Waarschuwingen inschakelen
[X] Heuristiek inschakelen
[ ] Alle bestanden in het logboek weergeven
[X] Rapportbestand: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1183018692.log
Spyware-scanopties
[X] Geheugenprocessen
[X] Registersleutels
[X] Cookies
Samenvatting:
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Gevonden Trojan.Fotomoto.A
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Desinfecteren mislukt
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Verplaatsen mislukt
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Gevonden Trojan.Fotomoto.A
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Desinfecteren mislukt
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Verplaatsen mislukt
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Gevonden Trojan.Fotomoto.A
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Desinfecteren mislukt
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Verplaatsen mislukt
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (memory dump) Gevonden Trojan.Fotomoto.A
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (memory dump) Desinfecteren mislukt
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (memory dump) Verplaatsen mislukt
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (disk) Geïnfecteerd Trojan.Fotomoto.A
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (disk) Desinfecteren mislukt
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (disk) Verplaatsen mislukt
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (full dump) Geïnfecteerd Trojan.Fotomoto.A
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (full dump) Desinfecteren mislukt
<System>=>C:\WINDOWS\system32\vrppnvwq.exe (full dump) Verplaatsen mislukt
C:\WINDOWS\system32\vrppnvwq.exe Geïnfecteerd Trojan.Fotomoto.A
C:\WINDOWS\system32\vrppnvwq.exe Desinfecteren mislukt
C:\WINDOWS\system32\vrppnvwq.exe Verplaatst
C:\WINDOWS\system32\xompintv.exe Geïnfecteerd Trojan.Fotomoto.A
C:\WINDOWS\system32\xompintv.exe Desinfecteren mislukt
C:\WINDOWS\system32\xompintv.exe Verplaatst
C:\WINDOWS\system32\ynyqfpoi.exe Geïnfecteerd Trojan.LowZones.SA
C:\WINDOWS\system32\ynyqfpoi.exe Desinfecteren mislukt
C:\WINDOWS\system32\ynyqfpoi.exe Verplaatst
C:\WINDOWS\system32\yhuqmxlb.exe Geïnfecteerd Trojan.Fotomoto.A
C:\WINDOWS\system32\yhuqmxlb.exe Desinfecteren mislukt
C:\WINDOWS\system32\yhuqmxlb.exe Verplaatst
C:\WINDOWS\system32\tcvldnel.exe Geïnfecteerd Trojan.Fotomoto.A
C:\WINDOWS\system32\tcvldnel.exe Desinfecteren mislukt
C:\WINDOWS\system32\tcvldnel.exe Verplaatst
C:\WINDOWS\system32\vxwbsofq.exe Geïnfecteerd Trojan.LowZones.SA
C:\WINDOWS\system32\vxwbsofq.exe Desinfecteren mislukt
C:\WINDOWS\system32\vxwbsofq.exe Verplaatst
C:\WINDOWS\system32\nkxoannm.exe Geïnfecteerd Trojan.Clicker.Agent.NP
C:\WINDOWS\system32\nkxoannm.exe Desinfecteren mislukt
C:\WINDOWS\system32\nkxoannm.exe Verplaatst
C:\WINDOWS\system32\pdjhvlor.exe Geïnfecteerd Trojan.Fotomoto.A
C:\WINDOWS\system32\pdjhvlor.exe Desinfecteren mislukt
C:\WINDOWS\system32\pdjhvlor.exe Verplaatst
C:\WINDOWS\system32\aafpmjvg.exe Geïnfecteerd Trojan.LowZones.SA
C:\WINDOWS\system32\aafpmjvg.exe Desinfecteren mislukt
C:\WINDOWS\system32\aafpmjvg.exe Verplaatst
C:\WINDOWS\Temp\PK7EA.tmp Geïnfecteerd Trojan.Downloader.AQG
C:\WINDOWS\Temp\PK7EA.tmp Desinfecteren mislukt
C:\WINDOWS\Temp\PK7EA.tmp Verplaatst
C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002 Geïnfecteerd Trojan.Popwin.BK
C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002 Desinfecteren mislukt
C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002 Verplaatsen mislukt
C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0004 Gevonden Adware.Softomate.BG
C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0004 Desinfecteren mislukt
C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0004 Verplaatsen mislukt
C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002 Geïnfecteerd Rootkit.Agent.EV
C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002 Desinfecteren mislukt
C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002 Verplaatsen mislukt
C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0004 Gevonden Adware.Softomate.BG
C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0004 Desinfecteren mislukt
C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0004 Verplaatsen mislukt
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\adfcook[1] Geïnfecteerd Trojan.Clicker.Agent.NP
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\adfcook[1] Desinfecteren mislukt
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\adfcook[1] Verplaatst
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\tob_snd_20070616[1] Geïnfecteerd Trojan.Fotomoto.A
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\tob_snd_20070616[1] Desinfecteren mislukt
