Mededeling

Collapse
No announcement yet.

Nod32 Threat Popup..om de paar minuten...

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Nod32 Threat Popup..om de paar minuten...

    Hallo sinds een paar dagen kreeg ik steeds zo n pop up om de vijf minuten:

    Het blijkt dat ik een malware/virusje heb die steeds IE opdracht geeft een file te creeren ofzo. Ik heb ook met housecall trendmicro gescanned daar vinden ze niets. EN tenslotte had ik PC geformateerd en installde Nod32 en alles begon weer om de 5 min POPup...
    Ik heb ff met HiJackthis een log gemaakt kan iemand met verstand ernaar kijken ?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:45:51 PM, on 2/23/2008
    Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203671988312
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203671983203
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

    Weet iemand hier raad mee?
    Labels: Geen
    • Citaat
  • #2
    Hi Fjire,

    Doe eventjes het volgende:

    1. * Clean de Cache and Cookies in IE:
    • Sluit Internet Explorer.
    • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    • Klik de Cookies verwijderen knop
    • Klik op de Bestanden verwijderen knop ernaast
    • Vink aan: Ook alle off line items verwijderen, klik OK
    * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
    • Go to Extra > Opties.
    • Klik Privacy in het menu.
    • Klik op de knop wissen (Geschiedenis, Cookies, Cache).
    • Klik OK om het venster opnieuw te sluiten.
    * Clean andere Temporary files + Prullenbak
    • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
    • Laat het je systeem scannen op bestanden die moeten verwijderd worden
    • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    • Klik daarna op OK.

    2. Download Dr.Web CureIt en sla het op je bureaublad op.
    • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
      Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
    • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
    • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
    • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
      • Adware: Verplaats
      • Dialers: Verplaats
      • Jokes: Rapportage
      • Riskware: Rapportage
      • Hacktools: Verplaats
      • Haal dan het vinkje weg bij 'Prompt bij actie'.
    • Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
      Druk vervolgens op Toepassen gevolgd door OK.
    • Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
      Druk daarna op het groene pijltje (start knop) om de scan te starten.
    • Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
    • Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
      Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
    • Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

    3. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix naar je Bureaublad.
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door Enter.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post, samen met het logje van Dr. Web.

    - Daniël
    • Citaat

    Comment

    • #3
      Hoi Daniel, excuses had het erg druk, en zeer bedankt voor de reply, kga proberen zo nauwkeurig mogelijk uitvoeren wat je heb gepost, alvast bedankt en ik zal de log posten na afloop! wellicht weet u ook raad mee of ik kan achterkomen of er nog traces van deze virus zitten misschien in de registry?
      • Citaat

      Comment

      • #4
        Dr Web:
        RegUBP2b-hi.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Verwijderd.;

        ComboFix 08-03-01.3 - hi 2008-03-01 20:25:56.1 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2602 [GMT 1:00]
        Running from: C:\Documents and Settings\hi\Local Settings\Temporary Internet Files\Content.IE5\JR963MOX\ComboFix[1].exe

        WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
        .

        ((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
        .

