Moneyman_5th
-
Items
65 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Moneyman_5th
-
-
ok is gelukt logjes volgen heb ook hijackthislog gemaakt half uit gewoonte
wel iets raar nu ik slaag er niet in van een afbeelding op mijn bureaublad te krijgen :s
enkel witte achtergrond en naar bureaublad eigenschappen gaan en een afbeelding erop zetten lukte niet enig idee how come?
-
ok het eerste is gewoon manueel verwijderd geraakt makkelijker als ik verwachte en de andere met hijackthis is ook gelukt.
Wat betreft de andere problemen krijg inderdaad soms pop-ups zelf zonder dat het internet op staat, ook soms fouten in de pagina's
Ook gaat de pc soms opeens héél traag en dan na een tijdje weer normaal...
Beetje vreemd gedrag dus maar al een pak beter
-
ok alles goed verlopen veilige modus werkte nog altijd niet dus heb de hierboven vermelde stappen uitgevoerd dit zijn de logjes van combofix mbam en HiJackThis
ComboFix 08-03-24.1 - Paul 2008-03-27 17:33:40.5 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird. exe
.
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF11968.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-27 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-27 C:\WINDOWS\*
CF11968.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-27 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-27 "C:\Program Files\*"
CF11968.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PC-Cleaner
C:\WINDOWS\SxsCaPendDel
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))
.
2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro
2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo!
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe
2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery
2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe
2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live
2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32
2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo!
2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 16:19 --------- dc----w C:\Program Files\Symantec AntiVirus
2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo!
2008-03-24 21:30 --------- dc----w C:\Program Files\Google
2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger
2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"NWEReboot"="" []
"NvCplDaemon"="NvQTwk" []
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920]
Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]
R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45]
S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25]
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-27 16:20:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 17:41:34
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll
.
Voltooingstijd: 2008-03-27 17:46:15
ComboFix-quarantined-files.txt 2008-03-27 16:46:09
ComboFix2.txt 2008-03-25 16:41:53
ComboFix3.txt 2008-03-25 13:29:36
ComboFix4.txt 2008-03-25 11:21:46
ComboFix5.txt 2008-03-24 23:38:14
.
2008-03-21 02:32:08 --- E O F ---
Malwarebytes' Anti-Malware 1.09
Database versie: 555
Scan type: Snelle Scan
Objecten gescand: 35072
Verstreken tijd: 13 minute(s), 0 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 119
Registerwaarden geïnfecteerd: 3
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 3
Bestanden geïnfecteerd: 6
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll (Trojan.Alphabet) -> Unloaded module successfully.
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{b989b1ee-a010-4226-9e36-1de85c2c006a} (Trojan.Alphabet) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\RomUnknown (Trojan.Alphabet) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a} (Trojan.Alphabet) -> Delete on reboot.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll (Trojan.Alphabet) -> Delete on reboot.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\norlatmx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:32, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766
O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132
O20 - Winlogon Notify: pmnnlkl - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6237 bytes
-
ook gaat de pc tegenwoordig soms opeens heel erg traag en dan terug normale snelheid en de aanduiding van geheugengebruik in windows taakbeheer doet ook heel raar stond daarjuist op 1762/1886MB maar ik vond geen enkel veel verbruikend proces. heel vreemde zaken dus...
is het normaal dat mijn twee meest geheugenverbruikende processen beide iexplore.exe zijn?
ook een grote verbruiker is rtvscan.exe en wmpnetwk.exe MsMpEng.exe, vind die gwn verdacht omdat op mijn normale pc deze processen nooit runnen
-
ja, veilige modus doet het niet meer heb gisteren en vanacht de hele tijd geprobeerd de pc terug in gang te krijgen met pas deze ochtend succes door de pc in VGA-modus op te starten, veilige modus en normale modus gingen niet meer noch de andere methodes alleen VGA lukte.
Daar heb ik mijn instellingen in boot.ini veranderd en is de pc terug normaal op kunnen starten. moet ik smitfraudfix nu runnen in VGA of in normale modus en miss ideeëen waarom de veilige modus niet werkt?
