Mededeling

Collapse
No announcement yet.

core.cache.dsk

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • core.cache.dsk

    Zoals al bij veel mensen zit er ook bij mij een 'leuke' trojan op; core.cache.dsk.
    Ik heb hem al geprobeerd weg te halen mbv CombiFix, maar zonder succes.
    Hopelijk kan iemand mij helpen aan de hand van mijn HijackThis log.

    Wouter

    ---------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:10:02, on 3-2-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\notepad.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Windows Live\Messenger Plus!\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: SX - Unknown owner - C:\Users\wouter\AppData\Local\Temp\SX.exe (file missing)

    --
    End of file - 6248 bytes

  • #2
    Om deze infectie te kunnen verwijderen heb ik een logje van Combofix nodig:

    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      ComboFix 08-02.03.1 - wouter 2008-02-03 13:48:42.5 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1043.18.1334 [GMT 1:00]
      Gestart vanuit: D:\Downloads\FireFox\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Windows\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
      .

      2008-02-03 13:47 . 2008-02-03 13:47 <DIR> d-------- C:\ComboFix2
      2008-02-03 04:46 . 2008-02-03 04:46 <DIR> d-------- C:\Users\wouter\AppData\Roaming\Ventrilo
      2008-02-03 04:46 . 2008-02-03 04:46 <DIR> d-------- C:\Users\wouter\AppData\Roaming\teamspeak2
      2008-02-03 04:44 . 2008-02-03 04:46 <DIR> d-------- C:\Program Files\Teamspeak 2
      2008-02-03 03:47 . 2008-02-03 03:47 0 --ah----- C:\ProgramData.LOG2
      2008-02-03 03:47 . 2008-02-03 03:47 0 --ah----- C:\ProgramData.LOG1
      2008-02-03 03:10 . 2008-02-03 13:50 <DIR> d-------- C:\Users\wouter\AppData\Roaming\uTorrent
      2008-02-03 02:35 . 2008-02-03 02:35 0 --a------ C:\Windows\pestpatrol5.INI
      2008-02-03 02:14 . 2008-02-03 02:14 <DIR> d-------- C:\Users\All Users\CA
      2008-02-03 02:14 . 2008-02-03 02:14 <DIR> d-------- C:\ProgramData\CA
      2008-02-03 02:14 . 2008-02-03 02:14 <DIR> d-------- C:\Program Files\Common Files\Scanner
      2008-02-03 02:13 . 2008-02-03 03:11 <DIR> d-------- C:\Program Files\eTrust Internet Security Suite
      2008-02-03 01:55 . 2008-02-03 03:31 <DIR> d-------- C:\Program Files\Google
      2008-02-03 01:35 . 2008-02-03 01:35 135 --a------ C:\Windows\wcx_ftp.ini
      2008-02-03 01:23 . 2008-02-03 01:23 <DIR> d-------- C:\Program Files\Ventrilo
      2008-02-03 01:22 . 2008-02-03 01:22 <DIR> d-------- C:\Program Files\VentriloMIX
      2008-02-03 01:22 . 2008-02-03 01:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-03 01:05 . 2008-02-03 01:05 <DIR> d-------- C:\totalcmd
      2008-02-02 23:06 . 2008-02-03 01:06 <DIR> d-------- C:\Users\wouter\AppData\Roaming\GHISLER
      2008-02-02 22:29 . 2008-02-03 13:40 <DIR> d-------- C:\Users\wouter\AppData\Roaming\AVG7
      2008-02-02 22:28 . 2008-02-02 22:28 <DIR> d-------- C:\Users\All Users\Grisoft
      2008-02-02 22:28 . 2008-02-02 22:32 <DIR> d-------- C:\Users\All Users\avg7
      2008-02-02 22:28 . 2008-02-02 22:28 <DIR> d-------- C:\ProgramData\Grisoft
      2008-02-02 22:28 . 2008-02-02 22:32 <DIR> d-------- C:\ProgramData\avg7
      2008-02-02 22:28 . 2008-02-02 22:28 499,712 --a------ C:\Windows\System32\msvcp71.dll
