Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Spigot, Inc

blacksea

By blacksea
in Spyware-Malware Removal Help!

Recommended Posts

blacksea Newbie

blacksea

Posted
Posted

I am opening again a new threat because I have noticed something today when I was looking into the firewall of Avast Application Rules. There were 2 things which I am not familiar with. So I googled them both for more information. Spigot, Inc is a Backdoor Trojan Horse for the most sites and the UNINSTALLER.exe could be a threat for what I have seen yet.

 

I have already scanned with IS360, SAS, MAMB and no threat found.

 

And also what I have noticed now is that I can not do a system restore.. When I click on it, I get an error that rstrui.exe doesnt work. First time I have experienced this.

 

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Cengii at 19:12:32,00 on vr 24-12-2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.838 [GMT 1:00]

 

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\Game Booster\GameBox.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Prevx\prevx.exe

C:\Program Files\Prevx\prevx.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Alwil Software\Avast5\afwServ.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Documents and Settings\Cengii\Mijn documenten\Downloads\dds (1).scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = www.google.nl

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll

BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [Google Update] "c:\documents and settings\cengii\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {DCB62696-EC23-458D-8C29-933E3196879E} = 156.154.70.25,156.154.71.25

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

============= SERVICES / DRIVERS ===============

 

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-11-11 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-11-11 190416]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-12-13 28552]

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-12-20 32008]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2010-12-7 14776]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-11-11 99792]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-11-11 340048]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-11 165584]

R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-20 76696]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-11 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-11 40384]

R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-11-11 119200]

R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-12-20 6416120]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-24 312152]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-11 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-11 40384]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-12-20 26096]

S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]

 

=============== Created Last 30 ================

 

2010-12-24 15:36:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-12-24 15:36:22 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-24 15:33:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-24 15:33:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-24 15:33:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-22 13:58:34 -------- d-----w- c:\windows\SxsCaPendDel

2010-12-22 02:58:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure

2010-12-20 18:35:05 71880 ----a-w- c:\windows\system32\PxSecure.dll

2010-12-20 18:35:04 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-12-20 18:35:04 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2010-12-20 18:35:02 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-12-20 18:35:02 -------- d-----w- c:\program files\Prevx

2010-12-20 18:34:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI

2010-12-20 16:09:50 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-12-19 23:38:30 -------- d-----w- c:\docume~1\cengii\applic~1\Malwarebytes

2010-12-19 23:38:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-12-13 22:57:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-12-13 22:57:23 -------- d-----w- c:\program files\Panda Security

2010-12-13 22:29:49 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-12-13 22:29:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-12-13 21:59:48 -------- d-----w- c:\docume~1\cengii\applic~1\QuickScan

2010-12-13 21:56:19 -------- d-----w- c:\program files\ESET

2010-12-07 16:12:07 26960 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2010-12-07 16:12:07 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2010-12-07 16:08:10 -------- d-----w- c:\docume~1\cengii\locals~1\applic~1\Temp

2010-12-07 16:08:06 -------- d-----w- c:\docume~1\cengii\locals~1\applic~1\Google

2010-12-01 16:22:44 -------- d-----w- c:\docume~1\cengii\applic~1\Office Genuine Advantage

2010-12-01 16:14:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-12-01 15:49:03 -------- d-----w- c:\program files\VideoLAN

2010-11-30 13:10:02 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-11-30 13:10:02 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-29 18:37:04 -------- d-----w- c:\program files\Veetle

2010-11-29 16:10:18 -------- d-----w- c:\windows\pss

2010-11-29 13:48:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo

2010-11-28 14:40:53 -------- d-----w- c:\docume~1\cengii\applic~1\SUPERAntiSpyware.com

2010-11-26 17:09:48 -------- d-----w- c:\docume~1\cengii\applic~1\TS3Client

2010-11-26 17:09:00 -------- d-----w- c:\docume~1\cengii\locals~1\applic~1\TeamSpeak 3 Client

2010-11-26 10:59:32 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

2010-11-26 10:59:31 32656 ----a-w- c:\windows\system32\msonpmon.dll

2010-11-26 10:50:44 -------- d-----w- c:\docume~1\cengii\locals~1\applic~1\Microsoft Help

2010-11-26 10:39:32 -------- d-----w- c:\program files\MSECache

 

==================== Find3M ====================

 

2010-11-18 18:15:46 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-17 18:56:34 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2010-11-17 18:56:34 1060864 ----a-w- c:\windows\system32\mfc71.dll

2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-11 12:29:18 0 ----a-w- c:\windows\ativpsrm.bin

2010-11-06 00:23:41 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:23:39 43520 ------w- c:\windows\system32\licmgr10.dll

2010-11-06 00:23:39 1991680 ----a-w- c:\windows\system32\iertutil.dll

2010-11-06 00:23:39 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27:25 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:09:50 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 14:05:42 1862400 ----a-w- c:\windows\system32\win32k.sys

2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll

 

============= FINISH: 19:13:42,62 ===============

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

Attach & Attachment

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10-11-2010 23:39:21

System Uptime: 24-12-2010 11:38:58 (8 hours ago)

 

Motherboard: PCCHIPS | | A33G

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | | 2000/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 203,315 GiB free.