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\tob_snd_20070616[1] Verplaatst
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\WinAntiVirusPro2006FreeInstall_nl[1].cab=>UWA6PM_0001_N91M2107NetInstaller.exe Geïnfecteerd Trojan.Downloader.AQG
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\WinAntiVirusPro2006FreeInstall_nl[1].cab=>UWA6PM_0001_N91M2107NetInstaller.exe Desinfecteren mislukt
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\WinAntiVirusPro2006FreeInstall_nl[1].cab=>UWA6PM_0001_N91M2107NetInstaller.exe Verplaatsen mislukt
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\RFDR2LVV\koocwolla_20070601[1] Geïnfecteerd Trojan.LowZones.SA
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\RFDR2LVV\koocwolla_20070601[1] Desinfecteren mislukt
C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\RFDR2LVV\koocwolla_20070601[1] Verplaatst
C:\Documents and Settings\Admin\Local Settings\Temp\second.exe Geïnfecteerd Trojan.Downloader.JISG
C:\Documents and Settings\Admin\Local Settings\Temp\second.exe Desinfecteren mislukt
C:\Documents and Settings\Admin\Local Settings\Temp\second.exe Verplaatst
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RMYWH1XE\adfcook[1] Geïnfecteerd Trojan.Clicker.Agent.NP
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RMYWH1XE\adfcook[1] Desinfecteren mislukt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RMYWH1XE\adfcook[1] Verplaatst
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0PPM8RCA\koocwolla_20070601[1] Geïnfecteerd Trojan.LowZones.SA
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0PPM8RCA\koocwolla_20070601[1] Desinfecteren mislukt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0PPM8RCA\koocwolla_20070601[1] Verplaatst
C:\Program Files\WinPop\winpop.exe Geïnfecteerd Trojan.Popwin.BK
C:\Program Files\WinPop\winpop.exe Desinfecteren mislukt
C:\Program Files\WinPop\winpop.exe Verplaatst
C:\Program Files\WinPop\UnInstall.exe Geïnfecteerd Trojan.Popwin.BK
C:\Program Files\WinPop\UnInstall.exe Desinfecteren mislukt
C:\Program Files\WinPop\UnInstall.exe Verplaatst
C:\Program Files\Softwin\BitDefender9\Quarantine\vrppnvwq.exe Geïnfecteerd Trojan.Fotomoto.A
C:\Program Files\Softwin\BitDefender9\Quarantine\vrppnvwq.exe Desinfecteren mislukt
C:\Program Files\Softwin\BitDefender9\Quarantine\vrppnvwq.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024035.dll Gevonden Adware.Virtumonde.GFA
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024035.dll Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024035.dll Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024304.exe Geïnfecteerd Trojan.Downloader.Agent.YFI
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024304.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024304.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024355.exe Geïnfecteerd Trojan.Downloader.Agent.YFI
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024355.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024355.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024419.dll Gevonden Adware.Virtumonde.GFA
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024419.dll Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024419.dll Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027920.exe Geïnfecteerd Trojan.Fotomoto.A
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027920.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027920.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027921.exe Geïnfecteerd Trojan.LowZones.SA
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027921.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027921.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027922.exe Geïnfecteerd Trojan.Fotomoto.A
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027922.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027922.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027923.exe Geïnfecteerd Trojan.Fotomoto.A
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027923.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027923.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027924.exe Geïnfecteerd Trojan.LowZones.SA
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027924.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027924.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027925.exe Geïnfecteerd Trojan.Clicker.Agent.NP
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027925.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027925.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027926.exe Geïnfecteerd Trojan.Fotomoto.A
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027926.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027926.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027927.exe Geïnfecteerd Trojan.LowZones.SA
