Ga naar inhoud

Moneyman_5th

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    65

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Moneyman_5th

  1. Moneyman_5th
    ow logjes vergeten stom van mij SmitFraudFix v2.308 Scan done at 22:29:01,60, do 27/03/2008 Run from C:\Documents and Settings\Paul\Bureaublad\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: MSI US60SE Wireless Adapter - Pakketplanner-minipoort DNS Server Search Order: 195.130.130.4 DNS Server Search Order: 195.130.130.132 HKLM\SYSTEM\CCS\Services\Tcpip\..\{946D9A9B-C21D-4EDE-8702-2D626283A67C}: DhcpNameServer=195.130.130.4 195.130.130.132 HKLM\SYSTEM\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer=195.130.130.4,195.130.130.132 HKLM\SYSTEM\CS1\Services\Tcpip\..\{946D9A9B-C21D-4EDE-8702-2D626283A67C}: DhcpNameServer=195.130.130.4 195.130.130.132 HKLM\SYSTEM\CS1\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer=195.130.130.4,195.130.130.132 HKLM\SYSTEM\CS2\Services\Tcpip\..\{946D9A9B-C21D-4EDE-8702-2D626283A67C}: DhcpNameServer=195.130.130.4 195.130.130.132 HKLM\SYSTEM\CS2\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer=195.130.130.4,195.130.130.132 HKLM\SYSTEM\CS3\Services\Tcpip\..\{946D9A9B-C21D-4EDE-8702-2D626283A67C}: DhcpNameServer=195.130.130.4 195.130.130.132 HKLM\SYSTEM\CS3\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer=195.130.130.4,195.130.130.132 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.4 195.130.130.132 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.4 195.130.130.132 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.4 195.130.130.132 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.4 195.130.130.132 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:36:48, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe C:\Program Files\DV Series\Console\Watch.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766 O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 5563 bytes
  2. Moneyman_5th
    ok is gelukt logjes volgen heb ook hijackthislog gemaakt half uit gewoonte wel iets raar nu ik slaag er niet in van een afbeelding op mijn bureaublad te krijgen :s enkel witte achtergrond en naar bureaublad eigenschappen gaan en een afbeelding erop zetten lukte niet enig idee how come?
  3. Moneyman_5th
    ok het eerste is gewoon manueel verwijderd geraakt makkelijker als ik verwachte en de andere met hijackthis is ook gelukt. Wat betreft de andere problemen krijg inderdaad soms pop-ups zelf zonder dat het internet op staat, ook soms fouten in de pagina's Ook gaat de pc soms opeens héél traag en dan na een tijdje weer normaal... Beetje vreemd gedrag dus maar al een pak beter
  4. Moneyman_5th
    ok alles goed verlopen veilige modus werkte nog altijd niet dus heb de hierboven vermelde stappen uitgevoerd dit zijn de logjes van combofix mbam en HiJackThis ComboFix 08-03-24.1 - Paul 2008-03-27 17:33:40.5 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Paul\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird. exe . -- Script messages for sUBs -- VFind -td "C:\WINDOWS\system32\baiso*" CF11968.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-27 C:\WINDOWS\* >Windir.dat" VFind.exe -ltf -s-1300000 -d+2007-12-27 C:\WINDOWS\* CF11968.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-27 "C:\Program Files\*" >progfile.dat" VFind.exe -ltf -s-1000000 -d+2007-12-27 "C:\Program Files\*" CF11968.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\PC-Cleaner C:\WINDOWS\SxsCaPendDel . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))) . 2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo! 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe 2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery 2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe 2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live 2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32 2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo! 2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 16:19 --------- dc----w C:\Program Files\Symantec AntiVirus 2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo! 2008-03-24 21:30 --------- dc----w C:\Program Files\Google 2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar 2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger 2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744] "NWEReboot"="" [] "NvCplDaemon"="NvQTwk" [] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920] Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49] R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45] S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37] S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29] S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25] . Inhoud van de 'Gedeelde Taken' map "2008-03-27 16:20:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 17:41:34 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll . Voltooingstijd: 2008-03-27 17:46:15 ComboFix-quarantined-files.txt 2008-03-27 16:46:09 ComboFix2.txt 2008-03-25 16:41:53 ComboFix3.txt 2008-03-25 13:29:36 ComboFix4.txt 2008-03-25 11:21:46 ComboFix5.txt 2008-03-24 23:38:14 . 2008-03-21 02:32:08 --- E O F --- Malwarebytes' Anti-Malware 1.09 Database versie: 555 Scan type: Snelle Scan Objecten gescand: 35072 Verstreken tijd: 13 minute(s), 0 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 119 Registerwaarden geïnfecteerd: 3 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 3 Bestanden geïnfecteerd: 6 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll (Trojan.Alphabet) -> Unloaded module successfully. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{b989b1ee-a010-4226-9e36-1de85c2c006a} (Trojan.Alphabet) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\RomUnknown (Trojan.Alphabet) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a} (Trojan.Alphabet) -> Delete on reboot. C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll (Trojan.Alphabet) -> Delete on reboot. C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\norlatmx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:23:32, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe C:\Program Files\DV Series\Console\Watch.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766 O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132 O20 - Winlogon Notify: pmnnlkl - C:\WINDOWS\ O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 6237 bytes