D: is Removable

E: is Removable

F: is Removable

G: is Removable

H: is CDROM ()

I: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Ethernet-controller

Device ID: PCI\VEN_1039&DEV_0190&SUBSYS_01331019&REV_00\3&267A616A&0&20

Manufacturer:

Name: Ethernet-controller

PNP Device ID: PCI\VEN_1039&DEV_0190&SUBSYS_01331019&REV_00\3&267A616A&0&20

Service:

 

==== System Restore Points ===================

 

RP1: 10-11-2010 23:43:07 - Controlepunt van systeem

RP2: 10-11-2010 23:49:06 - Software Distribution Service 3.0

RP3: 11-11-2010 0:07:18 - Windows XP WgaNotify is geïnstalleerd.

RP4: 11-11-2010 0:08:37 - Software Distribution Service 3.0

RP5: 11-11-2010 0:37:42 - Software Distribution Service 3.0

RP6: 11-11-2010 12:43:09 - Software Distribution Service 3.0

RP7: 11-11-2010 13:17:15 - Installed Java 6 Update 22

RP8: 11-11-2010 13:18:43 - Installed Adobe Reader 9.4.0 - Nederlands.

RP9: 11-11-2010 13:27:39 - Geïnstalleerd ATI Catalyst Control Center

RP10: 11-11-2010 13:32:42 - Installed Dual-Core Optimizer.

RP11: 11-11-2010 13:53:46 - Advanced SystemCare RestorePoint

RP12: 11-11-2010 13:55:26 - Geïnstalleerd Realtek AC'97 Audio

RP13: 11-11-2010 14:01:14 - Installed Steam

RP14: 11-11-2010 18:56:45 - Software Distribution Service 3.0

RP15: 11-11-2010 21:12:35 - avast! Free Antivirus Setup

RP16: 12-11-2010 20:38:41 - DirectX is geïnstalleerd.

RP17: 15-11-2010 18:46:29 - Controlepunt van systeem

RP18: 19-11-2010 12:04:37 - Controlepunt van systeem

RP19: 21-11-2010 3:41:32 - Controlepunt van systeem

RP20: 22-11-2010 18:04:59 - Controlepunt van systeem

RP21: 23-11-2010 17:21:59 - Installed Microsoft Office Enterprise 2007

RP22: 23-11-2010 17:53:08 - Software Distribution Service 3.0

RP23: 24-11-2010 18:11:06 - Controlepunt van systeem

RP24: 24-11-2010 21:21:40 - IObit Uninstaller RestorePoint

RP25: 25-11-2010 12:41:05 - Software Distribution Service 3.0

RP26: 25-11-2010 12:51:56 - Herstelbewerking

RP27: 25-11-2010 12:59:30 - Herstelbewerking

RP28: 26-11-2010 11:39:45 - Installed Microsoft Office Word Viewer 2003

RP30: 26-11-2010 11:59:24 - Printerstuurprogramma Send To Microsoft OneNot is geïnstalleerd

RP31: 26-11-2010 16:39:47 - IObit Uninstaller RestorePoint

RP32: 26-11-2010 17:05:35 - IObit Uninstaller RestorePoint

RP33: 27-11-2010 3:00:50 - Software Distribution Service 3.0

RP34: 28-11-2010 3:00:59 - Software Distribution Service 3.0

RP35: 29-11-2010 14:42:34 - IObit Uninstaller RestorePoint

RP36: 29-11-2010 14:49:46 - Installed COMODO Internet Security

RP37: 29-11-2010 16:31:59 - IObit Uninstaller RestorePoint

RP38: 30-11-2010 14:06:28 - Herstelbewerking

RP39: 30-11-2010 14:35:08 - Configured Microsoft Office Enterprise 2007

RP40: 1-12-2010 11:31:58 - Software Distribution Service 3.0

RP41: 1-12-2010 16:28:31 - Installed COMODO Internet Security

RP42: 1-12-2010 16:44:22 - IObit Uninstaller RestorePoint

RP43: 2-12-2010 15:22:07 - Software Distribution Service 3.0

RP44: 3-12-2010 18:15:22 - Controlepunt van systeem

RP45: 4-12-2010 22:51:53 - Controlepunt van systeem

RP46: 7-12-2010 0:42:37 - Controlepunt van systeem

RP47: 8-12-2010 12:00:28 - Controlepunt van systeem

RP48: 9-12-2010 21:22:49 - Controlepunt van systeem

RP49: 11-12-2010 18:34:14 - Controlepunt van systeem

RP50: 12-12-2010 22:32:31 - IObit Uninstaller RestorePoint

RP51: 15-12-2010 3:17:46 - Controlepunt van systeem

RP52: 16-12-2010 17:06:34 - Software Distribution Service 3.0

RP53: 18-12-2010 18:05:53 - IObit Uninstaller RestorePoint

RP54: 18-12-2010 18:06:22 - Google Earth is verwijderd.