-
heb een serieus probleem kan niet in veilige modus opstarten, na het kiezen van veilige modus en mijn besturingssysteem krijg ik eerst een aantal gegevens die snel op het scherm komen, gegevens ik denk locaties in C, en daarna niets meer heb een 20 tal minuten gewacht maar er kwam niets meer, laptop toonde ook niet aan met iets bezig te zijn dus heb ik hem maar gewoon opgestart weet niet hoe ik in veilige modus kan komen ook veilige modus met netwerkmogelijkheden opstarten lukte mij niet
begin me nog meer zorgen te maken :s
-
ok gedaan log files volgen ja nog altijd veel problemen met de pc, krijg nog de hele tijd results van symantec en rare berichten die ik niet vertrouw dus zeker nog ni opgelost heb trouwens een raar bureaublad afbeelding weet niet echt of dat ik dit kan vertrouwen of niet, want weet niet of het een echt anti-spyware programma is of weer een virus ziet er zo uit
file://C:\Documents and Settings\Paul\Bureaublad\raarbureaublad.bmp
ComboFix 08-03-24.1 - Paul 2008-03-25 17:25:35.4 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird. exe
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\system32\ifefgfil.exe
C:\WINDOWS\system32\lkhqlejw.exe
C:\WINDOWS\system32\uhsxibsd.exe
.
-- Script messages for sUBs --
CF2982.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF2982.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\ebcnqbgj
C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe
C:\Documents and Settings\All Users\Application Data\nemwdewf
C:\Documents and Settings\All Users\Application Data\nemwdewf\gxyvopah.exe
C:\Documents and Settings\Dimitri\Bureaubladvirii
C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.bl.exe
C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.p.exe
C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.r.exe
C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.t.exe
C:\Documents and Settings\Dimitri\Bureaubladvirii\Trojan-Downloader.Win32.Agent.v.exe
C:\Documents and Settings\Paul\Bureaubladvirii
C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.bl.exe
C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.p.exe
C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.r.exe
C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.t.exe
C:\Documents and Settings\Paul\Bureaubladvirii\Trojan-Downloader.Win32.Agent.v.exe
C:\VundoFix Backups
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\system32\ifefgfil.exe
C:\WINDOWS\system32\lkhqlejw.exe
C:\WINDOWS\system32\uhsxibsd.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))
.
2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro
2008-03-24 22:00 . 2008-03-24 22:30 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel
2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo!
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe
2008-03-24 19:35 . 2008-03-24 19:35 <DIR> d----c--- C:\Program Files\PC-Cleaner
2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery
2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe
2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live
2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32
2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo!
2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 11:39 --------- dc----w C:\Program Files\Symantec AntiVirus
2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo!
2008-03-24 21:30 --------- dc----w C:\Program Files\Google
2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger
2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"NWEReboot"="" []
"NvCplDaemon"="NvQTwk" []
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920]
Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]
R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45]
S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25]
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-25 11:39:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 17:34:44
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-03-25 17:41:51
ComboFix-quarantined-files.txt 2008-03-25 16:41:31
ComboFix2.txt 2008-03-25 13:29:36
ComboFix3.txt 2008-03-25 11:21:46
ComboFix4.txt 2008-03-24 23:38:14
.
2008-03-21 02:32:08 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:54, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766
O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132
O20 - Winlogon Notify: pmnnlkl - C:\WINDOWS\
O21 - SSODL: RomUnknown - {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6391 bytes
-
ok alle twee gedaan
hier zijn de log files eerste is hijack dan combo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:52, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\uhsxibsd.exe
C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {DCFBDF40-1737-4D50-BAF2-525D3BC925DF} - C:\WINDOWS\system32\ssqno.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [lptiifmw] C:\WINDOWS\system32\orifcrcz.exe
O4 - HKCU\..\Run: [qpuawjsu] C:\WINDOWS\system32\lkhqlejw.exe
O4 - HKCU\..\Run: [wdvwdtpb] C:\WINDOWS\system32\ifefgfil.exe
O4 - HKCU\..\Run: [msnetraw] C:\WINDOWS\system32\uhsxibsd.exe
O4 - HKLM\..\Policies\Explorer\Run: [16HspacqHV] C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed001YYBE_ZNxdm119YYBE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766
O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132
O20 - Winlogon Notify: pmnnlkl - pmnnlkl.dll (file missing)
O21 - SSODL: RomUnknown - {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll
O21 - SSODL: dwnrpofk - {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll (file missing)
O21 - SSODL: vbgtorfd - {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 7795 bytes
ComboFix 08-03-24.1 - Paul 2008-03-25 14:18:03.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.172 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))
.
2008-03-25 12:50 . 2008-03-25 12:50 <DIR> d----c--- C:\VundoFix Backups
2008-03-25 12:38 . 2008-03-25 12:38 106,496 --a--c--- C:\WINDOWS\system32\uhsxibsd.exe
2008-03-25 11:43 . 2008-03-25 11:43 106,496 --a--c--- C:\WINDOWS\system32\ifefgfil.exe
2008-03-25 00:10 . 2008-03-25 00:10 94,208 --a--c--- C:\WINDOWS\system32\lkhqlejw.exe
2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro
2008-03-24 22:00 . 2008-03-24 22:30 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel
2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo!
