Hijackthis log - win32/bubnix.a

Liane

04-06-2010 11:00

Ik kreeg 1x de melding dat ik Win32/Daurso.A had ( password stealer )
Maar nu als een dag of 3 krijg ik steeds de melding dat in Win32/bubnix.A heb. ( malware installer ? )
Ik heb alle stappen doorlopen en nog steeds is hij aanwezig. Ik hoop dat jullie iets kunnen vinden.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56, on 2010-06-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Essentials\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: nwiz.exe /installquiet
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ncmall.neopets.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (upload toepassing Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.5.9/uploadtoepassing.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196020322584
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.vcrlter.virginia.edu/AxisCamControl.ocx
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.nl/apps/EasyUploadX.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://85.89.83.244/activex/AMC.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://www.mijntoucan.nl/Reserved.ReportViewerWebControl.axd?ReportSession=geq22145ptuemwi0xnarfj55&ControlID=4cff2e91-fd9a-4973-aeb6-6979e8fefdf3&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 9765 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4168
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010-06-04 10:51:46
mbam-log-2010-06-04 (10-51-46).txt
Scantype: Snelle scan
Objecten gescand: 156077
Verstreken tijd: 37 minuut/minuten, 34 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\Documents and Settings\Liane\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
fazantje

04-06-2010 12:07

Hoi Liane,
Start HijackThis op en klik op “Do a scan only” en vink de volgende regels aan:
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll
Sluit alle vensters, behalve HijackThis en klik op fix checked.
Ik neem aan dat neopets.com jou bekend is, zoniet, dan ook die regel fixen!!
O15 - Trusted Zone: <—– Deze dus.
Download Combofix naar je Bureaublad.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het “NirCmd” venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post het logje van ComboFix samen met een nieuw HijackThis logje.
* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.
http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden
Succes,
Huib:)
Liane

04-06-2010 12:48

even een vraagje voordat ik de Zynga dingen verwijder.
Deze toolbar is bij mij bekend en die had ik al ruim voordat de virusmelding begon.
Zynga is een ontwikkelaar van spelletjes voor o.a. Facebook.
De toolbar is een hulpmiddeltje, ontwikkeld door Zynga zelf, om te zien wanneer je weer je bijvoorbeeld weer je groenten kunt oogsten.
Kan het virus in de toolbar geslopen zijn? of is Zynga onbekend voor jouw ?
En Neopets is mij ook bekend.
Ik heb in de tussentijd nogmaals de MBAM gedraaid en die kon niets meer vinden.
Ik draai nu een volledige virus scan in veiligheidsmodus omdat microsoft security essentials het geinfecteerde bestand na het opstarten meteen al in quarantaine gooide. Misschien dat hij op deze manier de virus wel kan verwijderen.
Als hij klaar is met scannen zal ik die combofix ook nog even proberen.
Alvast bedankt voor het kijken.
Groetjes Liane
fazantje

04-06-2010 13:06

Hoi Liane,
Het schijnt dat in het verleden veel problemen zijn geweest met Zynga.
Daarom wordt ie in het algemeen door (bijna) alle forums verwijderd.
Zynga staat dus nog ter discussie, zie:
http://www.systemlookup.com/CLSID/67840-tbZyng_dll_tbZyn0_dll_tbZyn1_dll_tbZyn2_dll.html
Zolang de loglezers geen bevestiging hebben dat Zynga “save” is, wordt deze door ons verwijderd.
In jou geval, moet je zelf maar die keuze maken.
Bij twijfel zeggen wij altijd, verwijderen.
Je kunt hem later altijd nog weer opnieuw binnen halen;)
Groetjes Huib:)
Liane