RP55: 19-12-2010 14:28:54 - IObit Uninstaller RestorePoint

RP56: 20-12-2010 14:34:07 - Controlepunt van systeem

RP57: 22-12-2010 14:44:49 - IObit Uninstaller RestorePoint

RP59: 23-12-2010 3:00:15 - Software Distribution Service 3.0

RP60: 24-12-2010 12:22:12 - Controlepunt van systeem

RP61: 24-12-2010 17:43:39 - Installed Java 6 Update 23

 

==== Installed Programs ======================

 

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1 - Nederlands

Adobe Shockwave Player 11.5

Advanced SystemCare 3

ATI - Software-verwijderprogramma

ATI Catalyst Control Center

ATI Display Driver

avast! Internet Security

Beveiligingsupdate voor Windows Internet Explorer 7 (KB2360131)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2416400)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)

Beveiligingsupdate voor Windows Media Player (KB2378111)

Beveiligingsupdate voor Windows Media Player (KB954155)

Beveiligingsupdate voor Windows Media Player (KB973540)

Beveiligingsupdate voor Windows Media Player (KB975558)

Beveiligingsupdate voor Windows Media Player (KB978695)

Beveiligingsupdate voor Windows XP (KB2079403)

Beveiligingsupdate voor Windows XP (KB2115168)

Beveiligingsupdate voor Windows XP (KB2121546)

Beveiligingsupdate voor Windows XP (KB2229593)

Beveiligingsupdate voor Windows XP (KB2259922)

Beveiligingsupdate voor Windows XP (KB2279986)

Beveiligingsupdate voor Windows XP (KB2286198)

Beveiligingsupdate voor Windows XP (KB2296011)

Beveiligingsupdate voor Windows XP (KB2296199)

Beveiligingsupdate voor Windows XP (KB2347290)

Beveiligingsupdate voor Windows XP (KB2360937)

Beveiligingsupdate voor Windows XP (KB2387149)

Beveiligingsupdate voor Windows XP (KB2423089)

Beveiligingsupdate voor Windows XP (KB2436673)

Beveiligingsupdate voor Windows XP (KB2440591)

Beveiligingsupdate voor Windows XP (KB2443105)

Beveiligingsupdate voor Windows XP (KB923561)

Beveiligingsupdate voor Windows XP (KB952004)

Beveiligingsupdate voor Windows XP (KB956572)

Beveiligingsupdate voor Windows XP (KB956744)

Beveiligingsupdate voor Windows XP (KB956844)

Beveiligingsupdate voor Windows XP (KB958869)

Beveiligingsupdate voor Windows XP (KB959426)

Beveiligingsupdate voor Windows XP (KB960803)

Beveiligingsupdate voor Windows XP (KB960859)

Beveiligingsupdate voor Windows XP (KB961501)

Beveiligingsupdate voor Windows XP (KB969059)

Beveiligingsupdate voor Windows XP (KB970430)

Beveiligingsupdate voor Windows XP (KB971657)

Beveiligingsupdate voor Windows XP (KB971961)

Beveiligingsupdate voor Windows XP (KB972270)

Beveiligingsupdate voor Windows XP (KB973507)

Beveiligingsupdate voor Windows XP (KB973869)

Beveiligingsupdate voor Windows XP (KB973904)

Beveiligingsupdate voor Windows XP (KB974112)

Beveiligingsupdate voor Windows XP (KB974318)

Beveiligingsupdate voor Windows XP (KB974392)

Beveiligingsupdate voor Windows XP (KB974571)

Beveiligingsupdate voor Windows XP (KB975025)

Beveiligingsupdate voor Windows XP (KB975467)

Beveiligingsupdate voor Windows XP (KB975560)

Beveiligingsupdate voor Windows XP (KB975562)

Beveiligingsupdate voor Windows XP (KB975713)

Beveiligingsupdate voor Windows XP (KB977816)

Beveiligingsupdate voor Windows XP (KB977914)

Beveiligingsupdate voor Windows XP (KB978037)

Beveiligingsupdate voor Windows XP (KB978338)

Beveiligingsupdate voor Windows XP (KB978542)

Beveiligingsupdate voor Windows XP (KB978601)

Beveiligingsupdate voor Windows XP (KB978706)

Beveiligingsupdate voor Windows XP (KB979309)

Beveiligingsupdate voor Windows XP (KB979482)

Beveiligingsupdate voor Windows XP (KB979687)

Beveiligingsupdate voor Windows XP (KB980195)

Beveiligingsupdate voor Windows XP (KB980232)

Beveiligingsupdate voor Windows XP (KB980436)

Beveiligingsupdate voor Windows XP (KB981322)

Beveiligingsupdate voor Windows XP (KB981349)

Beveiligingsupdate voor Windows XP (KB981852)

Beveiligingsupdate voor Windows XP (KB981957)

Beveiligingsupdate voor Windows XP (KB981997)

Beveiligingsupdate voor Windows XP (KB982132)

