Solved: Trojan reporting fake malware threats

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
R

rlamon

Thread Starter
Joined
Sep 30, 2008
Messages
2
Hello,

my computer (running on windows xp) is infected with something, as far as I know a trojan, and keeps giving messages concerning fake malware threats, such as win32.netbooster. It also copied a few files to my desktop, each one a link to some malware fixer. Can someone help me?

This is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24: VIRUS ALERT!, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\qdgfodgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ruben\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: peltodgx - {0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [IUpd704] C:\DOCUME~1\Ruben\LOCALS~1\Temp\pwrmgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [A00FA4BF89.exe] C:\DOCUME~1\Ruben\LOCALS~1\Temp\_A00FA4BF89.exe
O4 - HKCU\..\Run: [ChkAppDb] C:\WINDOWS\system32\qdgfodgr.exe
O4 - HKLM\..\Policies\Explorer\Run: [AH8z4GHzRC] C:\DOCUME~1\Ruben\LOCALS~1\Temp\windfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: rwlfsdmk - {3A671FC9-C15D-40CA-A199-7DF3626737D8} - C:\WINDOWS\rwlfsdmk.dll
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6762 bytes

edit: I ran combofix and I think it may have solved the problem.

ComboFix 08-09-30.03 - Ruben 2008-10-01 11:37:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.122 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Ruben\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\evqb.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\__c0095011.dat
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\[email protected]@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssqRKcBu.dll
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\uBcKRqss.ini
C:\WINDOWS\system32\uBcKRqss.ini2
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-01 to 2008-10-01 ))))))))))))))))))))))))))))))
.

2008-10-01 11:26 . 2008-10-01 11:26 912,839 ---hs---- C:\WINDOWS\system32\yotjoexr.ini
2008-10-01 11:26 . 2008-10-01 11:26 80,512 --a------ C:\WINDOWS\system32\rxeojtoy.dll
2008-09-30 21:23 . 2008-09-30 22:01 2,800 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-30 21:15 . 2008-09-30 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-30 21:10 . 2008-09-30 21:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 21:10 . 2008-09-30 21:10 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Malwarebytes
2008-09-30 21:10 . 2008-09-30 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 21:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 21:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 21:08 . 2008-09-30 21:08 <DIR> dr-h----- C:\Documents and Settings\Ruben\Onlangs geopend
2008-09-30 21:04 . 2008-09-30 21:04 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-30 21:04 . 2008-09-30 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-09-30 20:56 . 2008-09-30 20:56 913,120 ---hs---- C:\WINDOWS\system32\bslrtvnv.ini
2008-09-30 20:56 . 2008-09-30 20:56 79,488 --a------ C:\WINDOWS\system32\vnvtrlsb.dll
2008-09-30 20:48 . 2008-09-30 20:48 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\IUpd704
2008-09-30 20:40 . 2008-09-30 20:40 <DIR> d-------- C:\Program Files\agxajxb
2008-09-30 20:40 . 2008-09-30 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cdcpgdil
2008-09-30 20:40 . 2008-09-30 20:40 131,072 --a------ C:\WINDOWS\system32\qdgfodgr.exe
2008-09-30 20:40 . 2008-09-30 20:40 38,272 --a------ C:\WINDOWS\system32\yayvvTLe.dll
2008-09-30 20:40 . 2008-09-30 20:40 38,272 --a------ C:\WINDOWS\system32\hgGwVLda.dll
2008-09-30 20:39 . 2008-09-30 20:44 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-30 19:49 . 2008-09-30 19:49 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Sibelius Software
2008-09-25 17:56 . 2008-09-25 17:56 <DIR> d-------- C:\Program Files\DNA
2008-09-25 17:56 . 2008-09-25 17:56 <DIR> d-------- C:\Program Files\BitTorrent
2008-09-25 17:56 . 2008-10-01 11:43 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\DNA
2008-09-25 17:56 . 2008-09-25 19:25 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\BitTorrent
2008-09-08 18:18 . 2008-09-23 13:20 <DIR> d-------- C:\temp
2008-09-05 18:09 . 2008-09-05 18:09 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\DivX
2008-09-05 18:06 . 2008-09-05 18:06 3,532 --a------ C:\drmHeader.bin
2008-09-02 21:21 . 2008-09-02 21:21 <DIR> d-------- C:\Program Files\DivX
2008-09-02 19:47 . 2008-09-02 19:47 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\InterVideo
2008-09-02 14:51 . 2008-09-30 16:12 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\skypePM
2008-09-02 14:51 . 2008-09-02 14:51 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-02 14:49 . 2008-09-30 16:56 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Skype
2008-09-02 14:48 . 2008-09-06 19:37 <DIR> d-------- C:\Program Files\Skype
2008-09-02 14:48 . 2008-09-02 14:48 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-02 14:48 . 2008-09-02 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-09-01 08:40 . 2008-09-01 14:41 <DIR> d-------- C:\lastfm background