        2008-03-01 20:24 . 2008-02-12 10:29 389,120 --a------ C:\CF17136.exe
        2008-03-01 19:46 . 2008-03-01 19:46 <DIR> d-------- C:\Documents and Settings\hi\DoctorWeb
        2008-03-01 00:35 . 2008-03-01 00:35 <DIR> d-------- C:\Program Files\ImTOO
        2008-02-29 23:02 . 2008-03-01 13:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2008-02-29 23:02 . 2008-02-29 23:02 1,409 --a------ C:\WINDOWS\QTFont.for
        2008-02-29 21:28 . 2008-02-29 21:28 <DIR> d-------- C:\Program Files\Mediafour
        2008-02-29 20:51 . 2008-01-21 11:47 <DIR> d-a------ C:\Documents and Settings\hi\mspformat
        2008-02-29 20:51 . 2008-01-21 11:47 <DIR> d-a------ C:\Documents and Settings\hi\msinst
        2008-02-29 20:50 . 2008-01-21 11:50 <DIR> d-a------ C:\Documents and Settings\hi\Despertar v3
        2008-02-27 18:12 . 2008-02-27 18:12 <DIR> d-------- C:\Documents and Settings\hi\Application Data\vlc
        2008-02-27 18:11 . 2008-02-27 18:11 <DIR> d-------- C:\Program Files\VideoLAN
        2008-02-27 17:57 . 2008-02-27 17:57 <DIR> d-------- C:\Program Files\Xvid
        2008-02-27 17:57 . 2008-02-27 17:57 <DIR> d-------- C:\Documents and Settings\hi\Application Data\Media Player Classic
        2008-02-27 17:57 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
        2008-02-27 17:57 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
        2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
        2008-02-27 16:29 . 2008-02-27 16:35 <DIR> d-------- C:\Program Files\WinAVI Video Converter
        2008-02-27 16:10 . 2008-02-27 16:10 <DIR> d-------- C:\Program Files\Cucusoft
        2008-02-27 16:10 . 2006-09-11 04:13 409,600 --a------ C:\WINDOWS\system32\vampd.ax
        2008-02-27 16:10 . 2008-01-25 21:06 364,544 --a------ C:\WINDOWS\system32\cdg.dll
        2008-02-27 16:10 . 2006-09-27 17:46 348,160 --a------ C:\WINDOWS\system32\cdga.dll
        2008-02-27 16:10 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
        2008-02-27 16:10 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
        2008-02-27 16:10 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
        2008-02-27 15:53 . 2008-02-27 16:02 <DIR> d-------- C:\Program Files\ffdshow
        2008-02-27 15:50 . 2008-02-27 15:55 <DIR> d-------- C:\Documents and Settings\hi\Application Data\M3
        2008-02-27 15:28 . 2008-02-27 15:28 <DIR> d-------- C:\Documents and Settings\hi\Application Data\Apple Computer
        2008-02-27 15:26 . 2008-02-27 15:26 <DIR> d-------- C:\Program Files\QuickTime
        2008-02-27 15:26 . 2008-02-27 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
        2008-02-27 15:25 . 2008-02-27 15:26 <DIR> d-------- C:\Program Files\Apple Software Update
        2008-02-27 15:25 . 2008-02-27 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
        2008-02-27 15:08 . 2008-02-27 15:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
        2008-02-27 15:08 . 2008-02-27 15:08 <DIR> d-------- C:\Program Files\Reference Assemblies
        2008-02-27 15:07 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
        2008-02-26 22:41 . 2001-08-17 13:53 3,328 --a------ C:\WINDOWS\system32\drivers\qv2kux.sys
        2008-02-26 22:41 . 2001-08-17 13:53 3,328 --a--c--- C:\WINDOWS\system32\dllcache\qv2kux.sys
        2008-02-24 20:30 . 2008-02-24 20:57 <DIR> d-------- C:\Program Files\ACD Systems
        2008-02-24 15:07 . 2008-02-24 15:07 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
        2008-02-24 15:06 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
        2008-02-24 15:05 . 2008-02-24 15:07 <DIR> d-------- C:\Program Files\Hewlett-Packard
        2008-02-24 15:05 . 2008-02-24 15:07 181,872 --a------ C:\WINDOWS\hpdj5100.his
        2008-02-24 15:05 . 2008-02-24 15:07 11,431 --a------ C:\WINDOWS\hpdj5100.ini
        2008-02-24 15:00 . 2008-02-11 23:03 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
        2008-02-24 15:00 . 2008-02-11 23:03 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
        2008-02-24 14:44 . 2008-02-24 14:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
        2008-02-24 13:56 . 2008-02-24 13:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center
        2008-02-24 13:49 . 2001-01-12 10:12 446,464 --a------ C:\WINDOWS\system32\system32
        2008-02-23 21:10 . 2008-02-27 01:53 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
        2008-02-23 18:47 . 2008-02-24 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-02-23 18:30 . 2008-02-27 18:15 69 --a------ C:\WINDOWS\NeroDigital.ini
        2008-02-23 16:51 . 2008-02-28 10:42 <DIR> d-------- C:\ConverterOutput
        2008-02-23 16:50 . 2007-03-25 00:51 3,049,984 --a------ C:\WINDOWS\system32\libavcodec.dll
        2008-02-23 16:50 . 2007-03-25 21:40 2,174,976 --a------ C:\WINDOWS\system32\ffdshow.ax
        2008-02-23 16:50 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
        2008-02-23 16:50 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
        2008-02-23 16:50 . 2007-03-25 00:51 404,480 --a------ C:\WINDOWS\system32\libmplayer.dll
        2008-02-23 16:50 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
        2008-02-23 16:50 . 2007-01-01 05:30 200,704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
        2008-02-23 16:50 . 2007-03-25 00:51 114,688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
        2008-02-23 16:50 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
        2008-02-23 15:39 . 2008-02-23 15:39 <DIR> d-------- C:\Program Files\Trend Micro
        2008-02-23 15:08 . 2008-02-23 15:08 <DIR> d-------- C:\Program Files\MagicISO
        2008-02-23 14:20 . 2008-02-23 14:20 <DIR> d-------- C:\Program Files\DVD Shrink
        2008-02-23 14:20 . 2008-02-23 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
        2008-02-22 23:55 . 2008-02-22 23:55 <DIR> d-------- C:\Program Files\CDisplay
        2008-02-22 15:01 . 2008-02-22 15:01 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
        2008-02-22 15:01 . 2008-02-22 15:01 <DIR> d-------- C:\Program Files\SmartFTP Client
        2008-02-22 15:01 . 2008-02-22 15:01 <DIR> d-------- C:\Documents and Settings\hi\Application Data\SmartFTP
        2008-02-22 14:41 . 2008-02-23 16:16 <DIR> d-------- C:\Documents and Settings\hi\.housecall6.6
        2008-02-22 14:06 . 2008-02-22 14:06 <DIR> d-------- C:\WINDOWS\Sun
        2008-02-22 14:02 . 2008-02-22 14:45 <DIR> d-------- C:\Program Files\Java
        2008-02-22 14:02 . 2008-02-22 14:02 <DIR> d-------- C:\Program Files\Common Files\Java
        2008-02-22 14:02 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
        2008-02-22 14:01 . 2008-02-22 14:01 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
        2008-02-22 14:01 . 2008-02-23 15:43 <DIR> d-------- C:\Documents and Settings\hi\Application Data\HouseCall 6.6
        2008-02-22 12:39 . 2008-02-27 15:08 <DIR> d-------- C:\Program Files\MSBuild
        2008-02-22 12:39 . 2008-02-22 12:39 <DIR> d-------- C:\Program Files\Microsoft Works
        2008-02-22 12:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
        2008-02-22 12:36 . 2008-02-22 12:39 <DIR> d-------- C:\WINDOWS\SHELLNEW
        2008-02-22 12:36 . 2008-02-22 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2008-02-22 12:35 . 2008-02-22 12:35 <DIR> dr-h----- C:\MSOCache
        2008-02-22 12:32 . 2008-02-22 12:32 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
        2008-02-22 12:31 . 2008-03-01 10:37 54,911 --a------ C:\WINDOWS\system32\oodbs.lor
        2008-02-22 12:30 . 2008-02-22 12:30 <DIR> d-------- C:\Documents and Settings\hi\Application Data\DAEMON Tools
        2008-02-22 12:30 . 2008-02-22 12:30 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
        2008-02-22 12:28 . 2008-02-23 14:49 <DIR> d-------- C:\Documents and Settings\hi\Application Data\Ahead
        2008-02-22 12:28 . 2008-02-22 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
        2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Nero
        2008-02-22 12:27 . 2008-02-22 12:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
        2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
        2008-02-22 12:16 . 2008-02-27 15:40 <DIR> d-------- C:\WINDOWS\system32\oodag
        2008-02-22 12:16 . 2008-02-22 12:16 0 --a------ C:\WINDOWS\oodcnt.INI
        2008-02-22 12:13 . 2008-02-22 12:13 <DIR> d-------- C:\Program Files\OO Software
        2008-02-22 12:05 . 2008-02-22 12:05 <DIR> d-------- C:\Program Files\uTorrent
        2008-02-22 12:05 . 2008-03-01 17:33 <DIR> d-------- C:\Documents and Settings\hi\Application Data\uTorrent
        2008-02-22 11:53 . 2008-02-22 11:54 <DIR> d-------- C:\Program Files\FTDv3.8
        2008-02-22 11:52 . 2008-02-22 11:52 <DIR> d-------- C:\Program Files\SABnzbd
        2008-02-22 11:49 . 2008-02-22 16:07 <DIR> d-------- C:\Program Files\Google
        2008-02-22 11:49 . 2008-02-22 11:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
        2008-02-22 11:42 . 2008-02-22 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-02-27 15:17 --------- d-----w C:\Program Files\Combined Community Codec Pack
        2008-02-22 10:10 --------- d-----w C:\Program Files\Windows Live
        2008-02-22 10:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
        2008-02-22 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
        2008-02-22 09:24 --------- d-----w C:\Program Files\MSXML 6.0
        2008-02-22 09:24 --------- d-----w C:\Program Files\MSXML 4.0
        2008-02-22 09:24 --------- d-----w C:\Program Files\Lavalys
        2008-02-22 09:07 --------- d-----w C:\Program Files\Common Files\InstallShield
        2008-02-22 09:00 --------- d-----w C:\Program Files\Marvell
        2008-02-22 08:58 --------- d-----w C:\Program Files\Intel
        2008-02-22 08:51 --------- d-----w C:\Program Files\microsoft frontpage
        2008-02-22 08:48 --------- d-----w C:\Program Files\Windows Media Connect 2
        2008-02-12 13:59 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
        2008-02-12 13:59 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
        2008-02-12 13:58 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
        2008-02-12 10:34 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
        2008-02-12 09:29 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll
        2008-02-12 09:28 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
        2008-02-12 09:27 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
        2008-02-12 09:27 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
        2008-02-12 09:25 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
        2008-02-12 09:25 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
        2008-02-12 09:25 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
        2008-02-12 09:25 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
        2008-02-12 09:25 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
        2008-02-12 04:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
        2008-02-12 04:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
        2008-02-12 04:50 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
        2008-02-12 04:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