Beveiligingsupdate voor Windows XP (KB982214)

Beveiligingsupdate voor Windows XP (KB982665)

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Comodo Dragon

Counter-Strike: Source

Dual-Core Optimizer

ESET Online Scanner v3

Game Booster

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB976002-v5)

Hotfix voor Windows XP (KB2158563)

Hotfix voor Windows XP (KB2443685)

Hotfix voor Windows XP (KB961118)

IObit Security 360

Java Auto Updater

Java 6 Update 23

Malwarebytes' Anti-Malware

Messenger Plus! Live

MessengerDiscovery 2.5.95

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Dutch Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Dutch Language Pack

Microsoft .NET Framework 3.0 Nederlands taalpakket

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 Language Pack - nld

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 3.5 Service Pack 1 Nederlands taalpakket

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MSVCRT

MSXML 6.0 Parser (KB933579)

OGA Notifier 2.0.0048.0

Panda ActiveScan 2.0

Prevx

Realtek AC'97 Audio

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Segoe UI

Skins

Skype™ 5.0

Smart Defrag 2

Steam

SUPERAntiSpyware

TeamSpeak 3 Client

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update voor Windows Internet Explorer 8 (KB2362765)

Update voor Windows Internet Explorer 8 (KB976662)

Update voor Windows XP (KB2141007)

Update voor Windows XP (KB2345886)

Update voor Windows XP (KB2467659)

Update voor Windows XP (KB955759)

Update voor Windows XP (KB961503)

Update voor Windows XP (KB967715)

Update voor Windows XP (KB968389)

Update voor Windows XP (KB971737)

Update voor Windows XP (KB973687)

Update voor Windows XP (KB973815)

Veetle TV 0.9.18

VLC media player 1.1.5

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Live - Hulpprogramma voor uploaden

Windows Live aanmeldhulp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

XML Paper Specification Shared Components Language Pack 1.0

 

==== End Of File ===========================

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.

2. Double-click on MGADiag.exe and click Continue

3. When the program has finished, click on Copy

4. Post the results in your next reply.

*******************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

*******************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. A guide to do this can be found here

Double click commy.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Genuine

Validation Code: 0

Cached Validation Code: N/A

Windows Product Key: *****-*****-V24YM-DD3WG-PFR3J

Windows Product Key Hash: JJ/2cJQk+z86UcfiXIMxmM8vm94=

Windows Product ID: 76396-640-0343632-23982

Windows Product ID Type: 1

Windows License Type: Volume

Windows OS version: 5.1.2600.2.00010100.3.0.pro

ID: {40AA88F3-001F-4149-8E53-CC0E8077DA21}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: Registered, 1.9.40.0

Signed By: Microsoft

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1

Resolution Status: N/A

 

Vista WgaER Data-->

ThreatID(s): N/A

Version: N/A

 

Windows XP Notifications Data-->

Cached Result: 0

File Exists: Yes

Version: 1.9.40.0

WgaTray.exe Signed By: Microsoft

WgaLogon.dll Signed By: Microsoft

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: 2.0.48.0

OGAExec.exe Signed By: Microsoft

OGAAddin.dll Signed By: Microsoft

 

OGA Data-->

Office Status: 109 N/A

OGA Version: Registered, 2.0.48.0

Signed By: Microsoft

Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Comodo\Dragon\dragon.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->

File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x800b0100

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{40AA88F3-001F-4149-8E53-CC0E8077DA21}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PFR3J</PKey><PID>76396-640-0343632-23982</PID><PIDType>1</PIDType><SID>S-1-5-21-842925246-1960408961-1417001333</SID><SYSTEM><Manufacturer>PCCHIPS</Manufacturer><Model>A33G</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080013 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070831000000.000000+000</Date></BIOS><HWID>467B358F01846079</HWID><UserLCID>0413</UserLCID><SystemLCID>0413</SystemLCID><TimeZone>West-Europa (standaardtijd)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

 

Licensing Data-->

N/A

 

Windows Activation Technologies-->

N/A

 

HWID Data-->

N/A

 

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 18F57:Elitegroup Computer Systems Co Ltd

Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

 

OEM Activation 2.0 Data-->

N/A

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

Hi superdave,

 

First combofix did installed the Microsoft Windows Recovery Console on my computer. Then after renaming it to commy.exe I ran the scan. It said that it had found an activity of a rootkit and that the computer would be rebooting.

 

BUT, as I experience it alot and had posted here in this forum before, I have a common problem with shutting down my computer. I am not able to shut down the machine trought start. 1 out of 10 times it does shut down when I try, but most of the time I have to press the power button to shut it down.

 

So when it said that it would reboot, my computer did not. It was still black and I have waited for about an half hour to be sure. After that I had to press the power button.

 

So now it booted up and I saw combofix blue screen again with black background and it was 'starting' combofix. Also here I have waited for 20 minutes and it had no progress. So I did a system restore because I had no internet after combofix.

