Ongewild E-mails versturen

pippi

05-11-2009 18:53

Beste lezers
Ik heb weer wat.
Via m,n hotmail zijn ongewild emails verstuurd uit m'n adressenbestanden.
Ik heb alle instucties hierboven opgevolgd.
Het meest opvallende was Win32 backdoor.agent gevonden en verwijdert door Adaware.
Hieronder twee logjes.
Willen jullie aub kijken of nu alles in orde is?
Bvd Rita
Malwarebytes' Anti-Malware 1.41
Database versie: 3106
Windows 5.1.2600 Service Pack 3
5-11-2009 18:38:19
mbam-log-2009-11-05 (18-38-19).txt
Scan type: Snelle Scan
Objecten gescand: 120081
Verstreken tijd: 7 minute(s), 42 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:58, on 5-11-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hetbegin.jouwpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: SkyTel.EXE
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.170.99.34:82/activex/AMC.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 8036 bytes
fazantje

05-11-2009 20:33

Hoi Rita,
Hoe is het nu met jou probleem:S:S
In de logjes zie ik 1-2-3 geen bijzonderheden.
Groetjes Huib:)
pippi

05-11-2009 20:50

Hoi Huib,
Als jij geen byzonderheden meer ziet in de logjes dan kan ik er denk ik vanuit gaan dat alles in orde is.
Kan het die backdoor.agent geweest zijn die adaware heeft verwijdert?
Ik heb nu geen klachten meer.
Vroeg het even ter controle.
Bedankt!!
Rita
fazantje

05-11-2009 21:03

Hoi Rita,
Houd het even in de gaten, dan hoeven we nu niet dieper te zoeken;)
Mocht er toch morgen ofzo problemen komen, dan gelijk ff aan de bel trekken.
Groetjes Huib:)
pippi

05-11-2009 21:08

OK Huib.
Bedankt maar weer!
Groet, Rita
pippi

06-11-2009 15:12

Ik meld me net aan op m,n hotmail en krijg een kleine pop-up in beeld met een gele driehoek met daarin een uitroepteken en in de popup staat “hi!”.
Ook het bekende een OK knop.
Heb de popup weggeklikt met het rode kruisje rechtsboven.
Wat nu! Help.
Rita
fazantje

06-11-2009 18:57

Hoi Pippi,
Download Combofix naar je Bureaublad.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Succes,
Huib:)
pippi