  5. Moneyman_5th
    ook gaat de pc tegenwoordig soms opeens heel erg traag en dan terug normale snelheid en de aanduiding van geheugengebruik in windows taakbeheer doet ook heel raar stond daarjuist op 1762/1886MB maar ik vond geen enkel veel verbruikend proces. heel vreemde zaken dus... is het normaal dat mijn twee meest geheugenverbruikende processen beide iexplore.exe zijn? ook een grote verbruiker is rtvscan.exe en wmpnetwk.exe MsMpEng.exe, vind die gwn verdacht omdat op mijn normale pc deze processen nooit runnen
  6. Moneyman_5th
    ja, veilige modus doet het niet meer heb gisteren en vanacht de hele tijd geprobeerd de pc terug in gang te krijgen met pas deze ochtend succes door de pc in VGA-modus op te starten, veilige modus en normale modus gingen niet meer noch de andere methodes alleen VGA lukte. Daar heb ik mijn instellingen in boot.ini veranderd en is de pc terug normaal op kunnen starten. moet ik smitfraudfix nu runnen in VGA of in normale modus en miss ideeëen waarom de veilige modus niet werkt?
  7. Moneyman_5th
    heb een serieus probleem kan niet in veilige modus opstarten, na het kiezen van veilige modus en mijn besturingssysteem krijg ik eerst een aantal gegevens die snel op het scherm komen, gegevens ik denk locaties in C, en daarna niets meer heb een 20 tal minuten gewacht maar er kwam niets meer, laptop toonde ook niet aan met iets bezig te zijn dus heb ik hem maar gewoon opgestart weet niet hoe ik in veilige modus kan komen ook veilige modus met netwerkmogelijkheden opstarten lukte mij niet begin me nog meer zorgen te maken :s
  8. Moneyman_5th
    ok gedaan log files volgen ja nog altijd veel problemen met de pc, krijg nog de hele tijd results van symantec en rare berichten die ik niet vertrouw dus zeker nog ni opgelost heb trouwens een raar bureaublad afbeelding weet niet echt of dat ik dit kan vertrouwen of niet, want weet niet of het een echt anti-spyware programma is of weer een virus ziet er zo uit file://C:\Documents and Settings\Paul\Bureaublad\raarbureaublad.bmp ComboFix 08-03-24.1 - Paul 2008-03-25 17:25:35.4 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Paul\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird. exe C:\WINDOWS\Fonts\RandFont.dll C:\WINDOWS\system32\ifefgfil.exe C:\WINDOWS\system32\lkhqlejw.exe C:\WINDOWS\system32\uhsxibsd.exe . -- Script messages for sUBs -- CF2982.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$" VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll" CF2982.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\ebcnqbgj C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe C:\Documents and Settings\All Users\Application Data\nemwdewf C:\Documents and Settings\All Users\Application Data\nemwdewf\gxyvopah.exe C:\Documents and Settings\Dimitri\Bureaubladvirii C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.bl.exe C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.p.exe C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.r.exe C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.t.exe C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.v.exe C:\Documents and Settings\Paul\Bureaubladvirii C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.bl.exe C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.p.exe C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.r.exe C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.t.exe C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.v.exe C:\VundoFix Backups C:\WINDOWS\Fonts\RandFont.dll C:\WINDOWS\system32\ifefgfil.exe C:\WINDOWS\system32\lkhqlejw.exe C:\WINDOWS\system32\uhsxibsd.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))) . 2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-24 22:00 . 2008-03-24 22:30 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel 2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo! 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe 2008-03-24 19:35 . 2008-03-24 19:35 <DIR> d----c--- C:\Program Files\PC-Cleaner 2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery 2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe 2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live 2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32 2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo! 2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-25 11:39 --------- dc----w C:\Program Files\Symantec AntiVirus 2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo! 2008-03-24 21:30 --------- dc----w C:\Program Files\Google 2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar 2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger 2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744] "NWEReboot"="" [] "NvCplDaemon"="NvQTwk" [] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920] Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49] R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45] S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37] S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29] S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25] . Inhoud van de 'Gedeelde Taken' map "2008-03-25 11:39:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 17:34:44 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-25 17:41:51 ComboFix-quarantined-files.txt 2008-03-25 16:41:31 ComboFix2.txt 2008-03-25 13:29:36 ComboFix3.txt 2008-03-25 11:21:46 ComboFix4.txt 2008-03-24 23:38:14 . 2008-03-21 02:32:08 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:43:54, on 25/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe C:\Program Files\DV Series\Console\Watch.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766 O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132 O20 - Winlogon Notify: pmnnlkl - C:\WINDOWS\ O21 - SSODL: RomUnknown - {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 6391 bytes