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027927.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027927.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027928.exe Geïnfecteerd Trojan.Popwin.BK
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027928.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027928.exe Verplaatst
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027929.exe Geïnfecteerd Trojan.Popwin.BK
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027929.exe Desinfecteren mislukt
C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027929.exe Verplaatst
C:\FOUND.004\FILE0005.CHK Geïnfecteerd Trojan.Downloader.Agent.YFI
C:\FOUND.004\FILE0005.CHK Desinfecteren mislukt
C:\FOUND.004\FILE0005.CHK Verplaatst
C:\FOUND.004\FILE0016.CHK Geïnfecteerd Trojan.Downloader.JISG
C:\FOUND.004\FILE0016.CHK Desinfecteren mislukt
C:\FOUND.004\FILE0016.CHK Verplaatst
C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0001 Geïnfecteerd Trojan.Agent.AAJJ
C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0001 Desinfecteren mislukt
C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0001 Verplaatsen mislukt
C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0002 Geïnfecteerd Trojan.Downloader.JISG
C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0002 Desinfecteren mislukt
C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0002 Verplaatsen mislukt
C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0001 Geïnfecteerd Trojan.Agent.AAJJ
C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0001 Desinfecteren mislukt
C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0001 Verplaatsen mislukt
C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0002 Geïnfecteerd Trojan.Downloader.JISG
C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0002 Desinfecteren mislukt
C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0002 Verplaatsen mislukt
C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0001 Geïnfecteerd Trojan.Agent.AAJJ
C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0001 Desinfecteren mislukt
C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0001 Verplaatsen mislukt
C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0002 Geïnfecteerd Trojan.Downloader.JISG
C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0002 Desinfecteren mislukt
C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0002 Verplaatsen mislukt
hijackthis log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:40:15, on 28/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\vrppnvwq.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\DOCUME~1\Hans\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Documents and Settings\Hans\Bureaublad\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\rtfdkgeo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\qomjjgf.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\cwkbenuo.dll",forkonce
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
O20 - Winlogon Notify: qomjjgf - C:\WINDOWS\SYSTEM32\qomjjgf.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vrppnvwq.exe (file missing)
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
–
End of file - 11284 bytes
In ieder geval dank bij voorbaat! - Download [b:06b80a944c]VirtumundoBegone[/b:06b80a944c], sla dit op op je bureaublad.
Dubbelklik op [b:06b80a944c]VirtumundoBeGone.exe[/b:06b80a944c] en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand [b:06b80a944c]VBG.TXT[/b:06b80a944c], dat nu op je bureaublad staat, hier in je volgende bericht.
Download:
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
[b:06b80a944c]Mogelijk[/b:06b80a944c] start er ook een uninstaller van een rogue scanner op, [b:06b80a944c]sluit deze niet af[/b:06b80a944c] maar volg eventuele aanwijzingen en laat deze zijn werk doen.
Daarna de [b:06b80a944c]PC herstarten[/b:06b80a944c] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
Zoek daarna even het volgende bestand op C:\[b:06b80a944c]RVAXO-results.log[/b:06b80a944c]
Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een logje van HijackThis. - VBG:
[06/28/2007, 13:18:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Hans\Mijn documenten\VirtumundoBeGone.exe" )
[06/28/2007, 13:18:40] - Detected System Information:
[06/28/2007, 13:18:40] - Windows Version: 5.1.2600, Service Pack 2
[06/28/2007, 13:18:40] - Current Username: Hans (Admin)
[06/28/2007, 13:18:40] - Windows is in NORMAL mode.
[06/28/2007, 13:18:40] - Searching for Browser Helper Objects:
[06/28/2007, 13:18:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/28/2007, 13:18:40] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
[06/28/2007, 13:18:40] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
[06/28/2007, 13:18:40] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2007, 13:18:40] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:40] - No filename found. Continuing.