06-11-2009 19:24

Bij deze de logjes:
ComboFix 09-11-05.05 - Gebruiker 06-11-2009 19:12.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3326.2718
Gestart vanuit: c:\documents and settings\Gebruiker\Mijn documenten\ComboFix.exe
AV: avast! antivirus 4.8.1351 *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\AVSredirect.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-06 to 2009-11-06 ))))))))))))))))))))))))))))))
.
2009-11-05 16:30 . 2009-11-05 16:30 93360 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 16:30 . 2009-11-05 16:30 93360 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-05 16:30 . 2009-11-05 16:30 554280 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-05 16:30 . 2009-11-05 16:30 212480 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-05 16:30 . 2009-11-05 16:30 283944 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-05 16:30 . 2009-11-05 16:30 1223976 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-05 16:30 . 2009-11-05 16:30 242984 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-26 17:08 . 2009-10-26 17:08 ——– d—–w- c:\windows\system32\wbem\Repository
2009-10-25 12:17 . 2009-10-25 12:17 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Help
2009-10-24 11:36 . 2009-10-24 11:36 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes
2009-10-24 11:36 . 2009-09-10 12:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 11:36 . 2009-10-24 11:36 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 11:36 . 2009-10-24 11:36 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-24 11:36 . 2009-09-10 12:53 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 11:31 . 2009-10-24 11:31 ——– d—–w- c:\program files\CleanUp!
2009-10-23 21:28 . 2009-11-05 16:25 ——– d—–w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-23 21:28 . 2009-11-05 16:13 ——– d—–w- c:\program files\Spybot - Search & Destroy
2009-10-23 20:21 . 2009-10-23 20:21 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-10-23 20:21 . 2008-02-06 23:42 ——– d—–w- c:\documents and settings\Administrator\Favorieten
2009-10-23 20:21 . 2008-02-06 23:42 ——– d—–w- c:\documents and settings\Administrator\Bureaublad
2009-10-23 20:20 . 2009-10-26 17:08 ——– d—–w- c:\documents and settings\Administrator
2009-10-23 20:20 . 2009-10-13 18:01 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-10-23 20:20 . 2008-02-06 23:42 ——– d–h–w- c:\documents and settings\Administrator\Onlangs geopend
2009-10-23 20:20 . 2008-02-06 23:42 ——– d–h–w- c:\documents and settings\Administrator\Netwerkprinteromgeving
2009-10-23 20:20 . 2008-02-06 23:42 ——– d—–w- c:\documents and settings\Administrator\Mijn documenten
2009-10-23 20:20 . 2008-02-06 23:42 ——– d—–r- c:\documents and settings\Administrator\Menu Start
2009-10-23 20:20 . 2008-02-06 22:49 ——– d–h–w- c:\documents and settings\Administrator\Sjablonen
2009-10-23 14:05 . 2009-10-23 14:05 ——– d—–w- c:\program files\Trend Micro
2009-10-23 12:59 . 2009-10-26 10:32 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\ApplicationHistory
2009-10-23 12:59 . 2009-10-23 12:59 132 —-a-w- c:\documents and settings\Gebruiker\Local Settings\Application Data\fusioncache.dat
2009-10-23 11:20 . 2009-10-23 11:20 8854 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{2FC09AE8-6FCC-4598-9511-F498A64F4490}\Uninstall_N_D_2FC09AE86FCC45989511F498A64F4490.exe
2009-10-23 11:20 . 2009-10-23 11:20 45056 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{2FC09AE8-6FCC-4598-9511-F498A64F4490}\NewShortcut11_2FC09AE86FCC45989511F498A64F4490.exe
2009-10-23 11:20 . 2009-10-23 11:20 45056 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{2FC09AE8-6FCC-4598-9511-F498A64F4490}\NewShortcut1_2FC09AE86FCC45989511F498A64F4490.exe
2009-10-23 11:20 . 2009-10-23 11:20 10134 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{2FC09AE8-6FCC-4598-9511-F498A64F4490}\ARPPRODUCTICON.exe
2009-10-23 11:19 . 2009-10-23 11:21 ——– d—–w- c:\program files\Prisma
2009-10-23 11:19 . 2009-10-23 11:19 ——– d—–w- c:\windows\Downloaded Installations
2009-10-23 11:18 . 2009-10-23 11:19 ——– d—–w- c:\windows\system32\URTTemp
2009-10-20 14:10 . 2009-10-20 14:10 ——– d—–w- c:\documents and settings\All Users\Application Data\InstallShield
2009-10-20 14:10 . 2009-10-20 14:10 ——– d—–w- c:\program files\Common Files\Jasc Software Inc
2009-10-20 14:10 . 2009-10-20 14:10 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Jasc Software Inc
2009-10-20 14:09 . 2009-10-20 14:10 ——– d—–w- c:\program files\Jasc Software Inc
2009-10-18 13:19 . 2009-11-05 16:30 537576 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-18 13:18 . 2009-10-18 13:18 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-18 13:18 . 2009-10-03 08:15 2924848 -c–a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-13 18:01 . 2009-10-13 18:01 ——– d—–w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-10-11 17:47 . 2009-10-11 17:47 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Search Settings
2009-10-11 12:16 . 2009-11-05 16:30 15880 —-a-w- c:\windows\system32\lsdelete.exe
2009-10-11 12:02 . 2009-10-11 12:02 ——– d—–w- c:\program files\Lavasoft
2009-10-11 11:10 . 2009-10-11 11:10 ——– d—–w- c:\program files\Axis Communications
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 16:29 . 2009-10-11 12:03 822904 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-05 16:29 . 2009-10-11 12:03 1638104 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-05 16:29 . 2009-10-11 12:03 788368 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-05 16:29 . 2009-10-11 12:03 1179232 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-01 20:33 . 2009-07-25 11:32 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\uTorrent
2009-10-25 11:34 . 2009-07-25 11:07 28264 —-a-w- c:\documents and settings\Gebruiker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-25 08:15 . 2004-08-04 12:00 69614 —-a-w- c:\windows\system32\perfc013.dat
2009-10-25 08:15 . 2004-08-04 12:00 442318 —-a-w- c:\windows\system32\perfh013.dat
2009-10-23 21:19 . 2009-07-24 15:48 ——– d—–w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-23 21:18 . 2009-07-24 15:49 ——– d—–w- c:\program files\Microsoft Works