  9. Moneyman_5th
    ok alle twee gedaan hier zijn de log files eerste is hijack dan combo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:15:52, on 25/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\uhsxibsd.exe C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe C:\Program Files\DV Series\Console\Watch.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {DCFBDF40-1737-4D50-BAF2-525D3BC925DF} - C:\WINDOWS\system32\ssqno.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing) O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [lptiifmw] C:\WINDOWS\system32\orifcrcz.exe O4 - HKCU\..\Run: [qpuawjsu] C:\WINDOWS\system32\lkhqlejw.exe O4 - HKCU\..\Run: [wdvwdtpb] C:\WINDOWS\system32\ifefgfil.exe O4 - HKCU\..\Run: [msnetraw] C:\WINDOWS\system32\uhsxibsd.exe O4 - HKLM\..\Policies\Explorer\Run: [16HspacqHV] C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed001YYBE_ZNxdm119YYBE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766 O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132 O20 - Winlogon Notify: pmnnlkl - pmnnlkl.dll (file missing) O21 - SSODL: RomUnknown - {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll O21 - SSODL: dwnrpofk - {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll (file missing) O21 - SSODL: vbgtorfd - {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 7795 bytes ComboFix 08-03-24.1 - Paul 2008-03-25 14:18:03.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.172 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))) . 2008-03-25 12:50 . 2008-03-25 12:50 <DIR> d----c--- C:\VundoFix Backups 2008-03-25 12:38 . 2008-03-25 12:38 106,496 --a--c--- C:\WINDOWS\system32\uhsxibsd.exe 2008-03-25 11:43 . 2008-03-25 11:43 106,496 --a--c--- C:\WINDOWS\system32\ifefgfil.exe 2008-03-25 00:10 . 2008-03-25 00:10 94,208 --a--c--- C:\WINDOWS\system32\lkhqlejw.exe 2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-24 22:00 . 2008-03-24 22:30 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel 2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo! 2008-03-24 20:49 . 2008-03-24 20:49 <DIR> d----c--- C:\Documents and Settings\Dimitri\Bureaubladvirii 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe 2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nemwdewf 2008-03-24 19:35 . 2008-03-24 19:35 <DIR> d----c--- C:\Program Files\PC-Cleaner 2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery 2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Documents and Settings\Paul\Bureaubladvirii 2008-03-24 10:43 . 2008-03-24 10:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ebcnqbgj 2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe 2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live 2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32 2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo! 2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-25 11:39 --------- dc----w C:\Program Files\Symantec AntiVirus 2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo! 2008-03-24 21:30 --------- dc----w C:\Program Files\Google 2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar 2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger 2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat 2006-02-19 02:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCFBDF40-1737-4D50-BAF2-525D3BC925DF}] C:\WINDOWS\system32\ssqno.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] "lptiifmw"="C:\WINDOWS\system32\orifcrcz.exe" [ ] "qpuawjsu"="C:\WINDOWS\system32\lkhqlejw.exe" [2008-03-25 00:10 94208] "wdvwdtpb"="C:\WINDOWS\system32\ifefgfil.exe" [2008-03-25 11:43 106496] "msnetraw"="C:\WINDOWS\system32\uhsxibsd.exe" [2008-03-25 12:38 106496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744] "NWEReboot"="" [] "NvCplDaemon"="NvQTwk" [] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920] Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "16HspacqHV"= C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378] "dwnrpofk"= {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll [ ] "vbgtorfd"= {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl] pmnnlkl.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49] R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45] S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37] S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29] S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25] . Inhoud van de 'Gedeelde Taken' map "2008-03-25 11:39:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 14:25:32 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll . Voltooingstijd: 2008-03-25 14:29:35 ComboFix-quarantined-files.txt 2008-03-25 13:29:14 ComboFix2.txt 2008-03-25 11:21:46 ComboFix3.txt 2008-03-24 23:38:14 . 2008-03-21 02:32:08 --- E O F ---
  10. Moneyman_5th
    ok heb em nu toch idd een leeg kladblok... zal nu verder gaan met hijackthis en combo...