04-06-2010 16:28

De volledige virusscan in veiligheismodus heeft niets gevonden. De Zynga toolbar items die je had opgegeven heb ik verwijderd net als die van neopets.
ComboFix 10-06-03.01 - Liane 2010-06-04 16:07:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2565
Gestart vanuit: c:\documents and settings\Liane\Bureaublad\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Vb40032.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-05-04 to 2010-06-04 ))))))))))))))))))))))))))))))
.
2010-06-04 08:56 . 2010-06-04 08:56 388096 —-a-r- c:\documents and settings\Liane\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-04 08:18 . 2010-06-04 08:18 14336 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{82126FA2-2737-7A46-6D98-4CEB60EEEB49}-svchost.exe
2010-06-04 08:11 . 2010-06-04 08:11 ——– d—–w- c:\documents and settings\Liane\Application Data\Malwarebytes
2010-06-04 08:11 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 08:11 . 2010-06-04 08:11 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-04 08:11 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 08:11 . 2010-06-04 08:11 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 07:57 . 2010-06-04 07:57 14336 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{2AC2C6E0-DCA9-3BFB-930F-391589E79BC6}-svchost.exe
2010-06-04 07:15 . 2010-06-04 07:15 ——– d—–w- c:\documents and settings\Liane\Application Data\Windows Desktop Search
2010-06-03 12:15 . 2010-06-03 12:15 ——– d–h–r- c:\documents and settings\Liane\Onlangs geopend
2010-06-02 14:35 . 2010-06-02 14:35 638816 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{524BE298-CF57-F064-E70F-8C9FD096C35E}-IEXPLORE.EXE
2010-06-02 14:34 . 2010-06-04 14:16 772096 —-a-w- c:\windows\system32\drivers\tcxpeak.sys
2010-05-31 15:03 . 2010-05-31 15:03 ——– d—–w- c:\documents and settings\Liane\Application Data\TitanicMystery
2010-05-31 07:49 . 2010-05-31 07:49 ——– d—–w- c:\documents and settings\Liane\Application Data\BanzaiInteractive
2010-05-31 07:49 . 2010-05-31 07:49 ——– d—–w- c:\documents and settings\All Users\Application Data\BanzaiInteractive
2010-05-29 22:10 . 2010-05-29 22:10 ——– d—–w- c:\documents and settings\Liane\Application Data\Octoshape
2010-05-27 13:22 . 2001-09-06 19:27 5632 —-a-w- c:\windows\system32\ptpusb.dll
2010-05-27 13:22 . 2008-04-14 17:02 159232 —-a-w- c:\windows\system32\ptpusd.dll
2010-05-26 15:16 . 2010-05-26 15:16 ——– d-sh–w- c:\documents and settings\Default User\IECompatCache
2010-05-26 15:16 . 2010-05-26 15:16 ——– d-sh–w- c:\documents and settings\Default User\PrivacIE
2010-05-21 13:03 . 2010-05-21 13:03 ——– d—–w- c:\documents and settings\Liane\Application Data\GOA
2010-05-21 13:03 . 2010-05-21 13:03 ——– d—–w- c:\documents and settings\All Users\Application Data\GOA
2010-05-06 09:19 . 2010-05-06 09:19 ——– d—–w- c:\documents and settings\Liane\Local Settings\Application Data\Ascaron Entertainment
2010-05-06 07:56 . 2010-05-06 07:56 413696 —-a-w- c:\windows\system32\wrap_oal.dll
2010-05-06 07:56 . 2010-05-06 07:56 110592 —-a-w- c:\windows\system32\OpenAL32.dll
2010-05-06 07:29 . 2010-05-06 07:29 ——– d—–w- c:\program files\Deep Silver
2010-05-06 07:28 . 2010-05-06 07:28 ——– d—–w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 13:56 . 2010-01-26 13:35 ——– d—–w- c:\program files\Zynga
2010-06-04 08:03 . 2009-08-30 09:15 ——– d—–w- c:\program files\NVIDIA Corporation
2010-06-04 07:57 . 2009-03-27 11:04 ——– d—–w- c:\program files\Windows Desktop Search
2010-06-04 07:49 . 2008-08-22 18:36 ——– d—–w- c:\program files\Microsoft Silverlight
2010-06-04 07:18 . 2004-08-04 12:00 547878 —-a-w- c:\windows\system32\perfh013.dat
2010-06-04 07:18 . 2004-08-04 12:00 104588 —-a-w- c:\windows\system32\perfc013.dat
2010-06-04 07:15 . 2007-11-25 21:53 ——– d—–w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-03 11:20 . 2008-04-06 08:46 ——– d—–w- c:\program files\CCleaner
2010-06-02 14:32 . 2010-06-02 14:32 12 —-a-w- c:\documents and settings\Liane\Application Data\qcopjv.dat
2010-06-01 13:39 . 2010-04-04 10:33 ——– d—–w- c:\documents and settings\Liane\Application Data\vlc
2010-05-31 07:49 . 2007-11-29 14:41 ——– d—–w- c:\documents and settings\Liane\Application Data\Zylom
2010-05-30 14:45 . 2007-11-29 14:41 ——– d—–w- c:\program files\Zylom Games
2010-05-26 15:17 . 2008-02-10 11:26 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
2010-05-26 15:16 . 2008-02-10 11:26 ——– d—–w- c:\program files\AGEIA Technologies
2010-05-26 15:16 . 2010-02-18 20:58 88552 —-a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-11 15:28 . 2007-11-25 22:23 ——– d—–w- c:\program files\SC
2010-05-09 15:12 . 2007-11-25 22:36 ——– d–h–w- c:\program files\InstallShield Installation Information
2010-05-07 19:42 . 2007-11-25 19:51 88552 —-a-w- c:\documents and settings\Roy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 09:15 . 2007-11-25 22:04 88552 —-a-w- c:\documents and settings\Liane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 08:36 . 2010-01-01 18:55 221568 ——w- c:\windows\system32\MpSigStub.exe
2010-05-05 15:19 . 2007-12-27 22:07 ——– d—–w- c:\documents and settings\Liane\Application Data\dvdcss
2010-05-02 16:00 . 2009-01-03 21:05 ——– d—–w- c:\documents and settings\All Users\Application Data\Fugazo
2010-04-26 10:01 . 2010-04-26 09:57 ——– d—–w- c:\program files\TicTacPhoto
2010-04-23 13:50 . 2008-01-09 20:59 ——– d—–w- c:\documents and settings\Liane\Application Data\PlayFirst
2010-04-21 19:46 . 2007-11-26 19:14 ——– d—–w- c:\documents and settings\Roy\Application Data\vlc
2010-04-13 17:54 . 2010-04-13 11:13 ——– d—–w- c:\documents and settings\All Users\Application Data\incredible express
2010-04-12 15:45 . 2010-04-12 15:45 ——– d—–w- c:\documents and settings\Liane\Application Data\IronCode