2009-10-20 14:10 . 2008-02-06 16:22 ——– d—–w- c:\program files\Common Files\InstallShield
2009-10-19 08:55 . 2009-07-25 15:03 ——– d—–w- c:\program files\Common Files\Adobe
2009-10-12 13:17 . 2009-10-04 07:40 ——– d—–w- c:\program files\1-Click YouTube To MP3 Converter
2009-10-11 12:03 . 2009-10-11 12:02 ——– d—–w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-11 12:03 . 2009-10-11 12:03 17632 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-11 12:03 . 2009-10-11 12:03 68640 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-11 12:03 . 2009-10-11 12:03 64160 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-10-11 12:03 . 2009-10-11 12:03 303976 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-11 12:03 . 2009-10-11 12:03 85352 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-10-11 12:03 . 2009-10-11 12:03 640760 —-a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-06 18:25 . 2009-10-06 18:25 ——– d—–w- c:\program files\Microsoft
2009-10-05 18:23 . 2009-09-30 19:08 ——– d—–w- c:\program files\Creative
2009-10-05 17:58 . 2009-10-05 17:58 ——– d—–w- c:\program files\AviSynth 2.5
2009-10-05 17:58 . 2009-10-05 17:58 ——– d—–w- c:\program files\eRightSoft
2009-10-05 17:28 . 2009-10-05 17:27 5845664 —-a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative ZEN Mozaic Firmware 1.06.01__\ZENMozaic_PCFW_L22_1_06_01.exe
2009-10-05 17:26 . 2009-09-30 19:11 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Creative
2009-10-01 19:59 . 2009-10-01 19:59 ——– d—–w- c:\program files\Daniusoft
2009-09-30 19:17 . 2009-09-30 19:17 ——– d—–w- c:\program files\4Videosoft Studio
2009-09-30 19:09 . 2009-09-30 19:09 ——– d—–w- c:\documents and settings\All Users\Application Data\Creative
2009-09-30 19:09 . 2008-02-06 16:23 ——– d–h–w- c:\program files\InstallShield Installation Information
2009-09-30 18:36 . 2009-09-30 18:36 ——– d—–w- c:\program files\AliveMedia
2009-09-24 18:56 . 2009-09-24 18:56 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\HpUpdate
2009-09-24 18:56 . 2009-07-25 10:54 ——– d—–w- c:\program files\HP
2009-09-23 12:55 . 2009-10-11 12:03 64288 —-a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-11 14:20 . 2004-08-04 12:00 136192 —-a-w- c:\windows\system32\msv1_0.dll
2009-09-09 18:39 . 2009-09-09 18:39 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-09-09 18:39 . 2009-09-09 18:39 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-09 18:01 . 2009-08-20 19:55 ——– d—–w- c:\program files\Microsoft Silverlight
2009-09-04 21:05 . 2004-08-04 12:00 58880 —-a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:32 . 2004-08-04 12:00 832512 —-a-w- c:\windows\system32\wininet.dll
2009-08-29 07:32 . 2004-08-04 12:00 78336 —-a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:32 . 2004-08-04 12:00 17408 —-a-w- c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2004-08-04 12:00 247326 —-a-w- c:\windows\system32\strmdll.dll
2009-08-25 18:21 . 2009-08-25 18:20 118133 —-a-w- c:\windows\hpqins00.dat
2009-08-17 21:33 . 2009-08-17 21:33 1193832 —-a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2009-07-24 12:52 1279456 —-a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-24 12:52 93392 —-a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-24 12:52 94160 —-a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-24 12:52 114768 —-a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-24 12:52 20560 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-24 12:52 51376 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-24 12:52 23152 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-24 12:52 26944 —-a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-24 12:52 97480 —-a-w- c:\windows\system32\AvastSS.scr
2006-05-03 09:06 . 2009-10-05 17:58 163328 –sh–r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-10-05 17:58 31232 –sh–r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-10-05 17:58 216064 –sh–r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe”
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe”
“Ad-Watch”=“c:\program files\Lavasoft\Ad-Aware\AAWTray.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”
“SkyTel”=“SkyTel.EXE” - c:\windows\SkyTel.exe
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe
“Alcmtr”=“ALCMTR.EXE” - c:\windows\Alcmtr.exe
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
@=“Service”
“NBService”=3 (0x3)
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\uTorrent\\uTorrent.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys –> d:\FXDrv32.sys
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe
— Andere Services/Drivers In Geheugen —
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
“c:\program files\Common Files\LightScribe\LSRunOnce.exe”
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://hetbegin.jouwpagina.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 19:14
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-11-06 19:15
ComboFix-quarantined-files.txt 2009-11-06 18:15
Pre-Run: 416.577.662.976 bytes beschikbaar
Post-Run: 416.748.408.832 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
- - End Of File - - CA46CD04FB263EF9B94F6609E49AEF90
————————————————————————————————————————
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:07, on 6-11-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hetbegin.jouwpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: SkyTel.EXE
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.170.99.34:82/activex/AMC.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 7729 bytes
pippi

07-11-2009 08:26

Beste Lezers,
De kleine blauwe popup met gele driehoek en uitroepteken en het woord “hi!”
kwam net weer te voorschijn.(zie eerder bericht)
pippi

08-11-2009 00:36

Beste lezers
Ik kwam vanmiddag ineens niet meer hier op het prikbord.
Toen kreeg ik het helemaal spaans benauwd.
Op advies van iemand Microsoft Security Essentials gedownload.
Deze vond ; Vir tool:Win32/Obfuscator.EH (in quarantaine geplaatst)
Deze was niet geclassificeerd en ik moest een rapport verzenden.
Alles lijkt nu in orde kan dus ook weer op deze pagina komen.
Dit alles ter informatie aan jullie.

1 2