2008-03-24 20:49 . 2008-03-24 20:49 <DIR> d----c--- C:\Documents and Settings\Dimitri\Bureaubladvirii
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe
2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nemwdewf
2008-03-24 19:35 . 2008-03-24 19:35 <DIR> d----c--- C:\Program Files\PC-Cleaner
2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery
2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Documents and Settings\Paul\Bureaubladvirii
2008-03-24 10:43 . 2008-03-24 10:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ebcnqbgj
2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe
2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live
2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32
2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo!
2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 11:39 --------- dc----w C:\Program Files\Symantec AntiVirus
2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo!
2008-03-24 21:30 --------- dc----w C:\Program Files\Google
2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger
2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat
2006-02-19 02:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCFBDF40-1737-4D50-BAF2-525D3BC925DF}]
C:\WINDOWS\system32\ssqno.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
"lptiifmw"="C:\WINDOWS\system32\orifcrcz.exe" [ ]
"qpuawjsu"="C:\WINDOWS\system32\lkhqlejw.exe" [2008-03-25 00:10 94208]
"wdvwdtpb"="C:\WINDOWS\system32\ifefgfil.exe" [2008-03-25 11:43 106496]
"msnetraw"="C:\WINDOWS\system32\uhsxibsd.exe" [2008-03-25 12:38 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"NWEReboot"="" []
"NvCplDaemon"="NvQTwk" []
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920]
Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"16HspacqHV"= C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378]
"dwnrpofk"= {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll [ ]
"vbgtorfd"= {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl]
pmnnlkl.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]
R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45]
S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25]
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-25 11:39:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 14:25:32
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll
.
Voltooingstijd: 2008-03-25 14:29:35
ComboFix-quarantined-files.txt 2008-03-25 13:29:14
ComboFix2.txt 2008-03-25 11:21:46
ComboFix3.txt 2008-03-24 23:38:14
.
2008-03-21 02:32:08 --- E O F ---
-
ok heb em nu toch idd een leeg kladblok... zal nu verder gaan met hijackthis en combo...
-
dat is het hem juist heb geen logje gekregen of niks, hij was gedaan met scannen en ik kreeg een berichtje dat hij niets had gevonden en nu sta ik terug op beginscherm van vundo :s
-
euh vundofix heeft niks gevonden bij scan for vundo kan dit? indien ja moet ik dan nog fix vundo doen?
-
thx trouwens niet mijn computer maar die van mijn vader voor jullie foute dingen gaan denken ga even alles uitvoeren wat je zonet gezegt hebt
-
Heb miss het gevreesde msn virus gelieve mij te helpen
Heb combofix laten draaien, maar krijg nog altijd volop waarschuwingen voor spyware enzo, en krijg hetvolgende log file:
ComboFix 08-03-24.1 - Paul 2008-03-24 23:46:30.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
-- Script messages for sUBs --
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF24177.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Paul\Application Data\FunWebProducts
C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\avatar.dat
C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\register.dat
C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\zbucks.dat
C:\Documents and Settings\Paul\Bureaublad\Error Cleaner.url
C:\Documents and Settings\Paul\Bureaublad\Privacy Protector.url
C:\Documents and Settings\Paul\Bureaublad\Spyware&Malware Protection.url
C:\Documents and Settings\Paul\Favorieten\Error Cleaner.url
C:\Documents and Settings\Paul\Favorieten\Privacy Protector.url
C:\Documents and Settings\Paul\Favorieten\Spyware&Malware Protection.url
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\01323489.urr
C:\Program Files\FunWebProducts\Shared\002EAE1C.dat
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\002955E5.bin
C:\Program Files\MyWebSearch\bar\Cache\00296314.bin
C:\Program Files\MyWebSearch\bar\Cache\00296512.bin
C:\Program Files\MyWebSearch\bar\Cache\005D5D34
C:\Program Files\MyWebSearch\bar\Cache\0130211B
C:\Program Files\MyWebSearch\bar\Cache\0130292A.bin
C:\Program Files\MyWebSearch\bar\Cache\01302DDC.bin
C:\Program Files\MyWebSearch\bar\Cache\01303ACF.bin
C:\Program Files\MyWebSearch\bar\Cache\01303E18.bin
C:\Program Files\MyWebSearch\bar\Cache\0156840D.bin
C:\Program Files\MyWebSearch\bar\Cache\0156883C.bin
C:\Program Files\MyWebSearch\bar\Cache\015695F7.bin
C:\Program Files\MyWebSearch\bar\Cache\0156974C.bin
C:\Program Files\MyWebSearch\bar\Cache\015699A5
C:\Program Files\MyWebSearch\bar\Cache\0156A756.bin
C:\Program Files\MyWebSearch\bar\Cache\04A2AAC8
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\MSNBackgrounds\00953FE8.jpeg
C:\Program Files\MyWebSearch\bar\MSNBackgrounds\03DDAF8B.jpeg
C:\Program Files\MyWebSearch\bar\MSNBackgrounds\15891F09.jpeg
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\Video Add-on
C:\WINDOWS\cookies.ini
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\qvdntlmw.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\hwxpifaq.dll
C:\WINDOWS\system32\onqss.ini
C:\WINDOWS\system32\onqss.ini2
C:\WINDOWS\system32\oobqmwqy.ini
C:\WINDOWS\system32\yqwmqboo.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))
.
