PDA

Volledige versie bekijken : Zeer veel avast waarschuwingen, Trojan



Vespa
30 januari 2007, 18:29
De HighjackThis log

Logfile of HijackThis v1.99.1
Scan saved at 6:26:54 PM, on 01/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\WINDOWS\system32\kernels88.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Windows\xpupdate.exe
C:\DOCUME~1\Vespa\LOCALS~1\Temp\15645875.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\dlh9jkd1q7.exe
C:\WINDOWS\system32\dlh9jkd1q6.exe
C:\WINDOWS\system32\dlh9jkd1q7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\vxga1me4t1.exe
C:\WINDOWS\system32\vxga4m1et4.exe
C:\Documents and Settings\Vespa\Bureaublad\ANTI SPYWARE !!!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.skynet.be/page.html?channel=search&topic=av&content=default
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.skynet.be/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skynet.be
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.belgacom.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels88.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [WhatPulse] "C:\Program Files\WhatPulse\WhatPulse.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Vespa\LOCALS~1\Temp\15645875.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6685B2AF-CE4C-432B-A3CA-23AF77462EF6}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\tlxih.dll
O23 - Service: Automation License Key Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

** Ik heb nog een probleemke, als ik taakbeheer wil opzetten komt er "Taakbeheer is uitgeschkeld door systeembeheerder" Hoe kan ik dat terug opzetten !? **

Jurgenv1
30 januari 2007, 18:44
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Vespa
30 januari 2007, 19:14
"Vespa" - 07-01-30 19:01:11 Service Pack 2
ComboFix 07.01.30 - Running from: "C:\Documents and Settings\Vespa\Bureaublad"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dlh9jkd1q6.exe
C:\WINDOWS\system32\dlh9jkd1q7.exe
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\kernels88.exe
C:\WINDOWS\system32\qvx5gamet2.exe
C:\WINDOWS\system32\qvxga6met3.exe
C:\WINDOWS\system32\qvxga7met4.exe
C:\WINDOWS\system32\vxg6ame4.exe
C:\WINDOWS\system32\vxga1me4t1.exe
C:\WINDOWS\system32\vxga4m1et4.exe
C:\WINDOWS\system32\vxga4me1.exe
C:\WINDOWS\system32\vxga8me6.exe
C:\DOCUME~1\Vespa\Application Data\Microsoft\Internet Explorer\Desktop.htt
C:\WINDOWS\system32\vxga4me1.exe
C:\DOCUME~1\Vespa\Application Data\Install.dat
C:\WINDOWS\system32\inet.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\comdlj32.dll
C:\WINDOWS\desktop.html
C:\WINDOWS\xpupdate.exe
C:\Windows\xpupdate.exe
C:\Program Files\BraveSentry


((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))


