antivirus.startpagina.nl

digeste.dll

  • Anonymous avatar

    buuf

    Hallo allemaal,

    Bij mijn ouders op de computer zit een virus het digeste.dll virus.

    Nu heb ik een hijjack this logje en een malwarebytes logje gemaakt.

    Zouden jullie deze willen nakijken???

    Groetjes Buuf

    Malwarebytes' Anti-Malware 1.34

    Database versie: 1862

    Windows 5.1.2600 Service Pack 3

    18-3-2009 14:38:13

    mbam-log-2009-03-18 (14-38-13).txt

    Scan type: Snelle Scan

    Objecten gescand: 84485

    Verstreken tijd: 4 minute(s), 14 second(s)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 1

    Registersleutels geïnfecteerd: 2

    Registerwaarden geïnfecteerd: 2

    Registerdata bestanden geïnfecteerd: 1

    Mappen geïnfecteerd: 0

    Bestanden geïnfecteerd: 4

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:

    C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.

    Registersleutels geïnfecteerd:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:

    C:\WINDOWS\system32\rs32net.exe (Trojan.Agent) -> Delete on reboot.

    C:\WINDOWS\system32\wpv481235998315.cpx (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.

    Logfile of HijackThis v1.99.0

    Scan saved at 14:28:20, on 18-3-2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Eset\nod32krn.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\UAService7.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

    C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe

    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

    C:\WINDOWS\System32\rs32net.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Documents and Settings\Gemma\Mijn documenten\hijackthis\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

    O4 - HKLM\..\Run: “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

    O4 - HKLM\..\Run: C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot

    O4 - HKLM\..\Run: “C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe”

    O4 - HKLM\..\Run: “C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe”

    O4 - HKLM\..\Run: “C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe” -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

    O4 - HKLM\..\Run: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

    O4 - HKLM\..\Run: C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

    O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

    O4 - HKLM\..\Run: C:\WINDOWS\System32\rs32net.exe

    O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background

    O4 - HKCU\..\Run: “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot

    O4 - HKCU\..\Run: “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    O4 - HKCU\..\Run: C:\WINDOWS\System32\rs32net.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll