|
Haxdoor virus
|
|
26-02-2008, 22:23
Bericht: #1
|
|||
|
|||
|
Haxdoor virus
Hello
Mijn pc heeft een Haxdoor virus. hoe weet ik dat? Niet door mijn AVG virus scanner die altijd op staat. Ik heb die een volledige scan laten doen en die vind het niet eens. Kheb ook het hitman pro pakket laten doen op mijn pc, helaas, ook die kreeg het niet weg. Ik wist het dus doordat ik bluescreens/stopscreens krijg bij het afmelden van een van de profielen op mijn pc. volgde info vond ik op de site van microsoft: http://support.microsoft.com/kb/903251/nl Nu had ik wel graag geweten hoe ik die brol van mijn pc moet krijgen. Ik kan er niet echt aan uit wat er op die pagina staat. Thx |
|||
|
|
26-02-2008, 22:29
Bericht: #2
|
|||
|
|||
|
RE: Haxdoor virus
Hallo,
Download haxfix.exe en plaats het op je bureaublad. Dubbelklik op haxfix.exe om de tool te starten. Er opent een scherm met het volgende keuzemenu:
Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
27-02-2008, 22:37
Bericht: #3
|
|||
|
|||
|
RE: Haxdoor virus
ik heb het progje gedownload. staat op mijn bureaublad.
ik open het, kies optie 1. dan checkt hij voor infecties. hij checkt voor a3d files en matching notify keys dan krijg ik een error: C:\HaxFix\swreg.exe is geen geldige W32 toepassing. het programma loopt wel verder maar ik krijg die error nog een aantal keren. Uiteindelijk komt erop dat het een logfile wil maken en dan krijg ik de melding: FINDSTR: Kan C:\HaxFix\rootkit.log niet openen. en dat blijft er een eindeloos aantal keren opkomen ... Dus heb ik het maar gesloten. Advies? |
|||
|
|
|
27-02-2008, 22:56
Bericht: #4
|
|||
|
|||
|
RE: Haxdoor virus
Download HijackThis.
Sla het bestand op. Dubbelklik op HJTInstall.exe om de installatie te starten. Na de installatie start het programma. Klik op de knop "scan". Wanneer de hijackthisscan klaar is, verandert de knop 'Scan' in een knop 'Save logfile'. Klik hierop en sla de logfile op als hijackthis.log. Hijackthis.log zal openen. Post de inhoud van deze logfile in je volgende bericht. Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
28-02-2008, 20:37
Bericht: #5
|
|||
|
|||
|
RE: Haxdoor virus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:08, on 28/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/j...586-jc.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...wflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8728 bytes |
|||
|
|
|
28-02-2008, 20:51
Bericht: #6
|
|||
|
|||
|
RE: Haxdoor virus
Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix...-te-worden
Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het. Als het tooltje klaar is, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje samen met een nieuwe hijackthislog. Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
28-02-2008, 21:52
Bericht: #7
|
|||
|
|||
|
RE: Haxdoor virus
ok, ik heb het al even bekeken en het ziet er iets uit waar je best je aandacht bij kan houden.
Dus ik ga het best uitstellen tot dit weekend. ik ben momenteel te moe. Kzal dit weekend de logs posten. |
|||
|
|
|
02-03-2008, 13:35
Bericht: #8
|
|||
|
|||
|
RE: Haxdoor virus
ik nog eens. is de kans groot dat ik die herstelconsole moet gebruiken?
want ik vind het allemaal nogal ingewikkeld om te volgen. kheb ook redelijk wat data op mijn pc die ik liever niet zie verdwijnen. best eerste een backup maken? of is alles al geinfecteerd? |
|||
|
|
|
02-03-2008, 14:08
Bericht: #9
|
|||
|
|||
|
RE: Haxdoor virus
Ik denk niet dat er wat mis met de data.
Een backup kan je best achter de hand houden. Of je de procedure met de herstelconsole wil uitvoeren, beslis jij. Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
02-03-2008, 15:00
Bericht: #10
|
|||
|
|||
|
RE: Haxdoor virus
dit lijkt mij waarschijnlijk wel het veiligste maar lijkt mij ook behoorlijk ingewikkeld.
bedankt voor de reply. kzal toch maar even een backup maken. |
|||
|
|
|
03-03-2008, 10:55
Bericht: #11
|
|||
|
|||
|
RE: Haxdoor virus
ok ik ben nu die herstel console aan het instaleren. ik hoop dat ik dat ding niet nodig heb want ik heb geen flauw id hoe het werkt en wat ik er me moet doen moest mijn pc niet meer normaal willen opstarten.
|
|||
|
|
|
03-03-2008, 11:11
Bericht: #12
|
|||
|
|||
|
RE: Haxdoor virus
log van combofix:
ComboFix 08-03-03.6 - Michiel 2008-03-03 10:08:36.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.576 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Michiel\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))) . 2008-02-28 20:24 . 2008-02-28 20:24 <DIR> d-------- C:\Graphics 2008-02-28 20:24 . 2005-06-14 01:51 233,984 --------- C:\WINDOWS\system32\mwgfx24.dll 2008-02-28 20:24 . 2005-07-12 11:17 162,304 --------- C:\WINDOWS\system32\mwgfx.dll 2008-02-28 20:24 . 2005-06-04 12:45 103,424 --------- C:\WINDOWS\system32\mwdds.dll 2008-02-28 20:24 . 2004-05-14 10:13 56,832 --------- C:\WINDOWS\system32\mwace.dll 2008-02-28 19:36 . 2008-02-28 19:36 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-27 21:22 . 2008-02-27 21:38 <DIR> d-------- C:\HaxFix 2008-02-27 21:22 . 2008-02-27 21:37 449,390 --a------ C:\HaxFix.exe 2008-02-25 16:34 . 2008-02-25 16:34 <DIR> d-------- C:\Documents and Settings\Mapa\Application Data\Printer Info Cache 2008-02-25 16:34 . 2008-02-25 16:34 <DIR> d-------- C:\Documents and Settings\Mapa\Application Data\Image Zone Express 2008-02-23 21:18 . 2008-02-23 21:03 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-23 21:18 . 2008-02-23 21:18 2,555 --a------ C:\WINDOWS\unins000.dat 2008-02-23 16:35 . 2008-02-23 16:34 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-02-23 16:34 . 2008-02-23 16:35 <DIR> d-------- C:\Documents and Settings\Michiel\.housecall6.6 2008-02-18 21:41 . 2008-02-18 21:41 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-02-18 21:41 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-02-18 21:41 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-02-18 21:41 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-02-18 21:41 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-02-18 21:40 . 2008-02-18 21:40 <DIR> d-------- C:\Program Files\Futuremark 2008-02-17 14:39 . 2000-01-14 17:14 45,568 --a------ C:\WINDOWS\UniFish3.exe 2008-02-10 16:52 . 2008-02-10 16:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Magix 2008-02-08 16:58 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-02-08 16:58 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-02-08 16:58 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-02-08 16:55 . 2008-02-10 16:53 <DIR> d-------- C:\WINDOWS\system32\MAGIX 2008-02-08 16:55 . 2007-04-17 17:05 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll 2008-02-08 16:55 . 2007-04-27 10:43 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll 2008-02-08 16:55 . 2008-02-08 16:57 5,937 --a------ C:\WINDOWS\mgxoschk.ini 2008-02-05 16:43 . 2008-02-05 16:43 <DIR> d-------- C:\Documents and Settings\Michiel\WINDOWS 2008-02-05 12:54 . 2008-02-05 12:54 <DIR> d-------- C:\Documents and Settings\Michiel\Application Data\WeatherWatcher . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 09:02 --------- d-----w C:\Program Files\Hitman Pro 2008-02-28 18:07 --------- d-----w C:\Documents and Settings\Michiel\Application Data\AVG7 2008-02-24 10:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2008-02-24 07:02 --------- d-----w C:\Program Files\Spyware Doctor 2008-02-23 21:24 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-02-23 20:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-23 20:07 --------- d-----w C:\Program Files\ESET 2008-02-23 20:05 --------- d-----w C:\Program Files\SpywareBlaster 2008-02-23 20:03 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys 2008-02-23 15:48 --------- d-----w C:\Documents and Settings\Michiel\Application Data\uTorrent 2008-02-23 15:46 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7 2008-02-23 14:31 --------- d-----w C:\Program Files\Google 2008-02-18 20:42 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-02-18 20:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 16:40 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-09 14:58 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test Drive Unlimited 2008-02-05 15:29 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-02-05 11:55 --------- d-----w C:\Program Files\Weather Watcher 2008-02-05 10:27 --------- d-----w C:\Documents and Settings\Michiel\Application Data\LimeWire 2008-02-04 11:56 --------- d-----w C:\Documents and Settings\Michiel\Application Data\Winamp 2008-01-20 19:42 --------- d-----w C:\Program Files\AdVantage 2008-01-20 18:53 --------- d-----w C:\Documents and Settings\Michiel\Application Data\Lavasoft 2008-01-20 18:50 --------- d-----w C:\Program Files\Lavasoft 2008-01-20 18:48 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-20 18:48 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-30 15:54 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-12-11 18:26 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 08:08 577536 C:\WINDOWS\soundman.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 18:15 579072] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 17:15 219136] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-07 18:17:52 67128] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\Games\\Test Drive\\TestDriveUnlimited.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "D:\\Games\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"= "D:\\Games\\Freeciv\\Freeciv-2.0.9-gtk2\\civserver.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "D:\\DAP\\DAP.exe"= "D:\\Games\\Postal Share The pain\\System\\Postal2.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Games\\Kane and Lynch Dead Men\\kaneandlynch.exe"= "C:\\Documents and Settings\\Mapa\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"= "C:\\Program Files\\Hitman Pro\\wget.exe"= R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-02-23 21:03] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 10:10:36 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-03 10:10:57 . 2008-02-29 10:47:01 --- E O F --- |
|||
|
|
|
03-03-2008, 11:13
Bericht: #13
|
|||
|
|||
|
RE: Haxdoor virus
en het nieuwe hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:12:32, on 3/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/j...586-jc.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...wflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8524 bytes |
|||
|
|
|
03-03-2008, 18:54
(Dit bericht is het laatst bewerkt op 03-03-2008 om 18:54 door Marckie.)
Bericht: #14
|
|||
|
|||
|
RE: Haxdoor virus
Start HaxFix nog eens een keer.
Maak een logje via optie 1. Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
03-03-2008, 18:59
(Dit bericht is het laatst bewerkt op 03-03-2008 om 19:02 door euros.)
Bericht: #15
|
|||
|
|||
|
RE: Haxdoor virus
kan nog steeds geen logfile maken via haxfix.
ik krijg nog steeds die errors (is geen geldige w32 toepassing) en een oneindig aantal pogingen om een log te maken. |
|||
|
|
|
03-03-2008, 19:07
Bericht: #16
|
|||
|
|||
|
RE: Haxdoor virus
Ik zie geen sporen van Haxdoor in je logje.
Wanneer en hoe zijn de problemen begonnen? Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
03-03-2008, 19:12
Bericht: #17
|
|||
|
|||
|
RE: Haxdoor virus
is al ruim een maand aan de gang.
Ik ondervind eigenlijk nieks van hinder. Mijn pc is niet sneller of trager dan anders. Maar als ik mijn profiel afmeld en ik meld een ander aan krijg ik een bluescreen. Met een bepaalde code. Kheb die opgezocht en dan kwam ik op de site van microsoft. Daar las ik dat die code overeenkwam met een haxdoor besmetting. Kweet nie juist wat dat juist doet of zou moetten doen maar goed zal het wrs niet zijn. Khad het dus graag van mijn pc gehad. Maar nu blijkt het geen virus te zijn? Kheb al verschillende scans gedaan met AVG en het hitman pro pakket maar nooit nieks gevonden. |
|||
|
|
|
03-03-2008, 19:16
Bericht: #18
|
|||
|
|||
|
RE: Haxdoor virus
Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !! Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
![[Afbeelding: img6s.jpg]](http://www.jawwi.nl/english/tutorials/kaspersky/image/img6s.jpg)
|
03-03-2008, 20:33
Bericht: #19
|
|||
|
|||
|
RE: Haxdoor virus
de scan is nu aan het lopen (35 minuten intussen)
hij heeft dusver al 2 virussen met 4 besmette bestanden gevonden. logje komt er zeker eens het klaar is. hopelijk gaat de rest iets sneller :-) |
|||
|
|
|
03-03-2008, 21:23
Bericht: #20
|
|||
|
|||
|
RE: Haxdoor virus
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Monday, March 03, 2008 8:23:13 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 3/03/2008 Kaspersky Anti-Virus database records: 594525 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ I:\ Scan Statistics: Total number of scanned objects: 137525 Number of viruses found: 5 Number of infected objects: 23 Number of suspicious objects: 0 Duration of the scan process: 01:20:20 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10142007-153358.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mapa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Mapa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Michiel\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Messenger\vulcano36@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Messenger\vulcano36@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Messenger\vulcano36@hotmail.com\SharingMetadata\Working\database_4870_47DD_7047_CFFC\dfsr.db Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Messenger\vulcano36@hotmail.com\SharingMetadata\Working\database_4870_47DD_7047_CFFC\fsr.log Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Messenger\vulcano36@hotmail.com\SharingMetadata\Working\database_4870_47DD_7047_CFFC\fsrtmp.log Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Messenger\vulcano36@hotmail.com\SharingMetadata\Working\database_4870_47DD_7047_CFFC\tmp.edb Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B1C22D01-750B-42CB-B1D9-156A8A47A04B} Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Windows Live Contacts\vulcano36@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Application Data\Microsoft\Windows Live Contacts\vulcano36@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Geschiedenis\History.IE5\MSHist012008030320080304\index.dat Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Temp\~DF32B0.tmp Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Temp\~DF3307.tmp Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Temp\~DF842B.tmp Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Temp\~DF8436.tmp Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Michiel\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Michiel\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\itouch_crash_info.txt Object is locked skipped C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped C:\Program Files\ESET\logs\virlog.dat Object is locked skipped C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\chandir.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\chandir.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\chn.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\chn.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\D0000000.FCS Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\inuse.txt Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\L0000006.FCS Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\main.log Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs_die.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs_die.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs_dnd.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs_dnd.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs_ext.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs_ext.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs_rcv.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\prs_rcv.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\storydb.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Michiel\Data\storydb.idx Object is locked skipped C:\Program Files\Webteh\BSplayer\URL2\MEADInst.exe/AdVantage.exe Infected: not-a-virus:AdTool.Win32.WhenU.s skipped C:\Program Files\Webteh\BSplayer\URL2\MEADInst.exe/TR.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped C:\Program Files\Webteh\BSplayer\URL2\MEADInst.exe CAB: infected - 2 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{5E79F9FA-4685-4687-B22E-B4B101A0B06C}\RP137\A0016286.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped C:\System Volume Information\_restore{5E79F9FA-4685-4687-B22E-B4B101A0B06C}\RP182\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Caretake.evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Bit\Download Accelerator Plus v8.5.5.5 Build 292 Premium\CRACK\DAP.exe Infected: Trojan-Spy.Win32.Banker.fzf skipped D:\DAP\DAP.exe Infected: Trojan-Spy.Win32.Banker.fzf skipped D:\Progs\BS Player\bsplayer212[1].941_clip.exe/data0012 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped D:\Progs\BS Player\bsplayer212[1].941_clip.exe NSIS: infected - 1 skipped D:\Progs\imech 6\iMeshV7.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7.exe WiseSFX: infected - 3 skipped D:\Progs\imech 6\iMeshV7.exe WiseSFXDropper: infected - 3 skipped D:\Progs\imech 6\iMeshV7int.exe/WISE0045.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7int.exe/WISE0045.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7int.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7int.exe WiseSFX: infected - 3 skipped D:\Progs\imech 6\iMeshV7int.exe WiseSFXDropper: infected - 3 skipped D:\Progs\imech 6\iMeshV7nl.exe/WISE0045.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7nl.exe/WISE0045.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7nl.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped D:\Progs\imech 6\iMeshV7nl.exe WiseSFX: infected - 3 skipped D:\Progs\imech 6\iMeshV7nl.exe WiseSFXDropper: infected - 3 skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. |
|||
|
|
|
|
Gebruikers die deze discussie lezen: 1 gast(en)