[06/28/2007, 13:18:40] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2007, 13:18:40] - BHO 6: {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF} ()
[06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\vtsqo
[06/28/2007, 13:18:40] - Found: HKLM\…\Winlogon\Notify\vtsqo - This is probably Virtumundo.
[06/28/2007, 13:18:40] - Assigning {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF} MSEvents Object
[06/28/2007, 13:18:40] - BHO list has been changed! Starting over…
[06/28/2007, 13:18:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/28/2007, 13:18:40] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
[06/28/2007, 13:18:40] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
[06/28/2007, 13:18:40] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2007, 13:18:40] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:40] - No filename found. Continuing.
[06/28/2007, 13:18:40] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2007, 13:18:40] - BHO 6: {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF} (MSEvents Object)
[06/28/2007, 13:18:40] - ALERT: Found MSEvents Object!
[06/28/2007, 13:18:40] - BHO 7: {DC192567-65F9-4AB6-ADB7-E13575F81726} ()
[06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\qomjjgf
[06/28/2007, 13:18:40] - Found: HKLM\…\Winlogon\Notify\qomjjgf - This is probably Virtumundo.
[06/28/2007, 13:18:40] - Assigning {DC192567-65F9-4AB6-ADB7-E13575F81726} MSEvents Object
[06/28/2007, 13:18:40] - BHO list has been changed! Starting over…
[06/28/2007, 13:18:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/28/2007, 13:18:40] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
[06/28/2007, 13:18:40] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
[06/28/2007, 13:18:40] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2007, 13:18:40] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:40] - No filename found. Continuing.
[06/28/2007, 13:18:40] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2007, 13:18:40] - BHO 6: {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF} (MSEvents Object)
[06/28/2007, 13:18:40] - ALERT: Found MSEvents Object!
[06/28/2007, 13:18:40] - BHO 7: {DC192567-65F9-4AB6-ADB7-E13575F81726} (MSEvents Object)
[06/28/2007, 13:18:40] - ALERT: Found MSEvents Object!
[06/28/2007, 13:18:40] - Finished Searching Browser Helper Objects
[06/28/2007, 13:18:40] - *** Detected MSEvents Object
[06/28/2007, 13:18:41] - Trying to remove MSEvents Object…
[06/28/2007, 13:18:42] - Terminating Process: IEXPLORE.EXE
[06/28/2007, 13:18:43] - Terminating Process: RUNDLL32.EXE
[06/28/2007, 13:18:43] - Disabling Automatic Shell Restart
[06/28/2007, 13:18:43] - Terminating Process: EXPLORER.EXE
[06/28/2007, 13:18:43] - Suspending the NT Session Manager System Service
[06/28/2007, 13:18:44] - Terminating Windows NT Logon/Logoff Manager
[06/28/2007, 13:18:45] - Re-enabling Automatic Shell Restart
[06/28/2007, 13:18:45] - File to disable: C:\WINDOWS\system32\vtsqo.dll
[06/28/2007, 13:18:45] - Renaming C:\WINDOWS\system32\vtsqo.dll -> C:\WINDOWS\system32\vtsqo.dll.vir
[06/28/2007, 13:18:45] - File successfully renamed!
[06/28/2007, 13:18:45] - Removing HKLM\…\Browser Helper Objects\{BAA6F127-3CF3-43B9-B7F8-7C59D99070BF}
[06/28/2007, 13:18:45] - Removing HKCR\CLSID\{BAA6F127-3CF3-43B9-B7F8-7C59D99070BF}
[06/28/2007, 13:18:46] - Adding Kill Bit for ActiveX for GUID: {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF}
[06/28/2007, 13:18:46] - Deleting ATLEvents/MSEvents Registry entries
[06/28/2007, 13:18:46] - Removing HKLM\…\Winlogon\Notify\vtsqo
[06/28/2007, 13:18:46] - Searching for Browser Helper Objects:
[06/28/2007, 13:18:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/28/2007, 13:18:46] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/28/2007, 13:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:46] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
[06/28/2007, 13:18:46] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
[06/28/2007, 13:18:46] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2007, 13:18:46] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/28/2007, 13:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:46] - No filename found. Continuing.