2007-01-30 18:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-01-30 18:32 32,832 --a------ C:\exe.exe
2007-01-30 17:42 169,984 --a------ C:\WINDOWS\system32\tlxih.dll
2007-01-30 17:41 <DIR> d-------- C:\Program Files\Cracks
2007-01-30 17:39 <DIR> d-------- C:\DOCUME~1\Vespa\Application Data\FlashFXP
2007-01-30 17:38 <DIR> d-------- C:\Program Files\FlashFXP
2007-01-30 16:28 <DIR> d-------- C:\DOCUME~1\Vespa\Application Data\SecondLife
2007-01-29 21:19 87,280 --a------ C:\WINDOWS\system32\wsatrace.dll
2007-01-29 21:19 <DIR> d-------- C:\Program Files\Poker Tracker V2
2007-01-29 17:44 <DIR> d-------- C:\Program Files\Yahoo!
2007-01-28 23:21 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2007-01-27 19:44 <DIR> d---s---- C:\Program Files\Xfire
2007-01-27 19:44 <DIR> d-------- C:\DOCUME~1\Vespa\Application Data\Xfire
2007-01-27 00:51 87,608 --a------ C:\DOCUME~1\Vespa\Application Data\ezpinst.exe
2007-01-27 00:51 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-27 00:51 47,360 --a------ C:\DOCUME~1\Vespa\Application Data\pcouffin.sys
2007-01-27 00:51 <DIR> d-------- C:\Program Files\vso
2007-01-27 00:51 <DIR> d-------- C:\DOCUME~1\Vespa\Application Data\Vso
2007-01-24 22:59 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-01-20 22:45 <DIR> d-------- C:\Program Files\Trymedia
2007-01-19 21:35 894,559 --a------ C:\WINDOWS\Bier Tycoon Uninstaller.exe
2007-01-19 21:34 <DIR> d-------- C:\Program Files\Eclypse
2007-01-19 21:34 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2007-01-19 17:55 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-01-19 17:55 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-01-15 13:31 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-01-09 19:44 796,672 --a------ C:\WINDOWS\GPInstall.exe
2007-01-09 19:44 <DIR> d-------- C:\Program Files\UNO Freeware
2007-01-07 13:13 <DIR> d-------- C:\library
2007-01-07 13:09 <DIR> d-------- C:\examenli
2007-01-07 13:03 92,160 --a------ C:\WINDOWS\system32\wisc30.dll
2007-01-07 13:03 91,648 --a------ C:\WINDOWS\system32\whsc30.dll
2007-01-07 13:03 55,808 --a------ C:\WINDOWS\system32\soapis30.dll
2007-01-07 13:03 437,760 --a------ C:\WINDOWS\system32\mssoap30.dll
2007-01-07 13:03 30,208 --a------ C:\WINDOWS\system32\mssoapr3.dll
2007-01-07 13:03 <DIR> d-------- C:\AX NF ZZ
2007-01-07 13:01 53,248 --a------ C:\WINDOWS\system32\S7WSILRX.DLL
2007-01-07 13:00 180,224 --a------ C:\WINDOWS\system32\scpw32.dll
2007-01-07 13:00 176,128 --a------ C:\WINDOWS\system32\OC01610603as.dll
2007-01-07 13:00 129,536 --a------ C:\WINDOWS\system32\scpbw32.dll
2007-01-07 13:00 1,310,720 --a------ C:\WINDOWS\system32\OT01602603as.DLL
2007-01-07 12:59 57,344 --a------ C:\WINDOWS\system32\MFC42ITA.DLL
2007-01-07 12:59 57,344 --a------ C:\WINDOWS\system32\MFC42FRA.DLL
2007-01-07 12:59 57,344 --a------ C:\WINDOWS\system32\MFC42ESP.DLL
2007-01-07 12:59 57,344 --a------ C:\WINDOWS\system32\MFC42DEU.DLL
2007-01-07 12:59 45,056 --a------ C:\WINDOWS\system32\MFC42JPN.DLL
2007-01-07 12:59 40,960 --a------ C:\WINDOWS\system32\MFC42KOR.DLL
2007-01-07 12:59 36,864 --a------ C:\WINDOWS\system32\MFC42CHT.DLL
2007-01-07 12:59 36,864 --a------ C:\WINDOWS\system32\MFC42CHS.DLL
2007-01-07 12:55 118,784 --a------ C:\WINDOWS\system32\s7ncmins.dll
2007-01-07 12:48 75,776 --a------ C:\WINDOWS\system32\drivers\VSNL2ADA.SYS
2007-01-07 12:48 69,685 --a------ C:\WINDOWS\system32\S7OTBLEX.dll
2007-01-07 12:48 495,669 --a------ C:\WINDOWS\system32\S7OINTFX.dll
2007-01-07 12:48 49,152 --a------ C:\WINDOWS\system32\dpmiresb.dll
2007-01-07 12:48 49,152 --a------ C:\WINDOWS\system32\dpmiresa.dll
2007-01-07 12:48 40,960 --a------ C:\WINDOWS\system32\MelbReg.dll
2007-01-07 12:48 33,280 --a------ C:\WINDOWS\system32\s7erwlcx.dll
2007-01-07 12:48 30,192 --a------ C:\WINDOWS\system32\drivers\dpmtrcdd.sys
2007-01-07 12:48 267,776 --a------ C:\WINDOWS\system32\drivers\DPMCONV.SYS
2007-01-07 12:48 233,472 --a------ C:\WINDOWS\system32\s7esetdx.dll
2007-01-07 12:48 131,072 --a------ C:\WINDOWS\system32\dplib.dll
2007-01-07 12:48 114,688 --a------ C:\WINDOWS\system32\dpmc2lib.dll
2007-01-07 12:48 110,645 --a------ C:\WINDOWS\system32\s7wcaotx.dll
2007-01-07 12:48 110,592 --a------ C:\WINDOWS\system32\dpc1lib.dll
2007-01-07 12:48 106,496 --a------ C:\WINDOWS\system32\dpc2lib.dll
2007-01-07 12:48 102,400 --a------ C:\WINDOWS\system32\Dpmilib.dll
2007-01-07 12:44 <DIR> d-------- C:\WINDOWS\Setup
2007-01-07 12:44 <DIR> d-------- C:\Program Files\Siemens
2007-01-07 12:44 <DIR> d-------- C:\Program Files\Common Files\Siemens
2007-01-04 23:29 <DIR> d-------- C:\Program Files\PartyGaming
2007-01-04 18:58 <DIR> d-------- C:\Program Files\RealVNC
2007-01-03 02:33 <DIR> d-------- C:\Program Files\PokerStars
2007-01-03 01:45 <DIR> d-------- C:\Program Files\Full Tilt Poker
2007-01-01 16:46 <DIR> d-------- C:\DOCUME~1\Vespa\Application Data\Mijn Battle for Middle-earth bestanden