 

I don't know if I did wrong please tell me so then, but it didn't looked logical for me to wait for an application to get started for 20 minutes. But if this is how combofix works, then please tell me how long all could take. But combofix did found an activity of a rootkit it said.

 

blacksea

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

SecurityCheck

 

Results of screen317's Security Check version 0.99.8

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Internet Security

ESET Online Scanner v3

Prevx

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 22

Out of date Java installed!

Adobe Flash Player 10.1.102.64

Adobe Reader 9.4.1 - Nederlands

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast5 afwServ.exe

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 avastUI.exe

``````````End of Log````````````

 

 

 

*I just have installed the latest Java and Adobe Reader and are now up to date.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted
I don't know if I did wrong please tell me so then, but it didn't looked logical for me to wait for an application to get started for 20 minutes. But if this is how combofix works, then please tell me how long all could take. But combofix did found an activity of a rootkit it said.

ComboFix can be sometimes be difficult to run. Let's try this. Please delete your copy of ComboFix and do this: You won't have to install the Recovery Console.

 

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

Hi Superdave,

 

well actually non of them. Because luckily my computer does not hang or freeze when I want to shutdown. The only freezing is when trying to open Chrome or IE8. But at @@@support.microsoft.com/kb/315664/en-us it says something about usb based input device.

 

"After you attach a keyboard, a mouse or another USB-based input device to your computer, your computer may no longer shut down correctly. For example, your computer may stop responding (hang) after you click Turn off or Restart."

 

My mouse is connected with an usb input and also my computer always says that my other usb inputs are used. And if I click on the systray it says in dutch 'remove safely D:, E:, F:, G:' While nothing is inserted.

 

This is rather more what I am experiencing exactly.

@@@computing.net/answers/windows-xp/xp-pro-wont-shut-down/69958.html

 

----

 

And what I have experienced today. I was starting up my computer and noticed that the resolution was for no reason lowered. So I picked my old higher resolution and when I was surfing on the internet, it looked like if my graphic card wasn't up to date anymore. Like when I scrolled down a site, it did not do that smoothly. So I tried even a higher resolution(which I used also with no problem before) and then quickly after that my display was black and it said that it was not supported.. I even couldn't revert it back to a lower resolution because all was black. A reboot didn't help either so yet again I had to do a system restore and not it is normal again.

 

But now something else. I wanted to make a printscreen of the systray 'remove safely D:, E:, F:, G:' and post it here so for maybe you wouldn't know what I meant. But if I do a printscreen and past it on 'paint' all is black and white. See attachment of where I made a printscreen of my desktop.

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

CTRL shutdown

 

The black white snapshot is fixed after reboot. And so here is the attachment I wanted to show. It always shows up.

 

And it really amazed me that the solution o computing.net/answers/windows-xp/xp-pro-wont-shut-down/69958.html does work!! It said that if you hold down the ctrl button while while shutting down, it does shutdown normally. And I tested this twice and it did work. To make it even more sure I first did without ctrl and it did not shutdown. Then I hold the ctrl button with it and it did shutdown immediately. Rebooted and tested again and same result.

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

21 ieplore.exe

 

My msn freezed a bit and I opend taskmanager to close msn messenger. But when taskmanager came apear, I noticed 21 iexplorer.exe processes.. Some sites claim it to be a virus. And they just have it one, I have 21 of them so I think it is not good..

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

Well I explained my problem with the reboot after combofix want to do. And asked if it was no big deal to shutdown it my self as it doesnt do it self. And you said to solve that problem also, so I thought better to wait before it was fixed and then run it again like you said.

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

error when trying to launch combofix.

 

I tried to launch commy.exe trough start>run but then I got this error. See attachment.

 

Saying; C:\ Documents and Settings\Cengii\desktop refers to a location that is inaccessible. The location may be a hard drive on this computer or the network. Make sure the disk is inserted, or connect to the network or Internet and then try again. If you find nothing, the information may have been moved or deleted.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Ok. Let's try this:

 

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

 

Navigate to Start --> Run, and enter the following command exactly as shown:

 

"%userprofile%\desktop\blackpudding.bat" /killall

 

See if ComboFix will run now

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

From IMF

 

|Name|Type|Description|ID|

Misleading.DefenceCenter, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, 159835

 

EDIT: blacksea, IMF being beta at the moment, it is irrelevant to report the list here, as we don't know what are FPs in it yet..

 

I would move this post to IMF section if I were you!

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

I am on safemode, but combofix tells me that the realtime of Avast! is still active. Avast! is not on the systemtray nor do I see Avast active on the taskmanager. I pressed continue and again it said that Avast realtime was still active and that combofix would start and that it was my own risk. I do cheched avast and avast himself said that the realtime was not active.

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

combofix log

 