[06/28/2007, 13:18:46] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2007, 13:18:46] - BHO 6: {DC192567-65F9-4AB6-ADB7-E13575F81726} (MSEvents Object)
[06/28/2007, 13:18:46] - ALERT: Found MSEvents Object!
[06/28/2007, 13:18:46] - Finished Searching Browser Helper Objects
[06/28/2007, 13:18:46] - *** Detected MSEvents Object
[06/28/2007, 13:18:46] - Trying to remove MSEvents Object…
[06/28/2007, 13:18:47] - Terminating Process: IEXPLORE.EXE
[06/28/2007, 13:18:47] - Terminating Process: RUNDLL32.EXE
[06/28/2007, 13:18:47] - Disabling Automatic Shell Restart
[06/28/2007, 13:18:47] - Terminating Process: EXPLORER.EXE
[06/28/2007, 13:18:47] - Suspending the NT Session Manager System Service
[06/28/2007, 13:18:47] - Terminating Windows NT Logon/Logoff Manager
[06/28/2007, 13:18:47] - Re-enabling Automatic Shell Restart
[06/28/2007, 13:18:47] - File to disable: C:\WINDOWS\system32\qomjjgf.dll
[06/28/2007, 13:18:47] - Renaming C:\WINDOWS\system32\qomjjgf.dll -> C:\WINDOWS\system32\qomjjgf.dll.vir
[06/28/2007, 13:18:48] - File successfully renamed!
[06/28/2007, 13:18:48] - Removing HKLM\…\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726}
[06/28/2007, 13:18:48] - Removing HKCR\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726}
[06/28/2007, 13:18:49] - Adding Kill Bit for ActiveX for GUID: {DC192567-65F9-4AB6-ADB7-E13575F81726}
[06/28/2007, 13:18:49] - Deleting ATLEvents/MSEvents Registry entries
[06/28/2007, 13:18:49] - Removing HKLM\…\Winlogon\Notify\qomjjgf
[06/28/2007, 13:18:49] - Searching for Browser Helper Objects:
[06/28/2007, 13:18:49] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/28/2007, 13:18:49] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/28/2007, 13:18:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:49] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
[06/28/2007, 13:18:49] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
[06/28/2007, 13:18:49] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2007, 13:18:49] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/28/2007, 13:18:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2007, 13:18:49] - No filename found. Continuing.
[06/28/2007, 13:18:49] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2007, 13:18:49] - Finished Searching Browser Helper Objects
[06/28/2007, 13:18:49] - Finishing up…
[06/28/2007, 13:18:49] - A restart is needed.
[06/28/2007, 13:19:00] - Attempting to Restart via STOP error (Blue Screen!)
RVAXO:
—————-RemoveVideoActiveXObject.exe first run————-
Files found:
C:\WINDOWS\system32\vtsqo.dll.vir
C:\WINDOWS\system32\qomjjgf.dll.vir
C:\Program Files\MSN Messenger\msnmgr.exe
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\oqstv.bak1
Uninstallers Rogue scanners:
Folders Found:
C:\Program Files\WinPop
————–RemoveVideoActiveXObject.exe last run—————
Files found:
Uninstallers Rogue scanners:
Folders Found: - Download [b:6144c42f50]Combofix[/b:6144c42f50] naar je Bureaublad.
Dubbelklik op [b:6144c42f50]Combofix.exe[/b:6144c42f50]
Volg de instructies, aanvaard de disclaimer door [b:6144c42f50]1[/b:6144c42f50] (continue) te typen.
Tijdens het runnen van de fix, [b:6144c42f50]NIET[/b:6144c42f50] in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log [b:6144c42f50]combofix.txt[/b:6144c42f50] openen.
[i:6144c42f50]Plaats deze log in je volgende post.[/i:6144c42f50]
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. - In ieder geval bedankt voor het snelle antwoord! Ik zou zelf niet weten wat er gedaan wordt met al die programma's, ben in die dingen een echte leek.