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-01-30 18:36 -------- d---s---- C:\DOCUME~1\Vespa\Application Data\microsoft
2007-01-30 17:33 -------- d-------- C:\DOCUME~1\Vespa\Application Data\microgaming
2007-01-30 17:19 -------- d-------- C:\Program Files\unibetpokermpp
2007-01-30 16:28 -------- d-------- C:\DOCUME~1\Vespa\Application Data\mozilla
2007-01-29 10:12 -------- d-------- C:\DOCUME~1\Vespa\Application Data\limewire
2007-01-27 19:45 -------- d--h----- C:\Program Files\installshield installation information
2007-01-27 00:51 7824 --a------ C:\DOCUME~1\Vespa\Application Data\pcouffin.cat
2007-01-27 00:51 34 --a------ C:\DOCUME~1\Vespa\Application Data\pcouffin.log
2007-01-27 00:51 1144 --a------ C:\DOCUME~1\Vespa\Application Data\pcouffin.inf
2007-01-18 11:18 19656 --a------ C:\DOCUME~1\Vespa\Application Data\gdipfontcachev1.dat
2007-01-06 19:34 -------- d-------- C:\Program Files\mirc
2006-12-27 00:40 -------- d-------- C:\Program Files\playlinc
2006-12-27 00:35 -------- d-------- C:\DOCUME~1\Vespa\Application Data\acccore
2006-12-23 23:36 -------- d-------- C:\Program Files\radvideo
2006-12-22 00:23 -------- d-------- C:\DOCUME~1\Vespa\Application Data\leadertech
2006-12-22 00:16 -------- d-------- C:\Program Files\atari
2006-12-21 19:42 -------- d-------- C:\Program Files\supportsoft
2006-12-21 19:42 -------- d-------- C:\Program Files\support.com
2006-12-21 19:42 -------- d-------- C:\Program Files\Common Files\supportsoft
2006-12-21 19:42 -------- d-------- C:\Program Files\belgacom
2006-12-19 21:26 21840 --------- C:\WINDOWS\system32\sintfnt.dll
2006-12-19 21:26 17212 --------- C:\WINDOWS\system32\sintf32.dll
2006-12-19 21:26 12067 --------- C:\WINDOWS\system32\sintf16.dll
2006-12-16 01:20 -------- d-------- C:\Program Files\sierra on-line
2006-12-15 18:11 -------- d-------- C:\Program Files\limewire
2006-12-12 19:32 -------- d-------- C:\Program Files\designworks professional 4
2006-12-12 18:37 -------- d-------- C:\Program Files\logicworks 5
2006-12-10 13:44 -------- d-------- C:\Program Files\speedfan
2006-12-07 17:02 2174976 --------- C:\WINDOWS\system32\wmvcore.dll
2006-12-06 17:52 -------- d-------- C:\Program Files\winundelete
2006-12-06 17:50 -------- d-------- C:\Program Files\stellar phoenix fat & ntfs
2006-12-05 22:59 -------- d-------- C:\Program Files\Common Files\systemrequirementslab
2006-12-05 22:59 -------- d-------- C:\DOCUME~1\Vespa\Application Data\system requirements lab
2006-12-05 18:10 -------- d-------- C:\DOCUME~1\Vespa\Application Data\adobeum
2006-12-04 21:52 -------- d-------- C:\Program Files\web publish
2006-11-08 06:07 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-06 23:41 45056 --------- C:\WINDOWS\system32\sstunst3.exe
2006-11-04 14:14 1245696 --------- C:\WINDOWS\system32\msxml4.dll
2006-11-03 20:12 73216 --a------ C:\WINDOWS\st6unst.exe
2006-11-03 20:12 249856 --------- C:\WINDOWS\setup1.exe
2006-10-17 02:51 62 --ahs---- C:\DOCUME~1\Vespa\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"Steam"=""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AtiTrayTools"="\"C:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe\""
"WhatPulse"="\"C:\\Program Files\\WhatPulse\\WhatPulse.exe\""
"WinMedia"="C:\\DOCUME~1\\Vespa\\LOCALS~1\\Temp\\15645875.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Belgacom"="\"C:\\Program Files\\Belgacom\\bin\\sprtcmd.exe\" /P Belgacom"
"S7UB Start"="\"C:\\Program Files\\Common Files\\Siemens\\S7ubtoox\\s7ubtstx.exe\" -StartDB"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\WhatPulse.exe]
@="C:\\Program Files\\WhatPulse\\WhatPulse.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304B60787}"="DCOM Server 60787"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"DCOM Server 60787"="{2C1CD3D7-86AC-4068-93BC-A02304B60787}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