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 16:26 --------- d-----w C:\Documents and Settings\Ruben\Application Data\U3
2008-08-31 21:31 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-31 21:31 --------- d-----w C:\Program Files\MSBuild
2008-08-31 21:23 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-31 20:43 --------- d-----w C:\Program Files\Philips ToUcam Camera
2008-08-31 10:11 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 09:52 --------- d-----w C:\Program Files\Microsoft Works
2008-08-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2008-08-27 20:31 --------- d-----w C:\Program Files\Last.fm
2008-08-27 08:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-27 08:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\AdobeUM
2008-08-27 08:07 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-08-27 06:44 --------- d-----w C:\Documents and Settings\Ruben\Application Data\AVGTOOLBAR
2008-08-27 05:32 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-27 05:32 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-08-27 05:31 --------- d-----w C:\Program Files\AVG
2008-08-27 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-27 05:20 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-26 05:16 --------- d-----w C:\Program Files\Symantec
2008-08-25 17:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-25 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-25 08:35 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-24 23:40 --------- d-----w C:\Program Files\TOSHIBA
2008-08-24 23:40 --------- d-----w C:\Program Files\Synaptics
2008-08-24 23:40 --------- d-----w C:\Program Files\Sonic
2008-08-24 23:39 --------- d-----w C:\Program Files\Realtek
2008-08-24 23:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-24 23:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-24 23:38 --------- d-----w C:\Program Files\ltmoh
2008-08-24 23:38 --------- d-----w C:\Program Files\Java
2008-08-24 23:38 --------- d-----w C:\Program Files\InterVideo
2008-08-24 23:35 --------- d-----w C:\Program Files\Common Files\Java
2008-08-24 23:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-24 23:35 --------- d-----w C:\Program Files\ATI Technologies
2008-08-24 23:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\toshiba
2008-08-24 23:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Sonic
2008-08-24 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-08-24 21:15 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Symantec
2008-08-24 16:09 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_03598-BT_PSAA2E-01500.MRK
2008-08-24 16:08 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-24 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 16:08 --------- d-----w C:\Program Files\Atheros
2008-08-24 15:35 --------- d-----w C:\Program Files\Windows Live
2008-08-24 15:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-24 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:23 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548A5D7A-ACD7-B822-C4C0-0BE7F3A93F74}]
2008-09-30 20:40 155648 --a------ C:\Program Files\agxajxb\AdmHlpSys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2503670-6D0E-4662-AC65-EFA76E33056C}]
2008-09-30 20:40 38272 --a------ C:\WINDOWS\system32\hgGwVLda.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-25 289088]
"ChkAppDb"="C:\WINDOWS\system32\qdgfodgr.exe" [2008-09-30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077327]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"889b50b5"="C:\WINDOWS\system32\rxeojtoy.dll" [2008-10-01 80512]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Ruben\Menu Start\Programma's\Opstarten\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 59080]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C2503670-6D0E-4662-AC65-EFA76E33056C}"= "C:\WINDOWS\system32\hgGwVLda.dll" [2008-09-30 38272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwVLda]
2008-09-30 20:40 38272 C:\WINDOWS\system32\hgGwVLda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 76040]
R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-04-19 537520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c6edfc0-7403-11dd-ace0-0011f5cb4318}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS VERWIJDERD - - - -

BHO-{11DFB01A-0852-4955-9747-C59E21DBBDA5} - C:\WINDOWS\dfmlxbpkvlo.dll
BHO-{441523F3-DD3E-4577-9B0D-D80A515E6896} - C:\WINDOWS\system32\ssqRKcBu.dll
Toolbar-{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
HKLM-Explorer_Run-AH8z4GHzRC - C:\DOCUME~1\Ruben\LOCALS~1\Temp\windfr.exe
Notify-__c0095011 - C:\WINDOWS\system32\__c0095011.dat


.
------- Bijkomende Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ruben\Application Data\Mozilla\Firefox\Profiles\pkh8gswt.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 11:46:07
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCES: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hgGwVLda.dll

PROCES: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\rxeojtoy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Voltooingstijd: 2008-10-01 11:52:31 - machine werd herstart
ComboFix-quarantined-files.txt 2008-10-01 09:52:00

Pre-Run: 49.910.079.488 bytes beschikbaar
Post-Run: 49,904,025,600 bytes beschikbaar

309 --- E O F --- 2008-09-14 07:52:52
 
R

rlamon

Thread Starter
Joined
Sep 30, 2008
Messages
2
After using combofix and Malwarebytes' anti-malware, the problem seems to be solved. Hooray!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 309 (members: 2, guests: 307)
Top