"Hans" - 2007-06-29 11:29:19 - ComboFix 07-06-27.7 - Service Pack 2
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\qommkhg.dll
C:\WINDOWS\system32\qptvkbns.dll
C:\WINDOWS\system32\nnnolli.dll
C:\WINDOWS\system32\jkkigec.dll
C:\WINDOWS\system32\fcccyay.dll
C:\WINDOWS\system32\xxyvvvu.dll
C:\WINDOWS\system32\awtttuu.dll
C:\WINDOWS\system32\pmnnoml.dll
C:\WINDOWS\system32\mljihgg.dll
C:\WINDOWS\system32\rqrqonn.dll
C:\WINDOWS\system32\efcdecb.dll
C:\WINDOWS\system32\cbxvspp.dll
C:\WINDOWS\system32\byxyvvw.dll
C:\WINDOWS\system32\nnnlklk.dll
C:\WINDOWS\system32\qomnonm.dll
C:\WINDOWS\system32\rqrqpmk.dll
C:\WINDOWS\system32\ddccaab.dll
C:\WINDOWS\system32\qommlkl.dll
C:\WINDOWS\system32\khfffdb.dll
C:\WINDOWS\system32\fcccaya.dll
C:\WINDOWS\system32\byxvwuu.dll
C:\WINDOWS\system32\yaywtts.dll
C:\WINDOWS\system32\gebbayv.dll
C:\WINDOWS\system32\urqnkjk.dll
C:\WINDOWS\system32\cbxvwwu.dll
C:\WINDOWS\system32\tuvsttt.dll
C:\WINDOWS\system32\urqnkig.dll
C:\WINDOWS\system32\nnnnnno.dll
C:\WINDOWS\system32\gebbyvs.dll
C:\WINDOWS\system32\khfcbxv.dll
C:\WINDOWS\system32\iiffdbx.dll
C:\WINDOWS\system32\xxyyyvt.dll
C:\WINDOWS\system32\xxywusq.dll
C:\WINDOWS\system32\xxyxwuv.dll
C:\WINDOWS\system32\fccbbca.dll
C:\WINDOWS\system32\pmnmmlk.dll
C:\WINDOWS\system32\ssqqqnm.dll
C:\WINDOWS\system32\xxyxyvv.dll
C:\WINDOWS\system32\awtrrrs.dll
C:\WINDOWS\system32\rqrqrrp.dll
C:\WINDOWS\system32\pmnkjij.dll
C:\WINDOWS\system32\awtrsqo.dll
C:\WINDOWS\system32\rqrrrqq.dll
C:\WINDOWS\system32\wvuvwtq.dll
C:\WINDOWS\system32\rqrqoll.dll
C:\WINDOWS\system32\awtuuur.dll
C:\WINDOWS\system32\yayyvwx.dll
C:\WINDOWS\system32\vtutrom.dll
C:\WINDOWS\system32\awtspno.dll
C:\WINDOWS\system32\jkkifcc.dll
C:\WINDOWS\system32\cbxuvvw.dll
C:\WINDOWS\system32\fccyaww.dll
C:\WINDOWS\system32\hgghhhf.dll
C:\WINDOWS\system32\byxyxvs.dll
C:\WINDOWS\system32\nnnnkjg.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
——-\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))
2007-06-29 11:28 49,152 –a—— C:\WINDOWS\nircmd.exe
2007-06-28 18:41 36,122 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
2007-06-28 18:41 <DIR> d——– C:\WINDOWS\system32\RVAXO
2007-06-27 22:40 81,984 –a—— C:\WINDOWS\system32\bdod.bin
2007-06-27 22:25 786,432 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-27 22:25 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
2007-06-27 22:25 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
2007-06-27 22:25 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
2007-06-27 22:25 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
2007-06-27 22:25 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
2007-06-27 22:25 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
2007-06-27 22:25 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
2007-06-27 22:25 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
2007-06-27 22:24 <DIR> d–hs—- C:\FOUND.005
2007-06-27 21:33 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-27 21:33 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
2007-06-27 21:33 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-27 21:33 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-27 21:33 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-27 21:33 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
2007-06-27 21:33 <DIR> d——– C:\Program Files\Spyware Doctor
2007-06-27 21:33 <DIR> d——– C:\DOCUME~1\Hans\APPLIC~1\PC Tools
2007-06-27 21:32 <DIR> d——– C:\Program Files\Google
2007-06-27 21:32 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-06-27 17:48 29 –a—— C:\WINDOWS\system32\getfile.dat
2007-06-27 15:00 <DIR> d——– C:\Program Files\Lavasoft
2007-06-27 15:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-27 14:59 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
2007-06-27 14:50 <DIR> d——– C:\Program Files\InterMute
2007-06-27 10:56 128,576 –a—— C:\WINDOWS\system32\cwkbenuo.dll
2007-06-27 10:53 66,112 –a—— C:\WINDOWS\system32\rtfdkgeo.dll
2007-06-24 08:28 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
2007-06-23 19:19 <DIR> d–hs—- C:\FOUND.004
2007-06-16 17:46 <DIR> d–hs—- C:\FOUND.003
2007-06-12 19:02 <DIR> d–hs—- C:\WINDOWS\ftpcache
2007-06-04 15:18 9,344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 –a—— C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 17:02 <DIR> d——– C:\DOCUME~1\Admin\Contacts