Completion time: 07-01-30 19:12:06




HIGHJACKTHIS LOG



Logfile of HijackThis v1.99.1
Scan saved at 7:14:14 PM, on 01/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\services.exe
c:\exe.exe
c:\exe.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\$NtUninstallKB8866535$\kavss.exe
C:\Program Files\Opera\Opera.exe
E:\Program Files\Aspyr\MTX\Game\MTX.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Vespa\Bureaublad\ANTI SPYWARE !!!\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skynet.be
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.belgacom.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [WhatPulse] "C:\Program Files\WhatPulse\WhatPulse.exe"
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Vespa\LOCALS~1\Temp\15645875.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6685B2AF-CE4C-432B-A3CA-23AF77462EF6}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\tlxih.dll
O23 - Service: Automation License Key Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Vespa
30 januari 2007, 19:15
Het heeft al wat gefixed, oa taakbehaar is terug

Alvast bedankt hiervoor !

Jurgenv1
30 januari 2007, 20:53
* Download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Unzip het naar je bureaublad.
Lees hier (http://home.planet.nl/~kleyn080/unzippenXPuitleg.html) hoe je op de juiste wijze moet unzippen/uitpakken.
Dit zal een nieuwe map op je bureaublad aanmaken met de naam Smitfraudfix
Verder nog niet gebruiken.

* Start nu je pc op in VEILIGE MODE. ( zonder netwerkondersteuning! )
Hoe start ik in veilige mode op. (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Clean de Cache and Cookies in IE: Sluit Internet Explorer.
Ga naar Configuratiescherm > Internet Opties > tab Algemeen
Klik de "Cookies verwijderen" knop
Klik op de "Bestanden verwijderen" knop ernaast
Vink aan: "Ook alle off line items verwijderen", klik OK
* Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is): Go to Extra > Opties.
Klik Privacy in het menu.
Klik op de knop wissen (Geschiedenis, Cookies, Cache).
Klik OK om het venster opnieuw te sluiten. * Clean andere Temporary files + Prullenbak Ga naar start > uitvoeren en typ: cleanmgr en klik ok.
Laat het je systeem scannen op bestanden die moeten verwijderd worden
Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
Klik daarna op ok. * Open de SmitfraudFix map en dubbelklik smitfraudfix.cmd
Kies optie #2 - Clean door 2 te typen en op "Enter" te klikken.

Er zal gevraagd worden : "Registry cleaning - Do you want to clean the registry ?"; antwoord "Yes/ja" door Y te typen en daarna op "Enter" te klikken. Dit zal je bureaublad terug herstellen en registersleutels die deze infectie heeft gemaakt terug verwijderen.

Daarna zal de tool nagaan als wininet.dll is geïnfecteerd. Indien dit het geval is, zal er gevraagd worden om de geïnfecteerde wininet.dll te herplaatsen met een niet geïnfecteerde kopie van wininet.dll aanwezig op je computer (indien gevonden); antwoord "Yes/ja" door Y te typen en daarna op Enter te klikken.

De tool zal daarna je computer opnieuw laten opstarten om de restanten te verwijderen;
Indien het niet automatisch opstart, start je pc zelf opnieuw op naar normale mode terug (dus geen veilige mode)
Een log zal openen na het opnieuw opstarten. Deze bevindt zich ook hier: C:\rapport.txt
Ik heb die log later nodig als checkup.

Opgelet : Optie #2 gebruiken op een niet geïnfecteerde computer zal uw bureaublad verwijderen.

* Voer een onlinescan uit met Panda: http://www.pandasoftware.com/products/activescan.htm
Vink aan: All my computer
Zorg ervoor dat alles aangevinkt is in de scanopties.

Na de scan kan je een log laten maken. Bewaar die log naar je bureaublad en kopieer en plak die in je volgend bericht,
samen met een nieuwe HijackThis Log en de log van smitfraudfix ( C:\rapport.txt )