Tancho
-
Items
4 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Tancho
-
-
ComboFix 08-04-15.4 - Frans 2008-04-16 14:32:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.249 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\winhelp.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))
.
2008-04-14 20:28 . 2008-04-14 20:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-14 20:19 . 2008-04-14 20:19 <DIR> d-------- C:\SDFix
2008-04-13 22:16 . 2008-04-13 22:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 20:58 . 2008-04-13 20:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 20:50 6,409,216 ----a-w C:\WINDOWS\Internet Logs\xDB4E6.tmp
2008-04-13 20:50 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4E7.tmp
2008-04-13 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 20:39 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-13 20:39 --------- d-----w C:\Program Files\Hitman Pro
2008-04-13 20:01 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB4E5.tmp
2008-04-13 19:10 6,413,824 ----a-w C:\WINDOWS\Internet Logs\xDB4E4.tmp
2008-04-12 19:52 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E3.tmp
2008-04-12 18:12 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E2.tmp
2008-04-11 06:55 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E0.tmp
2008-04-11 06:55 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4E1.tmp
2008-04-10 15:27 6,401,024 ----a-w C:\WINDOWS\Internet Logs\xDB4DE.tmp
2008-04-10 15:27 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB4DF.tmp
2008-04-09 18:39 6,400,512 ----a-w C:\WINDOWS\Internet Logs\xDB4DD.tmp
2008-04-09 07:59 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4DB.tmp
2008-04-09 07:59 38,912 ----a-w C:\WINDOWS\Internet Logs\xDB4DC.tmp
2008-04-08 19:14 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4DA.tmp
2008-04-07 20:33 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4D9.tmp
2008-04-05 14:02 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D8.tmp
2008-04-05 11:08 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4D7.tmp
2008-04-05 10:30 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D6.tmp
2008-04-05 07:41 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D4.tmp
2008-04-05 07:41 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB4D5.tmp
2008-04-04 11:44 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D2.tmp
2008-04-04 11:44 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB4D3.tmp
2008-04-03 18:10 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D1.tmp
2008-04-03 15:28 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4D0.tmp
2008-04-03 14:42 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CF.tmp
2008-04-02 20:05 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CD.tmp
2008-04-02 20:05 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4CE.tmp
2008-04-02 15:36 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CC.tmp
2008-04-02 12:17 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CB.tmp
2008-04-01 17:37 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C9.tmp
2008-04-01 17:37 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB4CA.tmp
2008-04-01 14:45 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C8.tmp
2008-03-30 17:31 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C6.tmp
2008-03-29 11:11 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C5.tmp
2008-03-28 18:19 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C4.tmp
2008-03-27 22:37 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C3.tmp
2008-03-27 19:21 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C2.tmp
2008-03-27 19:21 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4C7.tmp
2008-03-26 19:19 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C1.tmp
2008-03-26 08:48 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB4EE.tmp
2008-03-26 08:46 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C0.tmp
2008-03-25 22:22 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4BF.tmp
2008-03-25 17:29 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BE.tmp
2008-03-25 07:04 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BC.tmp
2008-03-25 07:04 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB4BD.tmp
2008-03-24 19:34 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB4BB.tmp
2008-03-24 19:29 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BA.tmp
2008-03-23 23:07 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B8.tmp
2008-03-23 23:07 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB4B9.tmp
2008-03-23 06:15 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB4B7.tmp
2008-03-23 05:57 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B6.tmp
2008-03-22 21:44 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B4.tmp
2008-03-22 21:44 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB4B5.tmp
2008-03-22 17:43 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B3.tmp
2008-03-21 16:13 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B1.tmp
2008-03-21 13:38 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB4B2.tmp
2008-03-21 10:17 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B0.tmp
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 18:48 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4AF.tmp
2008-03-18 06:59 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AD.tmp
2008-03-18 06:59 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4AE.tmp
2008-03-17 20:43 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AC.tmp
2008-03-16 20:27 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AB.tmp
2008-03-15 16:26 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A9.tmp
2008-03-15 16:26 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB4AA.tmp
2008-03-14 21:26 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A8.tmp
2008-03-13 19:12 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A7.tmp
2008-03-12 15:37 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A6.tmp
2008-03-12 14:04 6,394,880 ----a-w C:\WINDOWS\Internet Logs\xDB4A5.tmp
2008-03-11 22:28 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A4.tmp
2008-03-11 15:38 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A3.tmp
2008-03-10 22:07 6,395,392 ----a-w C:\WINDOWS\Internet Logs\xDB4A2.tmp
2008-03-09 20:56 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A0.tmp
2008-03-09 20:56 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB4A1.tmp
2008-03-09 18:51 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49F.tmp
2008-03-09 14:12 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB49E.tmp
2008-03-09 14:11 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49D.tmp
2008-03-09 13:23 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49B.tmp
2008-03-09 13:23 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB49C.tmp
2008-03-09 12:53 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB499.tmp
2008-03-09 12:53 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB49A.tmp
2008-03-09 09:10 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB497.tmp
2008-03-09 09:10 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB498.tmp