ComboFix 10-12-29.01 - Cengii 29-12-2010 23:56:35.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1788 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Cengii\Bureaublad\commy.exe

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

(((((((((((((((((((( Bestanden Gemaakt van 2010-11-28 to 2010-12-29 ))))))))))))))))))))))))))))))

.

 

2010-12-28 13:02 . 2008-04-14 20:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-12-28 13:02 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-12-28 12:58 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-12-28 12:58 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-12-26 14:55 . 2010-12-26 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-12-25 11:43 . 2010-12-25 11:43 -------- d-----w- c:\documents and settings\Cengii\Application Data\DVDVideoSoftIEHelpers

2010-12-25 11:43 . 2010-12-26 14:10 -------- d-----w- c:\program files\DVDVideoSoft

2010-12-25 11:43 . 2010-12-26 14:10 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-12-25 11:28 . 2010-12-25 11:28 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-25 11:28 . 2010-12-25 11:28 -------- d-----w- c:\program files\Common Files\Adobe

2010-12-25 02:04 . 2010-12-25 02:04 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-12-25 00:31 . 2008-04-13 22:06 42240 -c--a-w- c:\windows\system32\dllcache\SETBA5.tmp

2010-12-25 00:22 . 2001-09-06 17:27 17408 -c--a-w- c:\windows\system32\dllcache\SET4AA.tmp

2010-12-25 00:20 . 2001-08-17 18:49 9472 -c--a-w- c:\windows\system32\dllcache\SET2C7.tmp

2010-12-24 20:48 . 2010-12-27 00:38 -------- d-----w- C:\commy

2010-12-24 15:36 . 2010-12-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-12-24 15:36 . 2010-12-28 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-24 15:33 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-24 15:33 . 2010-12-26 15:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-24 15:33 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-22 13:58 . 2010-12-23 12:14 -------- d-----w- c:\windows\SxsCaPendDel

2010-12-22 02:58 . 2010-12-22 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-12-20 16:09 . 2010-12-20 23:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-12-19 23:38 . 2010-12-19 23:38 -------- d-----w- c:\documents and settings\Cengii\Application Data\Malwarebytes

2010-12-19 23:38 . 2010-12-19 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-19 15:33 . 2010-12-19 15:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-12-15 00:03 . 2010-12-28 00:43 -------- d-----w- c:\program files\Google

2010-12-13 22:57 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-12-13 22:57 . 2010-12-13 22:57 -------- d-----w- c:\program files\Panda Security

2010-12-13 22:49 . 2010-12-13 22:49 -------- d-----w- c:\windows\Sun

2010-12-13 22:29 . 2010-12-13 22:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-12-13 22:29 . 2010-12-13 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-12-13 21:59 . 2010-12-13 21:59 -------- d-----w- c:\documents and settings\Cengii\Application Data\QuickScan

2010-12-13 21:56 . 2010-12-13 21:56 -------- d-----w- c:\program files\ESET

2010-12-07 16:12 . 2010-11-30 16:31 26960 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2010-12-07 16:12 . 2010-11-26 17:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2010-12-07 16:08 . 2010-12-15 02:13 -------- d-----w- c:\documents and settings\Cengii\Local Settings\Application Data\Temp

2010-12-07 16:08 . 2010-12-28 00:43 -------- d-----w- c:\documents and settings\Cengii\Local Settings\Application Data\Google

2010-12-01 16:22 . 2010-12-01 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-12-01 16:22 . 2010-12-01 16:22 -------- d-----w- c:\documents and settings\Cengii\Application Data\Office Genuine Advantage

2010-12-01 16:14 . 2010-12-01 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2010-12-01 15:57 . 2010-12-01 15:58 -------- d-----w- c:\documents and settings\Cengii\Application Data\vlc

2010-12-01 15:49 . 2010-12-01 15:49 -------- d-----w- c:\program files\VideoLAN

2010-11-30 11:05 . 2010-12-02 18:38 -------- d-s---w- c:\documents and settings\Gast

 

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:15 . 2010-11-10 22:30 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-17 18:56 . 2010-11-17 18:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2010-11-17 18:56 . 2010-11-17 18:56 1060864 ----a-w- c:\windows\system32\mfc71.dll

2010-11-12 17:53 . 2010-11-11 12:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34 . 2010-11-11 12:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-06 00:23 . 2009-01-19 17:10 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:23 . 2009-01-19 17:10 43520 ------w- c:\windows\system32\licmgr10.dll

2010-11-06 00:23 . 2008-04-15 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27 . 2009-01-19 17:10 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-15 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:09 . 2008-04-15 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 14:05 . 2009-01-19 17:09 1862400 ----a-w- c:\windows\system32\win32k.sys

2010-10-22 11:43 . 2010-10-22 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-10-22 11:43 . 2010-10-22 11:43 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

 

------- Sigcheck -------

 

[-] 2009-01-19 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Steam"="c:\program files\Steam\steam.exe" [2010-12-03 1242448]

"Google Update"="c:\documents and settings\Cengii\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-07 136176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Steam\\steamapps\\caykarali_rambo\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1037:TCP"= 1037:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

 

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [11-11-2010 21:41 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [11-11-2010 21:41 190416]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7-12-2010 17:12 14776]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [11-11-2010 21:41 99792]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [13-12-2010 23:57 28552]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11-11-2010 21:41 340048]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11-11-2010 21:12 165584]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 19:25 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-5-2010 19:41 67656]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11-11-2010 21:12 17744]