2007-06-02 09:24 <DIR> d–hs—- C:\FOUND.002
2007-06-01 18:12 <DIR> d——– C:\DOCUME~1\Hans\APPLIC~1\AdobeUM
2007-06-01 11:41 82,380 –a—— C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-06-01 11:38 94,208 -ra—— C:\WINDOWS\system32\HPZipt12.dll
2007-06-01 11:38 65,795 -ra—— C:\WINDOWS\system32\HPZipm12.exe
2007-06-01 11:38 61,699 -ra—— C:\WINDOWS\system32\HPZinw12.exe
2007-06-01 11:38 57,344 -ra—— C:\WINDOWS\system32\HPZisn12.dll
2007-06-01 11:38 51,024 -ra—— C:\WINDOWS\system32\drivers\hpzid412.sys
2007-06-01 11:38 233,528 -ra—— C:\WINDOWS\system32\HPZidr12.dll
2007-06-01 11:38 167,936 -ra—— C:\WINDOWS\system32\HPZipr12.dll
2007-06-01 11:38 16,080 -ra—— C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-06-01 11:36 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
2007-06-01 11:34 20,458 ——— C:\WINDOWS\hpoins01.dat
2007-06-01 11:34 16,622 ——— C:\WINDOWS\hpomdl01.dat
2007-06-01 11:34 <DIR> d——– C:\Program Files\Hewlett-Packard
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-29 09:52:22 12 —-a-w C:\WINDOWS\bthservsdp.dat
2007-06-27 15:48:42 73,728 —-a-w C:\WINDOWS\system32\sockspy.dll
2007-06-27 15:48:30 77,824 —-a-w C:\WINDOWS\system32\xcomm.dll
2007-05-16 15:19:44 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:19:52 7,680 —-a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-06-27 21:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDMCon"="C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe" [2007-06-27 17:48]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 18:53]
"BDNewsAgent"="C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe" [2005-06-09 11:28]
"BDSwitchAgent"="C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe" [2005-04-06 14:09]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]
"LaunchApp"="" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-08-09 22:29]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]
"@"="" []
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 21:02]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 19:52]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjk]
C:\WINDOWS\system32\jkkjk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 11:55:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]
Completion time: 2007-06-29 12:20:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-06-29 12:02
— E O F —
:-? 8) 8) - Sorry voor de late reactie, ik had de notificatie gemist.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:cba7709b4c][b:cba7709b4c] - Bij combofix is de log een batch file, die het aanmaken van een echte logfile opstart… dit lukt echter niet. Er is wel een andere log file, nl. combofix quarantined files. Die bevat volgende:
[code:1:855762f81b]
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtrrrs.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtrsqo.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtspno.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtttuu.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtuuur.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\byxvwuu.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\byxyvvw.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\byxyxvs.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxuvvw.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxvspp.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxvwwu.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddccaab.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcdecb.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccbbca.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\fcccaya.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\fcccyay.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccyaww.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\gebbayv.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\gebbyvs.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgghhhf.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\iiffdbx.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkifcc.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkigec.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfcbxv.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfffdb.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\mljihgg.