      2008-02-02 22:28 . 2008-02-02 22:28 55,304 --a------ C:\Windows\System32\drivers\avgwfp.sys
      2008-02-02 22:28 . 2008-02-02 22:29 9,216 --a------ C:\Windows\System32\avgwlntf.dll
      2008-02-02 22:02 . 2008-02-03 00:51 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
      2008-02-02 21:55 . 2008-02-02 21:55 250 --a------ C:\Windows\gmer.ini
      2008-02-02 20:31 . 2008-02-03 05:04 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
      2008-02-02 20:31 . 2008-02-03 04:49 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
      2008-02-02 20:31 . 2008-02-03 05:04 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
      2008-02-02 20:31 . 2008-02-02 20:31 22,328 --a------ C:\Users\wouter\AppData\Roaming\PnkBstrK.sys
      2008-02-02 20:31 . 2008-02-02 20:31 300 --a------ C:\Windows\game.ini
      2008-02-02 20:28 . 2008-02-02 20:31 <DIR> d-------- C:\Program Files\RegSupreme Pro
      2008-02-02 20:28 . 2008-02-02 20:28 23 --a------ C:\Windows\System32\abdcfda_d.ocx
      2008-02-02 20:12 . 2008-02-02 20:12 <DIR> d--hs---- C:\Windows\ftpcache
      2008-02-02 19:57 . 2008-02-03 03:08 569 --a------ C:\Windows\wininit.ini
      2008-02-02 19:31 . 2008-02-02 19:31 <DIR> d-------- C:\Users\wouter\AppData\Roaming\Lavasoft
      2008-02-02 19:17 . 2008-02-03 01:57 <DIR> d-a------ C:\Users\All Users\TEMP
      2008-02-02 19:17 . 2008-02-03 01:57 <DIR> d-a------ C:\ProgramData\TEMP
      2008-02-02 19:15 . 2008-02-02 22:36 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
      2008-02-02 19:15 . 2008-02-02 22:36 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
      2008-02-02 19:15 . 2008-02-02 19:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-02-02 19:15 . 2008-02-02 19:15 <DIR> d-------- C:\Program Files\Lavasoft
      2008-02-02 19:14 . 2008-02-03 01:59 <DIR> d-------- C:\Program Files\SpywareBlaster
      2008-02-02 19:13 . 2008-02-02 19:13 <DIR> d-------- C:\Users\All Users\Prevx
      2008-02-02 19:13 . 2008-02-02 19:13 <DIR> d-------- C:\ProgramData\Prevx
      2008-02-02 19:05 . 2008-02-02 22:39 <DIR> d-------- C:\Program Files\Hitman Pro
      2008-02-02 17:36 . 2008-02-02 17:36 78,440 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
      2008-02-02 16:46 . 2008-02-02 16:46 <DIR> d-------- C:\Program Files\MSXML 4.0
      2008-02-02 02:55 . 2008-02-02 02:55 167,545 --a------ C:\Windows\System32\drivers\core.cache.dsk
      2008-02-02 02:55 . 2008-02-02 02:55 86,144 --a------ C:\Windows\System32\drivers\UAGP355.sys
      2008-02-02 02:37 . 2008-02-02 02:37 <DIR> d-------- C:\Users\All Users\PC Drivers HeadQuarters
      2008-02-02 02:37 . 2008-02-02 02:37 <DIR> d-------- C:\ProgramData\PC Drivers HeadQuarters
      2008-02-02 02:19 . 2008-02-02 02:19 <DIR> d-------- C:\Users\All Users\Messenger Plus!
      2008-02-02 02:19 . 2008-02-02 02:19 <DIR> d-------- C:\ProgramData\Messenger Plus!
      2008-02-02 01:17 . 2008-02-02 01:54 <DIR> d-------- C:\Users\All Users\WLInstaller
      2008-02-02 01:17 . 2008-02-02 01:54 <DIR> d-------- C:\ProgramData\WLInstaller
      2008-02-02 01:17 . 2008-02-02 02:09 <DIR> d-------- C:\Program Files\Windows Live
      2008-02-02 01:17 . 2008-02-02 01:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-02-02 00:56 . 2008-02-02 00:57 286,720 --------- C:\Windows\Setup1.exe