  11. Moneyman_5th
    dat is het hem juist heb geen logje gekregen of niks, hij was gedaan met scannen en ik kreeg een berichtje dat hij niets had gevonden en nu sta ik terug op beginscherm van vundo :s
  12. Moneyman_5th
    euh vundofix heeft niks gevonden bij scan for vundo kan dit? indien ja moet ik dan nog fix vundo doen?
  13. Moneyman_5th
    thx trouwens niet mijn computer maar die van mijn vader voor jullie foute dingen gaan denken ga even alles uitvoeren wat je zonet gezegt hebt
  14. Moneyman_5th
    Heb miss het gevreesde msn virus gelieve mij te helpen Heb combofix laten draaien, maar krijg nog altijd volop waarschuwingen voor spyware enzo, en krijg hetvolgende log file: ComboFix 08-03-24.1 - Paul 2008-03-24 23:46:30.1 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . -- Script messages for sUBs -- Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$" VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll" CF24177.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Paul\Application Data\FunWebProducts C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\avatar.dat C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\register.dat C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\zbucks.dat C:\Documents and Settings\Paul\Bureaublad\Error Cleaner.url C:\Documents and Settings\Paul\Bureaublad\Privacy Protector.url C:\Documents and Settings\Paul\Bureaublad\Spyware&Malware Protection.url C:\Documents and Settings\Paul\Favorieten\Error Cleaner.url C:\Documents and Settings\Paul\Favorieten\Privacy Protector.url C:\Documents and Settings\Paul\Favorieten\Spyware&Malware Protection.url C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.exe C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\PopSwatr\History\allowed C:\Program Files\FunWebProducts\PopSwatr\History\notallow C:\Program Files\FunWebProducts\ScreenSaver\Images\01323489.urr C:\Program Files\FunWebProducts\Shared\002EAE1C.dat C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Program Files\internet explorer\msimg32.dll C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico C:\Program Files\MyWebSearch\bar\Cache\002955E5.bin C:\Program Files\MyWebSearch\bar\Cache\00296314.bin C:\Program Files\MyWebSearch\bar\Cache\00296512.bin C:\Program Files\MyWebSearch\bar\Cache\005D5D34 C:\Program Files\MyWebSearch\bar\Cache\0130211B C:\Program Files\MyWebSearch\bar\Cache\0130292A.bin C:\Program Files\MyWebSearch\bar\Cache\01302DDC.bin C:\Program Files\MyWebSearch\bar\Cache\01303ACF.bin C:\Program Files\MyWebSearch\bar\Cache\01303E18.bin C:\Program Files\MyWebSearch\bar\Cache\0156840D.bin C:\Program Files\MyWebSearch\bar\Cache\0156883C.bin C:\Program Files\MyWebSearch\bar\Cache\015695F7.bin C:\Program Files\MyWebSearch\bar\Cache\0156974C.bin C:\Program Files\MyWebSearch\bar\Cache\015699A5 C:\Program Files\MyWebSearch\bar\Cache\0156A756.bin C:\Program Files\MyWebSearch\bar\Cache\04A2AAC8 C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\icons\CM.ICO C:\Program Files\MyWebSearch\bar\icons\MFC.ICO C:\Program Files\MyWebSearch\bar\icons\PSS.ICO C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO C:\Program Files\MyWebSearch\bar\icons\WB.ICO C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif C:\Program Files\MyWebSearch\bar\MSNBackgrounds\00953FE8.jpeg C:\Program Files\MyWebSearch\bar\MSNBackgrounds\03DDAF8B.jpeg C:\Program Files\MyWebSearch\bar\MSNBackgrounds\15891F09.jpeg C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\setting2.htm C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL C:\Program Files\Video Add-on C:\WINDOWS\cookies.ini C:\WINDOWS\dwnrpofk.dll C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\qvdntlmw.dll C:\WINDOWS\rs.txt C:\WINDOWS\system32\f3PSSavr.scr C:\WINDOWS\system32\hwxpifaq.dll C:\WINDOWS\system32\onqss.ini C:\WINDOWS\system32\onqss.ini2 C:\WINDOWS\system32\oobqmwqy.ini C:\WINDOWS\system32\yqwmqboo.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))) . 2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-24 22:00 . 2008-03-24 22:30 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel 2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo! 2008-03-24 20:49 . 2008-03-24 20:49 <DIR> d----c--- C:\Documents and Settings\Dimitri\Bureaubladvirii 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladFWebdEditor.exe 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfwebd.exe 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfkwp2.0.exe 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfkwp1.5.exe 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfilemanagerclient.exe 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladEditorFKWP2.0.exe 2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladEditorFKWP1.5.exe 2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nemwdewf 2008-03-24 19:35 . 