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnlklk.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnnkjg.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnnnno.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnolli.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnkjij.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmmlk.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnoml.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\qommkhg.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\qommlkl.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\qomnonm.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\qptvkbns.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqoll.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqonn.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqpmk.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqrrp.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrrrqq.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqqqnm.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvsttt.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqnkig.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqnkjk.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtutrom.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvuvwtq.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyvvvu.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxywusq.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyxwuv.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyxyvv.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyyyvt.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\yaywtts.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayyvwx.dll.vir
2007-06-27 10:53 66112 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\rtfdkgeo.dll.vir
2007-06-27 10:56 128576 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\cwkbenuo.dll.vir
2007-06-28 18:41 36122 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\RemoveVideoActiveXObject.reg.vir
2007-06-29 11:32 846 –a—— C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
Map PATH-lijst voor volume ACER
Het volumenummer is 13D8-E09C
C:\QOOBOX
\—Quarantine
+—Registry_backups
| LEGACY_DOMAINSERVICE.reg.cf
|
\—C
\—WINDOWS
\—system32
qommkhg.dll.vir
qptvkbns.dll.vir
nnnolli.dll.vir
jkkigec.dll.vir
fcccyay.dll.vir
xxyvvvu.dll.vir
awtttuu.dll.vir
pmnnoml.dll.vir
mljihgg.dll.vir
rqrqonn.dll.vir
efcdecb.dll.vir
cbxvspp.dll.vir
byxyvvw.dll.vir
nnnlklk.dll.vir
qomnonm.dll.vir
rqrqpmk.dll.vir
ddccaab.dll.vir
qommlkl.dll.vir
khfffdb.dll.vir
fcccaya.dll.vir
byxvwuu.dll.vir
yaywtts.dll.vir
gebbayv.dll.vir
urqnkjk.dll.vir
cbxvwwu.dll.vir
tuvsttt.dll.vir
urqnkig.dll.vir
nnnnnno.dll.vir
gebbyvs.dll.vir
khfcbxv.dll.vir
iiffdbx.dll.vir
xxyyyvt.dll.vir
xxywusq.dll.vir
xxyxwuv.dll.vir
fccbbca.dll.vir
pmnmmlk.dll.vir
ssqqqnm.dll.vir
xxyxyvv.dll.vir
awtrrrs.dll.vir
rqrqrrp.dll.vir
pmnkjij.dll.vir
awtrsqo.dll.vir
rqrrrqq.dll.vir
wvuvwtq.dll.vir
rqrqoll.dll.vir
awtuuur.dll.vir
yayyvwx.dll.vir
vtutrom.dll.vir
awtspno.dll.vir
jkkifcc.dll.vir
cbxuvvw.dll.vir
fccyaww.dll.vir
hgghhhf.dll.vir
byxyxvs.dll.vir
nnnnkjg.dll.vir
RemoveVideoActiveXObject.reg.vir
cwkbenuo.dll.vir
rtfdkgeo.dll.vir
[/code:1:855762f81b]
De hijackthis zegt volgende:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:14, on 2007-07-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\DOCUME~1\Hans\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\ComboFix\catchme.cfexe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Hans\Mijn documenten\HiJackThis_v2.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
–
End of file - 9751 bytes - Logje ziet er wel goed uit, zijn er nog problemen?
- [quote:2ac259b1e7="smeenk"]Logje ziet er wel goed uit, zijn er nog problemen?[/quote:2ac259b1e7]
opstarten en afsluiten gaat nog altijd zeer traag (bij afsluiten moet ik meestal meerdere keren de opdracht geven, anders blijft ie gewoon aan). Eenmaal hij opgestart is, geen enkel probleem buiten af en toe eens wat getreuzel. Heb van een vriend van mij gehoord dat hij er mogelijk het msn-virus mee heeft opgelopen toen hij bezig was, ga eens rondkijken hier om dat eventueel te verwijderen en dan zien we wel…
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