      2008-02-02 00:56 . 2008-02-02 00:56 73,216 --a------ C:\Windows\ST6UNST.EXE
      2008-02-02 00:56 . 2008-02-02 00:56 303 --a------ C:\Windows\ST6UNST.000
      2008-02-02 00:55 . 2008-02-02 01:08 <DIR> d-------- C:\Program Files\Hattrick
      2008-02-02 00:53 . 2008-02-03 05:00 <DIR> d-------- C:\Users\wouter\AppData\Roaming\HLSW
      2008-02-02 00:53 . 2008-02-02 00:55 <DIR> dr------- C:\Program Files\HLSW
      2008-02-02 00:47 . 2008-02-02 00:47 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
      2008-02-02 00:43 . 2008-02-02 00:43 <DIR> d-------- C:\Windows\System32\custom matrices
      2008-02-02 00:42 . 2008-02-02 00:43 <DIR> d-------- C:\Windows\System32\C2MP
      2008-02-02 00:39 . 2008-02-02 00:39 <DIR> d-------- C:\Windows\System32\QuickTime
      2008-02-02 00:39 . 2008-02-02 00:39 <DIR> d-------- C:\Program Files\Codecs
      2008-02-02 00:39 . 2008-02-02 00:39 77,824 --a------ C:\Windows\System32\qttask.exe
      2008-02-02 00:39 . 2008-02-02 00:39 427 --a------ C:\Windows\System32\QuickTimeFavorites.qtr
      2008-02-02 00:29 . 2008-02-02 00:29 <DIR> d-------- C:\Users\wouter\AppData\Roaming\vlc
      2008-02-02 00:29 . 2008-02-02 00:29 <DIR> d-------- C:\Program Files\VLC
      2008-02-02 00:24 . 2008-02-02 00:24 <DIR> d-------- C:\Program Files\uTorrent
      2008-02-02 00:15 . 2008-02-02 00:18 <DIR> d-------- C:\Program Files\BSplayerPro
      2008-02-01 22:15 . 2008-02-01 22:15 <DIR> d-------- C:\Windows\System32\Macromed
      2008-02-01 22:10 . 2008-02-01 22:10 0 --a------ C:\Windows\nsreg.dat
      2008-02-01 21:58 . 2007-04-09 13:23 28,040 --a------ C:\Windows\System32\mdimon.dll
      2008-02-01 21:58 . 2008-02-01 21:58 392 --a------ C:\Windows\ODBC.INI
      2008-02-01 21:56 . 2008-02-01 21:56 <DIR> d-------- C:\Windows\PCHEALTH
      2008-02-01 21:56 . 2008-02-01 21:56 <DIR> d-------- C:\Program Files\Microsoft.NET
      2008-02-01 21:23 . 2008-02-01 21:23 <DIR> d-------- C:\Users\All Users\Acronis
      2008-02-01 21:23 . 2008-02-01 21:23 <DIR> d-------- C:\ProgramData\Acronis
      2008-02-01 21:23 . 2008-02-01 21:23 1,392,304 --a------ C:\Windows\System32\AutoPartNt.exe
      2008-02-01 21:23 . 2008-02-01 21:25 1,024 --a------ C:\Windows\System32\AutoPartNt.let
      2008-02-01 21:17 . 2008-02-01 21:17 <DIR> d-------- C:\Program Files\Common Files\Acronis
      2008-02-01 21:17 . 2008-02-01 21:17 <DIR> d-------- C:\Program Files\Acronis
      2008-02-01 21:17 . 2008-02-01 21:17 114,048 --a------ C:\Windows\System32\drivers\snapman.sys
      2008-02-01 21:14 . 2008-02-01 21:14 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
      2008-02-01 21:14 . 2007-03-09 09:56 17,920 --a------ C:\Windows\System32\SophosBootTasks.exe
      2008-02-01 21:13 . 2008-02-01 21:14 <DIR> d-------- C:\Users\All Users\Sophos
      2008-02-01 21:13 . 2008-02-01 21:14 <DIR> d-------- C:\ProgramData\Sophos
      2008-02-01 21:13 . 2008-02-01 21:14 <DIR> d-------- C:\Program Files\Sophos
      2008-02-01 21:12 . 2008-02-01 21:12 <DIR> d-------- C:\savwsa
      2008-02-01 21:12 . 2007-09-10 12:10 81,216 --a------ C:\Windows\System32\drivers\savonaccess.sys
      2008-02-01 21:04 . 2007-09-14 07:02 545 --a------ C:\Windows\UC.PIF
      2008-02-01 21:04 . 2007-09-14 07:02 545 --a------ C:\Windows\RAR.PIF