        2008-02-12 04:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
        2008-02-12 04:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
        2008-02-12 04:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
        2008-02-12 04:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
        2008-02-11 22:35 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys
        2008-02-11 22:34 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
        2008-02-11 22:30 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
        2008-02-11 22:24 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
        2008-02-11 22:23 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
        2008-02-11 22:23 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
        2008-02-11 22:23 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
        2008-02-11 22:22 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
        2008-02-11 22:22 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
        2008-02-11 22:22 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
        2008-02-11 22:21 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
        2008-02-11 22:20 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
        2008-02-11 22:20 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
        2008-02-11 21:51 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
        2008-02-11 21:51 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
        2008-02-11 21:51 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
        2008-02-11 21:50 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
        2008-02-11 21:50 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
        2008-02-11 21:50 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
        2008-02-11 21:50 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
        2008-02-11 21:50 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
        2008-02-11 21:50 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
        2008-02-11 21:50 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
        2008-02-11 21:50 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
        2008-02-11 21:50 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
        2008-02-11 21:50 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
        2008-02-11 21:50 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
        2008-02-11 21:48 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
        2008-02-11 21:47 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
        2008-02-11 21:47 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
        2008-02-11 21:47 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
        2008-02-11 21:47 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
        2008-02-11 21:47 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
        2008-02-11 21:47 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
        2008-02-11 21:47 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
        2008-02-11 21:47 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
        2008-02-11 21:46 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
        2008-02-11 21:46 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
        2008-02-11 21:46 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
        2008-02-11 21:46 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
        2008-02-11 21:45 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
        2008-02-11 21:45 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
        2008-02-11 21:44 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
        2008-02-11 21:44 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
        2008-02-11 21:42 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
        2008-02-11 21:40 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
        2008-02-11 21:40 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
        2008-02-11 21:39 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
        2008-02-11 21:39 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
        2008-02-11 21:38 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
        2008-02-11 21:37 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
        2008-02-11 21:37 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
        2008-02-11 21:37 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
        2008-02-11 21:37 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
        2008-02-11 21:37 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
        2008-02-11 21:37 129,792 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
        2008-02-11 21:36 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys
        2008-02-11 21:35 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
        2008-02-11 21:35 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
        2008-02-11 21:35 42,752 ----a-w C:\WINDOWS\system32\drivers\p3.sys
        2008-02-11 21:35 37,760 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
        2008-02-11 21:35 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
        2008-02-11 21:35 36,736 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
        2008-02-11 21:35 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
        2008-02-11 21:35 35,840 ----a-w C:\WINDOWS\system32\drivers\processr.sys
        2008-02-11 21:35 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
        2008-02-11 21:34 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
        .