2008-03-08 19:10 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB496.tmp
2008-03-08 11:49 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB494.tmp
2008-03-08 11:49 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB495.tmp
2008-03-08 08:39 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB493.tmp
2008-03-07 22:16 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB492.tmp
2008-03-07 16:55 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB491.tmp
2008-03-07 14:24 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB490.tmp
2008-03-06 21:18 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48F.tmp
2008-03-06 07:06 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48D.tmp
2008-03-06 07:06 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB48E.tmp
2008-03-05 19:49 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB48C.tmp
2008-03-05 18:50 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48B.tmp
2008-03-05 13:03 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB48A.tmp
2008-03-05 12:59 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB489.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"HyvesKwekker"="C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" [2007-04-06 11:12 1588736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 10:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2003-11-17 11:33 753664 C:\WINDOWS\system32\nwiz.exe]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-02-17 17:01 693528]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 13:29 188416]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 15:26 299008]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 19:16 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 10:03 54784 C:\WINDOWS\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-04-07 21:48]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-09-24 17:08]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-09-24 17:08]
R3 sm56pci;sm56pci;C:\WINDOWS\system32\DRIVERS\sm56pci.sys [1999-11-05 10:42]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2005-09-24 17:24]
S2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS []
S2 UMAXPCLS;Stuurprogramma voor scanner op printerpoort;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 22:58]
S3 efipsk;efipsk;C:\DOCUME~1\josje\LOCALS~1\Temp\efipsk.sys []
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-15 16:00:00 C:\WINDOWS\Tasks\A4A86D389187E784.job"
- c:\docume~1\josje\applic~1\creati~1\SHOW BIRD ABOUT.exe
"2008-04-15 16:00:00 C:\WINDOWS\Tasks\AFB461E591841379.job"
- c:\docume~1\frans\applic~1\creati~1\SHOW BIRD ABOUT.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 14:36:25
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-04-16 14:37:22
ComboFix-quarantined-files.txt 2008-04-16 12:37:07
Pre-Run: 336,351,232 bytes beschikbaar
Post-Run: 878,186,496 bytes beschikbaar
.
2008-04-10 15:26:13 --- E O F ---
-
ik heb de instructie gevolgd en hier de logs:
SDFix: Version 1.171
Run by Frans on ma 14-04-2008 at 20:30
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\%^^%^%~1.exe - Deleted
C:\WINDOWS\system32\^^%%%%~1.exe - Deleted
C:\WINDOWS\mrofinu1423.exe - Deleted
C:\Documents and Settings\Frans\real.txt - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 20:36:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:5531c660
"s2"=dword:e1098d13
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bb,94,54,f5,0e,bc,a1,8a,06,da,02,58,d4,26,b4,62,ff,e9,41,66,52,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:77,d7,9c,2c,06,94,02,ea,8e,eb,20,7a,9e,3b,c9,ca,cd,a3,2d,35,15,..
"a0"=hex:20,01,00,00,2e,ac,89,b4,c7,17,ef,0d,da,9d,a8,3f,0e,fc,6b,f1,40,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fe,6e,a9,2a,c8,7a,56,16,02,7d,36,98,59,9a,78,79,b6,73,1e,69,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bb,94,54,f5,0e,bc,a1,8a,06,da,02,58,d4,26,b4,62,ff,e9,41,66,52,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:77,d7,9c,2c,06,94,02,ea,8e,eb,20,7a,9e,3b,c9,ca,cd,a3,2d,35,15,..
"a0"=hex:20,01,00,00,2e,ac,89,b4,c7,17,ef,0d,da,9d,a8,3f,0e,fc,6b,f1,40,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fe,6e,a9,2a,c8,7a,56,16,02,7d,36,98,59,9a,78,79,b6,73,1e,69,30,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"="F:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat:*:Enabled:The Battle for Middle-earth "
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe"="D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 14 Mar 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8d5769ed022fab7a177db7759e6a27b\BIT3BF.tmp"
Thu 21 Dec 2006 34,308 ...H. --- "C:\Documents and Settings\Bart\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll"
Wed 11 Jul 2007 34,308 ...H. --- "C:\Documents and Settings\Frans\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll"
Finished!
-----------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:21, on 14-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = StartNow's Internet Explorer Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mobstar - A dark world of money, murder and politics
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = StartNow's Internet Explorer Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = StartNow's Internet Explorer Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AshampooDefragService - - F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6470 bytes
-
Hallo, ik heb een msn virus opgelopen door op een link van een foto te klikken, ik ben er al achter dat ik niet de enige ben en heb al vast een log van hijackthis gemaakt:
kunnen jullie mij helpen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:14, on 13-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\mrofinu1423.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = StartNow's Internet Explorer Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mobstar - A dark world of money, murder and politics
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = StartNow's Internet Explorer Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = StartNow's Internet Explorer Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe
O2 - BHO: PopThis! BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14922705-B322-21AD-45D9-66E1038AC291} - C:\DOCUME~1\josje\APPLIC~1\GPLELS~1\PILECURB.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [okaysoftwarenounbold] C:\Documents and Settings\All Users\Application Data\eggs road okay software\InsidePeak.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Two Axis] C:\DOCUME~1\Frans\APPLIC~1\CREATI~1\Date Blue.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Frans\Local Settings\Temp\{7C98C270-A011-4BC8-9BEC-F3AD96DD5BC0}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AshampooDefragService - - F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8295 bytes
[OPGELOST] MSN virus, door foto
in Archief Bestrijding malware & virussen
Geplaatst:
Hartstikke bedankt voor de goede hulp, alles werkt en geen problemen meer gehad. Ben ook maar meteen met een grote schoonmaak begonnen want kwam er toch wel achter dat dat ook nodig was. Iedereen is ook weer blij omdat de computer nu weer kan worden gebruikt, nogmaals dank.
Gr Tancho