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-01 19:07 88,576 ----a-w C:\Windows\System32\avifil32.dll
      2008-02-01 19:07 82,944 ----a-w C:\Windows\System32\mciavi32.dll
      2008-02-01 19:07 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-02-01 19:07 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
      2008-02-01 19:07 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
      2008-02-01 19:07 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-02-01 19:07 69,632 ----a-w C:\Windows\System32\sendmail.dll
      2008-02-01 19:07 65,024 ----a-w C:\Windows\System32\avicap32.dll
      2008-02-01 19:07 61,440 ----a-w C:\Windows\System32\ntprint.exe
      2008-02-01 19:07 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-02-01 19:07 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-02-01 19:07 31,232 ----a-w C:\Windows\System32\msvidc32.dll
      2008-02-01 19:07 269,824 ----a-w C:\Windows\System32\schannel.dll
      2008-02-01 19:07 220,160 ----a-w C:\Windows\System32\ntprint.dll
      2008-02-01 19:07 123,904 ----a-w C:\Windows\System32\msvfw32.dll
      2008-02-01 19:07 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
      2008-02-01 19:07 12,800 ----a-w C:\Windows\System32\msrle32.dll
      2008-02-01 19:07 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
      2008-02-01 19:07 1,984,512 ----a-w C:\Windows\System32\authui.dll
      2008-02-01 19:06 8,192 ----a-w C:\Windows\System32\riched32.dll
      2008-02-01 19:06 77,824 ----a-w C:\Windows\System32\rascfg.dll
      2008-02-01 19:06 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
      2008-02-01 19:06 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
      2008-02-01 19:06 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
      2008-02-01 19:06 52,736 ----a-w C:\Windows\System32\rasdiag.dll
      2008-02-01 19:06 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
      2008-02-01 19:06 384,000 ----a-w C:\Windows\System32\netcfgx.dll
      2008-02-01 19:06 36,864 ----a-w C:\Windows\System32\cdd.dll
      2008-02-01 19:06 33,280 ----a-w C:\Windows\System32\traffic.dll
      2008-02-01 19:06 32,768 ----a-w C:\Windows\System32\rasmxs.dll
      2008-02-01 19:06 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
      2008-02-01 19:06 22,016 ----a-w C:\Windows\System32\rasser.dll
      2008-02-01 19:06 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
      2008-02-01 19:06 15,360 ----a-w C:\Windows\System32\pacerprf.dll
      2008-02-01 19:06 134,656 ----a-w C:\Windows\System32\dps.dll
      2008-02-01 19:06 13,824 ----a-w C:\Windows\System32\wshqos.dll
      2008-02-01 19:06 13,824 ----a-w C:\Windows\System32\icsunattend.exe
      2008-02-01 19:06 --------- d-----w C:\Program Files\Windows Calendar
      2008-02-01 19:03 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
      2008-02-01 19:03 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
      2008-02-01 19:03 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
      2008-02-01 19:03 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
      2008-02-01 19:02 --------- d-----w C:\Program Files\Windows Defender
      2008-02-01 10:23 --------- d-----w C:\Program Files\Windows Sidebar
      2008-02-01 10:23 --------- d-----w C:\Program Files\Windows Mail
      2008-02-01 10:21 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-02-01 10:21 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-02-01 10:21 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-02-01 10:21 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-02-01 10:21 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-02-01 10:21 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-02-01 10:21 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-02-01 10:21 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
      2008-02-01 10:21 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-02-01 10:21 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-01 10:21 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-01 10:21 2,923,520 ----a-w C:\Windows\explorer.exe
      2008-02-01 10:21 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-02-01 10:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-01 10:20 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-01 10:20 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-01 10:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-01 10:19 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-02-01 10:19 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-01 10:19 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
      2008-02-01 10:19 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-02-01 10:19 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
      2008-02-01 10:19 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-01 10:19 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-01 10:19 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-02-01 10:19 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-01 10:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-02-01 10:19 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2008-02-01 10:19 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
      2008-02-01 10:18 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-02-01 10:18 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-01 10:18 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-01 10:18 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-01 10:18 11,776 ----a-w C:\Windows\System32\sbunattend.exe
      2008-02-01 10:06 --------- d-sh--w C:\ProgramData\Sjablonen
      2008-02-01 10:06 --------- d-sh--w C:\ProgramData\Menu Start
      2008-02-01 10:06 --------- d-sh--w C:\ProgramData\Favorieten
      2008-02-01 10:06 --------- d-sh--w C:\ProgramData\Documenten
      2008-02-01 10:06 --------- d-sh--w C:\ProgramData\Bureaublad
      2008-02-01 10:03 174 --sha-w C:\Program Files\desktop.ini
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MessengerPlus3"="C:\Program Files\Windows Live\Messenger Plus!\MsgPlus.exe" [2008-02-02 02:03 190024]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-01 20:02 1006264]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
      "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
      "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-02 22:28 579072]
      "CaISSDT"="C:\Program Files\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
      "eTrustPPAP"="C:\Program Files\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-02-03 02:14 258048]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-02 22:28 219136]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
      avgwlntf.dll 2008-02-02 22:29 9216 C:\Windows\System32\avgwlntf.dll