2008-03-24 19:35 <DIR> d----c--- C:\Program Files\PC-Cleaner 2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery 2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Documents and Settings\Paul\Bureaubladvirii 2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladTrojan.Win32.BlackBird.exe 2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladFWebdEditor.exe 2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfwebd.exe 2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfkwp2.0.exe 2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfkwp1.5.exe 2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfilemanagerclient.exe 2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladEditorFKWP2.0.exe 2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladEditorFKWP1.5.exe 2008-03-24 10:44 . 2008-03-24 10:44 4,096 --a--c--- C:\WINDOWS\system32vbsys2.dll 2008-03-24 10:43 . 2008-03-24 10:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ebcnqbgj 2008-03-24 10:43 . 2008-03-24 06:22 221,184 --a--c--- C:\WINDOWS\vbgtorfd.dll 2008-03-24 10:43 . 2008-03-24 06:22 212,992 --a--c--- C:\WINDOWS\kdftlboewkf.dll 2008-03-24 10:43 . 2008-03-24 10:43 114,688 --a--c--- C:\WINDOWS\system32\orifcrcz.exe 2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe 2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live 2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-21 01:42 . 2008-03-22 04:12 1,542,897 ---hsc--- C:\WINDOWS\system32\yhxrmier.ini 2008-03-20 01:37 . 2008-03-21 01:38 1,539,734 ---hsc--- C:\WINDOWS\system32\axlwsfxg.ini 2008-03-18 17:15 . 2008-03-20 01:38 1,522,334 ---hsc--- C:\WINDOWS\system32\xokmdpso.ini 2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32 2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo! 2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 23:08 --------- dc----w C:\Program Files\Symantec AntiVirus 2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo! 2008-03-24 21:30 --------- dc----w C:\Program Files\Google 2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar 2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger 2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD13890-4053-435A-9ABF-432925B093D3}] 2008-03-24 06:22 212992 --a--c--- C:\WINDOWS\kdftlboewkf.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCFBDF40-1737-4D50-BAF2-525D3BC925DF}] C:\WINDOWS\system32\ssqno.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] "lptiifmw"="C:\WINDOWS\system32\orifcrcz.exe" [2008-03-24 10:43 114688] "qpuawjsu"="C:\WINDOWS\system32\lkhqlejw.exe" [2008-03-25 00:10 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744] "NWEReboot"="" [] "NvCplDaemon"="NvQTwk" [] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920] Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "16HspacqHV"= C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378] "dwnrpofk"= {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll [ ] "vbgtorfd"= {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll [2008-03-24 06:22 221184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl] pmnnlkl.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49] R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45] S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37] S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29] S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25] . Inhoud van de 'Gedeelde Taken' map "2008-03-24 23:10:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 00:09:00 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll -> C:\WINDOWS\vbgtorfd.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Symantec AntiVirus\DoScan.exe . ************************************************************************** . Voltooingstijd: 2008-03-25 0:38:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-24 23:38:03 . 2008-03-21 02:32:08 --- E O F ---
  15. Moneyman_5th
    Mijn pc heeft een magere 256MB RAM geheugen :s Kan deze echter ni vergroten of veranderen, nog gebruikers van deze pc, Ik vroeg mij echter af of jullie enige moderne en leuke spelletjes kennen die weinig RAM geheugen innemen, liefst 256MB recommended want anders moet ik alle processen afsluiten probleem dat ik nu al heb bij FIFA 2007 Enige commentaar zou mij helpen thx
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.