        ------- Sigcheck -------

        b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\wininet.dll
        -c----w 823,808 2007-07-22 11:57:35 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
        ------w 666,112 2008-02-12 09:29:20 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
        ----a-w 666,112 2008-02-12 09:29:20 C:\WINDOWS\SoftwareDistribution\Download\914a74725f0c50e80d301debab99a69e\wininet.dll
        ----a-w 824,832 2007-12-07 02:21:48 C:\WINDOWS\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\SP2GDR\wininet.dll
        ----a-w 825,344 2007-12-07 02:01:13 C:\WINDOWS\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\SP2QFE\wininet.dll
        ----a-w 825,344 2007-12-07 02:01:13 C:\WINDOWS\system32\wininet.dll
        -c--a-w 825,344 2007-12-07 02:01:13 C:\WINDOWS\system32\dllcache\wininet.dll
        .
        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 10:29 15360]
        "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
        "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
        "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
        "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
        "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-22 11:29 949376]
        "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
        "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 19:05 2650112]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
        "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]
        "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
        "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
        "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
        "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 08:19 172032]
        "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
        "ShowDeskFix"="regsvr32 /s /n /i:u shell32"

        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
        Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-22 11:33:17 789008]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
        c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
        "C:\\Program Files\\uTorrent\\uTorrent.exe"=
        "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
        "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
        "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
        "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
        "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

        S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-17 00:00]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd41424b-e12d-11dc-9c88-001bfc3f08d8}]
        \Shell\AutoRun\command - H:\OnSpcLCK.exe

        .
        Contents of the 'Scheduled Tasks' folder
        "2008-02-27 14:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-01 20:27:03
        Windows 5.1.2600 Service Pack 3, v.3311 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        Completion time: 2008-03-01 20:27:27

        Bedankt, ik ga mijn Pctje nu formateren, ik maak me toch zorgen over de SDbotje die traces in de registry achterlaat, zal een windows Format (quick) dat weg halen, of blijven die virusse alsnog zitten in je disk?
        Last edited by fjire; 01-03-08, 20:32.
        • Citaat

        Comment

        • #5
          Oorspronkelijk geplaatst door fjire Bekijk Berichten
          Bedankt, ik ga mijn Pctje nu formateren, ik maak me toch zorgen over de SDbotje die traces in de registry achterlaat, zal een windows Format (quick) dat weg halen, of blijven die virusse alsnog zitten in je disk?
          Inmiddels al geformatteerd of nog niet? Zo niet zal ik je aanraden het lekker zo te laten en dit doorgeven zodat ik je log nog kan nakijken, het moet vrij simpel te verwijderen zijn met de juiste instructies.

          Als je formatteert zal ik niet voor de quick/snelle format kiezen.

          - Daniël
          • Citaat

          Comment

          • #6
            hoi daniel ja ik heb het geformateerd maar wel op quick:X , zal ik een herformat doen? of kan ik nog stapjes volgen om te controleren of het virus nog aanwezig is inmiddels heb ik via housecall online search, de volgende malwates: AWARE_Bestoffers en de GENERIC TROJ , dit staat als discription low risk voor beide. Via Nod32 Spybot S&D en ad-aware 2007 pro vind ik niets, enig idee?
            Last edited by fjire; 08-03-08, 20:43.
            • Citaat

            Comment

            • #7
              Misschien lokaties van die malware infecties?
              • Citaat

              Comment

              Vorige template Volgende
              Sorry, you are not authorized to view this page
              Working...
              X