S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [11-11-2010 21:41 119200]

S2 BlueBirdservice;BlueBird Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [28-12-2010 2:43 408920]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15-12-2010 1:03 136176]

S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [28-12-2010 2:43 245128]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [28-12-2010 2:43 41200]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [28-12-2010 2:43 24456]

.

Inhoud van de 'Gedeelde Taken' map

 

2010-12-29 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-11-11 13:11]

 

2010-12-28 c:\windows\Tasks\AWC Update.job

- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-11-11 14:24]

 

2010-12-29 c:\windows\Tasks\Game_Booster_Startup.job

- c:\program files\IObit\Game Booster\GameBox.exe [2010-12-12 18:08]

 

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 00:03]

 

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 00:03]

 

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1960408961-1417001333-1004Core.job

- c:\documents and settings\Cengii\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-07 16:08]

 

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1960408961-1417001333-1004UA.job

- c:\documents and settings\Cengii\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-07 16:08]

 

2010-12-29 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

 

2010-12-29 c:\windows\Tasks\User_Feed_Synchronization-{21A82A88-13DE-4D59-BA50-3820EE044BE9}.job

- c:\windows\system32\msfeedssync.exe [2010-11-10 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = http://www.google.nl

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\Cengii\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: {DCB62696-EC23-458D-8C29-933E3196879E} = 156.154.70.25,156.154.71.25

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-30 00:00

Windows 5.1.2600 Service Pack 3 NTFS

 

scannen van verborgen processen ...

 

scannen van verborgen autostart items ...

 

scannen van verborgen bestanden ...

 

Scan succesvol afgerond

verborgen bestanden: 0

 

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

 

- - - - - - - > 'winlogon.exe'(712)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2010-12-30 00:01:26

ComboFix-quarantined-files.txt 2010-12-29 23:01

 

Pre-Run: 216.476.229.632 bytes beschikbaar

Post-Run: 216.872.525.824 bytes beschikbaar

 

- - End Of File - - DBC054DA4AD2B7F3B50FBA3123C1CAFF

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    File::
    c:\windows\system32\dllcache\SETBA5.tmp
    c:\windows\system32\dllcache\SET4AA.tmp
    c:\windows\system32\dllcache\SET2C7.tmp
     
    MBR::
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://img19.imageshack.us/img19/5660/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

*************************************************

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The

    log will be saved automatically in the same folder Sysprot.exe was

    extracted to. Open the text file and copy/paste the log here.

.

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

ComboFix 10-12-29.01 - Cengii 30-12-2010 0:57.2.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1785 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Cengii\Bureaublad\commy.exe

gebruikte Opdracht switches :: c:\documents and settings\Cengii\Bureaublad\CFScript.txt

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\windows\system32\dllcache\SET2C7.tmp"

"c:\windows\system32\dllcache\SET4AA.tmp"

"c:\windows\system32\dllcache\SETBA5.tmp"

.

 

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\dllcache\SET2C7.tmp

c:\windows\system32\dllcache\SET4AA.tmp

c:\windows\system32\dllcache\SETBA5.tmp

 

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-11-28 to 2010-12-30 ))))))))))))))))))))))))))))))

.

 

2010-12-28 13:02 . 2008-04-14 20:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-12-28 13:02 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-12-28 12:58 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-12-28 12:58 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-12-26 14:55 . 2010-12-26 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-12-25 11:43 . 2010-12-25 11:43 -------- d-----w- c:\documents and settings\Cengii\Application Data\DVDVideoSoftIEHelpers

2010-12-25 11:43 . 2010-12-26 14:10 -------- d-----w- c:\program files\DVDVideoSoft

2010-12-25 11:43 . 2010-12-26 14:10 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-12-25 11:28 . 2010-12-25 11:28 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-25 11:28 . 2010-12-25 11:28 -------- d-----w- c:\program files\Common Files\Adobe

2010-12-25 02:04 . 2010-12-25 02:04 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-12-24 20:48 . 2010-12-27 00:38 -------- d-----w- C:\commy

2010-12-24 15:36 . 2010-12-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-12-24 15:36 . 2010-12-28 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-24 15:33 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-24 15:33 . 2010-12-26 15:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-24 15:33 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-22 13:58 . 2010-12-23 12:14 -------- d-----w- c:\windows\SxsCaPendDel

2010-12-22 02:58 . 2010-12-22 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-12-20 16:09 . 2010-12-20 23:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-12-19 23:38 . 2010-12-19 23:38 -------- d-----w- c:\documents and settings\Cengii\Application Data\Malwarebytes

2010-12-19 23:38 . 2010-12-19 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-19 15:33 . 2010-12-19 15:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-12-15 00:03 . 2010-12-28 00:43 -------- d-----w- c:\program files\Google

2010-12-13 22:57 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-12-13 22:57 . 2010-12-13 22:57 -------- d-----w- c:\program files\Panda Security

2010-12-13 22:49 . 2010-12-13 22:49 -------- d-----w- c:\windows\Sun