      R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys [2007-09-10 12:10]
      R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-02-02 22:28]
      S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2007-02-22 19:53]
      S3 SX;SX;C:\Users\wouter\AppData\Local\Temp\SX.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdfbc4b9-d0ad-11dc-b1bf-806e6f6e6963}]
      \shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
      \shell\dinstall\command - F:\Directx\dxsetup.exe

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-03 13:52:21
      Windows 6.0.6000 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
      C:\Program Files\a-squared Anti-Malware\a2service.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Windows\system32\PnkBstrA.exe
      C:\Windows\system32\PnkBstrB.exe
      C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
      C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Windows\system32\conime.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Sophos\AutoUpdate\ALMon.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-03 13:53:17 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-03 12:53:13
      ComboFix2.txt 2008-02-03 03:30:50
      ComboFix3.txt 2008-02-03 03:03:58
      ComboFix4.txt 2008-02-03 02:34:54
      .
      2008-02-03 02:01:15 --- E O F ---

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

        File::
        C:\Windows\System32\drivers\UAGP355.sys

        Driver::
        UAGP355
        SX


        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

        Comment


        • #5
          Hij is er nu eindelijk af, echt super bedankt.
          Werd er helemaal kierewiet van. 5 jaar lang nooit een probleem geen enkel virus of trojan op mn computer.
          Heb ik een nieuwe computer, binnen 1 dag een klote trojan die er niet af wilt..

          Comment


          • #6
            Graag gedaan hoor

            Doe dit nog:
            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Dan denk ik dat alles wel weer schoon is

            Comment


            • #7
              Ja, dat had ik al gedaan, na aanleiding van andere posts..

              Comment


              • #8
                Mooi zo

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X