2010-04-12 09:10 . 2010-04-12 09:09 ——– d—–w- c:\documents and settings\Liane\Application Data\MastersOfMystery2
2010-04-05 17:38 . 2010-02-18 20:55 ——– d—–w- c:\documents and settings\Liane\Application Data\OnlineOpslagManager
2010-04-05 17:32 . 2008-06-20 21:54 ——– d—–w- c:\program files\BankingTools
2010-04-03 17:23 . 2010-04-03 17:23 278120 —-a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 —-a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 —-a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 —-a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 —-a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:22 . 2010-04-03 17:22 81920 —-a-w- c:\windows\system32\nvwddi.dll
2010-03-27 15:31 . 2008-02-10 12:39 21840 —-atw- c:\windows\system32\SIntfNT.dll
2010-03-27 15:31 . 2008-02-10 12:39 17212 —-atw- c:\windows\system32\SIntf32.dll
2010-03-27 15:31 . 2008-02-10 12:39 12067 —-atw- c:\windows\system32\SIntf16.dll
2010-03-14 13:16 . 2010-03-23 23:13 61818 —-a-w- c:\documents and settings\Roy\Application Data\FCTB000062433\Toolbar\Uninst.exe
2010-03-14 13:16 . 2010-03-23 23:13 1517056 —-a-w- c:\documents and settings\Roy\Application Data\FCTB000062433\Toolbar\Toolbar.dll
2010-03-14 13:16 . 2010-03-23 23:13 242688 —-a-w- c:\documents and settings\Roy\Application Data\FCTB000062433\Toolbar\Helper.dll
2010-03-10 06:17 . 2004-08-04 12:00 420352 —-a-w- c:\windows\system32\vbscript.dll
2008-01-17 16:51 . 2008-01-17 16:51 1620780 —-a-w- c:\program files\online-stopwatch.exe
2008-03-07 20:15 . 2008-03-07 20:15 48 –sh–w- c:\windows\S5E528371.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
2009-11-03 20:12 556432 —-a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“RTHDCPL”=“RTHDCPL.EXE”
“MSSE”=“c:\program files\Microsoft Security Essentials\msseces.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll”
@=“Service”
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM
c:\windows\system32\dumprep 0 -k
2007-10-19 19:16 286720 —-a-w- c:\program files\QuickTime\QTTask.exe
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe”=
“c:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe”=
“c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe”=
“c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe”=
“c:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe”=
“c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe”=
“d:\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe”=
“d:\\World of Warcraft\\Launcher.exe”=
“d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe”=
“d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe”=
“d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE”=
“c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE”=
“c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe”=
“c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe”=
“c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe”=
“54925:UDP”= 54925:UDP:Brother Network Scanner
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
S3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;\??\c:\docume~1\Roy\LOCALS~1\Temp\FoxDriver.sys –> c:\docume~1\Roy\LOCALS~1\Temp\FoxDriver.sys
S3 FXDrv32;FXDrv32;c:\program files\FOXCONN\FOX LiveUpdate\FXDrv32.sys
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
— Andere Services/Drivers In Geheugen —
*Deregistered* - tcxpeak
.
Inhoud van de ‘Gedeelde Taken’ map
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-06-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe
2010-06-04 c:\windows\Tasks\User_Feed_Synchronization-{468E7CC1-78FE-49CA-8B43-BAE43D18B71B}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.5.9/uploadtoepassing.cab
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.nl/apps/EasyUploadX.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://85.89.83.244/activex/AMC.cab
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (2) (LocalSystem)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,0f,13,d8,5a,f1,91,40,9c,f1,73,\
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,0f,13,d8,5a,f1,91,40,9c,f1,73,\
“oafaeoddhlfpfgiaaadneoaabdlhcp”=hex:6b,61,6d,6a,62,6f,63,62,69,6a,62,61,62,69,
6e,62,6c,69,64,6c,63,6c,00,00
“napakoofbojmgjdeikdfghjnokeh”=hex:69,61,6b,6a,70,6d,6e,68,6e,62,6d,6f,63,69,
70,62,6a,63,00,00
“oajpmheljiddninckbofhednghfnkp”=hex:64,61,6d,6a,70,6e,64,61,00,d0
“datasecu”=hex:03,e4,38,42,fc,2d,a2,59,33,f0,32,70,3e,b6,50,b1,58,e4,5d,56,d5,
06,ef,bb,90,9c,d5,43,d9,64,fe,ef,f5,c2,8f,bd,5d,3e,ca,23,a1,1d,e7,17,78,b8,\
“rkeysecu”=hex:38,fb,ec,9e,68,17,d8,5e,de,d5,7c,10,26,22,65,24
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Voltooingstijd: 2010-06-04 16:17:35
ComboFix-quarantined-files.txt 2010-06-04 14:17
Pre-Run: 50,703,028,224 bytes beschikbaar
Post-Run: 58,821,464,064 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
- - End Of File - - 0395C45A5840483476538646EA25A6D0
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:27, on 2010-06-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Essentials\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (upload toepassing Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.5.9/uploadtoepassing.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196020322584
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.vcrlter.virginia.edu/AxisCamControl.ocx
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.nl/apps/EasyUploadX.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://85.89.83.244/activex/AMC.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://www.mijntoucan.nl/Reserved.ReportViewerWebControl.axd?ReportSession=geq22145ptuemwi0xnarfj55&ControlID=4cff2e91-fd9a-4973-aeb6-6979e8fefdf3&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 9050 bytes
Liane