2010-12-13 22:29 . 2010-12-13 22:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-12-13 22:29 . 2010-12-13 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-12-13 21:59 . 2010-12-13 21:59 -------- d-----w- c:\documents and settings\Cengii\Application Data\QuickScan

2010-12-13 21:56 . 2010-12-13 21:56 -------- d-----w- c:\program files\ESET

2010-12-07 16:12 . 2010-11-30 16:31 26960 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2010-12-07 16:12 . 2010-11-26 17:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2010-12-07 16:08 . 2010-12-15 02:13 -------- d-----w- c:\documents and settings\Cengii\Local Settings\Application Data\Temp

2010-12-07 16:08 . 2010-12-28 00:43 -------- d-----w- c:\documents and settings\Cengii\Local Settings\Application Data\Google

2010-12-01 16:22 . 2010-12-01 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-12-01 16:22 . 2010-12-01 16:22 -------- d-----w- c:\documents and settings\Cengii\Application Data\Office Genuine Advantage

2010-12-01 16:14 . 2010-12-01 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2010-12-01 15:57 . 2010-12-01 15:58 -------- d-----w- c:\documents and settings\Cengii\Application Data\vlc

2010-12-01 15:49 . 2010-12-01 15:49 -------- d-----w- c:\program files\VideoLAN

2010-11-30 11:05 . 2010-12-02 18:38 -------- d-s---w- c:\documents and settings\Gast

 

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:15 . 2010-11-10 22:30 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-17 18:56 . 2010-11-17 18:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2010-11-17 18:56 . 2010-11-17 18:56 1060864 ----a-w- c:\windows\system32\mfc71.dll

2010-11-12 17:53 . 2010-11-11 12:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34 . 2010-11-11 12:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-06 00:23 . 2009-01-19 17:10 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:23 . 2009-01-19 17:10 43520 ------w- c:\windows\system32\licmgr10.dll

2010-11-06 00:23 . 2008-04-15 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27 . 2009-01-19 17:10 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-15 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:09 . 2008-04-15 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 14:05 . 2009-01-19 17:09 1862400 ----a-w- c:\windows\system32\win32k.sys

2010-10-22 11:43 . 2010-10-22 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-10-22 11:43 . 2010-10-22 11:43 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

 

------- Sigcheck -------

 

[-] 2009-01-19 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Steam"="c:\program files\Steam\steam.exe" [2010-12-03 1242448]

"Google Update"="c:\documents and settings\Cengii\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-07 136176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Steam\\steamapps\\caykarali_rambo\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1037:TCP"= 1037:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

 

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [11-11-2010 21:41 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [11-11-2010 21:41 190416]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [13-12-2010 23:57 28552]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7-12-2010 17:12 14776]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [11-11-2010 21:41 99792]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11-11-2010 21:41 340048]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11-11-2010 21:12 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 19:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-5-2010 19:41 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11-11-2010 21:12 17744]

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [11-11-2010 21:41 119200]

R2 BlueBirdservice;BlueBird Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [28-12-2010 2:43 408920]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15-12-2010 1:03 136176]

S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [28-12-2010 2:43 245128]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [28-12-2010 2:43 41200]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [28-12-2010 2:43 24456]

.

Inhoud van de 'Gedeelde Taken' map

 

2010-12-30 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-11-11 13:11]

 

2010-12-30 c:\windows\Tasks\Game_Booster_Startup.job

- c:\program files\IObit\Game Booster\GameBox.exe [2010-12-12 18:08]

 

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 00:03]

 

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 00:03]

 

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1960408961-1417001333-1004Core.job

- c:\documents and settings\Cengii\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-07 16:08]

 

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1960408961-1417001333-1004UA.job

- c:\documents and settings\Cengii\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-07 16:08]

 

2010-12-30 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

 

2010-12-29 c:\windows\Tasks\User_Feed_Synchronization-{21A82A88-13DE-4D59-BA50-3820EE044BE9}.job

- c:\windows\system32\msfeedssync.exe [2010-11-10 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = http://www.google.nl

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\Cengii\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: {DCB62696-EC23-458D-8C29-933E3196879E} = 156.154.70.25,156.154.71.25

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-30 01:04

Windows 5.1.2600 Service Pack 3 NTFS

 

scannen van verborgen processen ...

 

scannen van verborgen autostart items ...

 

scannen van verborgen bestanden ...

 

Scan succesvol afgerond

verborgen bestanden: 0

 

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

 

- - - - - - - > 'winlogon.exe'(824)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(2564)

c:\windows\system32\msi.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

.

**************************************************************************

.

Voltooingstijd: 2010-12-30 01:06:53 - machine werd herstart

ComboFix-quarantined-files.txt 2010-12-30 00:06

ComboFix2.txt 2010-12-29 23:01

 

Pre-Run: 216.829.960.192 bytes beschikbaar

Post-Run: 216.825.131.008 bytes beschikbaar

 

- - End Of File - - 20F2916A9D9E237E18C5B4FD9CB52834

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...