04-06-2010 16:36

Ik heb mijn pc opnieuw opgestart maar ik krijg nog steeds de melding dat het WIN32/bubnix.A virus op mijn computer gevonden is. Hij vind hem in C:\WINDOWS\System32\svchost.exe
Aliases
Packed.Win32.Krap.xq (Kaspersky) TR/Agent.X.407 (Avira)
Trojan.Downloader.Bredolab.BU (BitDefender)
Win32/Agent.QMR (ESET)
Bredolab.gen.l (McAfee)
TROJ_BUBNIX.B (Trend Micro)
Groetjes Liane
fazantje

04-06-2010 18:49

Hoi Liane,
Ik zie zo 1-2-3 geen bijzonderheden in de logjes.
Maar voer eens een scan uit met NOD32:
http://translate.google.nl/translate?hl=nl&sl=en&u=http://www.eset.com/onlinescan/&ei=BCwJTOCxBNeIOK2H8AM&sa=X&oi=translate&ct=result&resnum=3&ved=0CDMQ7gEwAg&prev=/search%3Fq%3Donline%2Bscanner%26hl%3Dnl%26client%3Dfirefox-a%26hs%3DpsF%26rls%3Dorg.mozilla:nl:official
Laat even weten of ie het heeft gevonden en verwijderd.
Ik zal vanavond pas weer later reageren omdat ik weg ben.
Of een ander zal reageren;)
Succes,
Huib:)
Liane

05-06-2010 00:17

Helaas, ook nod32 heeft niets gevonden.
Dan toch maar, eerder dan geplanned, een nieuwe installatie van de pc
In iedergeval bedankt voor het kijken
Groetjes Liane

Hijackthis log - win32/bubnix.a

Liane

fazantje

Liane

fazantje

Liane

Liane

fazantje

Liane