2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro
2008-03-24 22:00 . 2008-03-24 22:30 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel
2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo!
2008-03-24 20:49 . 2008-03-24 20:49 <DIR> d----c--- C:\Documents and Settings\Dimitri\Bureaubladvirii
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladFWebdEditor.exe
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfwebd.exe
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfkwp2.0.exe
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfkwp1.5.exe
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfilemanagerclient.exe
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladEditorFKWP2.0.exe
2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladEditorFKWP1.5.exe
2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nemwdewf
2008-03-24 19:35 . 2008-03-24 19:35 <DIR> d----c--- C:\Program Files\PC-Cleaner
2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery
2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Documents and Settings\Paul\Bureaubladvirii
2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladTrojan.Win32.BlackBird.exe
2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladFWebdEditor.exe
2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfwebd.exe
2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfkwp2.0.exe
2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfkwp1.5.exe
2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfilemanagerclient.exe
2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladEditorFKWP2.0.exe
2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladEditorFKWP1.5.exe
2008-03-24 10:44 . 2008-03-24 10:44 4,096 --a--c--- C:\WINDOWS\system32vbsys2.dll
2008-03-24 10:43 . 2008-03-24 10:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ebcnqbgj
2008-03-24 10:43 . 2008-03-24 06:22 221,184 --a--c--- C:\WINDOWS\vbgtorfd.dll
2008-03-24 10:43 . 2008-03-24 06:22 212,992 --a--c--- C:\WINDOWS\kdftlboewkf.dll
2008-03-24 10:43 . 2008-03-24 10:43 114,688 --a--c--- C:\WINDOWS\system32\orifcrcz.exe
2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe
2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live
2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-21 01:42 . 2008-03-22 04:12 1,542,897 ---hsc--- C:\WINDOWS\system32\yhxrmier.ini
2008-03-20 01:37 . 2008-03-21 01:38 1,539,734 ---hsc--- C:\WINDOWS\system32\axlwsfxg.ini
2008-03-18 17:15 . 2008-03-20 01:38 1,522,334 ---hsc--- C:\WINDOWS\system32\xokmdpso.ini
2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32
2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo!
2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 23:08 --------- dc----w C:\Program Files\Symantec AntiVirus
2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo!
2008-03-24 21:30 --------- dc----w C:\Program Files\Google
2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger
2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD13890-4053-435A-9ABF-432925B093D3}]
2008-03-24 06:22 212992 --a--c--- C:\WINDOWS\kdftlboewkf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCFBDF40-1737-4D50-BAF2-525D3BC925DF}]
C:\WINDOWS\system32\ssqno.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
"lptiifmw"="C:\WINDOWS\system32\orifcrcz.exe" [2008-03-24 10:43 114688]
"qpuawjsu"="C:\WINDOWS\system32\lkhqlejw.exe" [2008-03-25 00:10 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"NWEReboot"="" []
"NvCplDaemon"="NvQTwk" []
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920]
Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"16HspacqHV"= C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378]
"dwnrpofk"= {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll [ ]
"vbgtorfd"= {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll [2008-03-24 06:22 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl]
pmnnlkl.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]
R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45]
S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25]
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-24 23:10:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 00:09:00
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll
-> C:\WINDOWS\vbgtorfd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-25 0:38:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-24 23:38:03
.
2008-03-21 02:32:08 --- E O F ---
-
Mijn pc heeft een magere 256MB RAM geheugen :s
Kan deze echter ni vergroten of veranderen, nog gebruikers van deze pc,
Ik vroeg mij echter af of jullie enige moderne en leuke spelletjes kennen die weinig RAM geheugen innemen, liefst 256MB recommended want anders moet ik alle processen afsluiten probleem dat ik nu al heb bij FIFA 2007
Enige commentaar zou mij helpen thx
miss msn virus
in Archief Bestrijding malware & virussen
Geplaatst:
ow logjes vergeten stom van mij
SmitFraudFix v2.308
Scan done at 22:29:01,60, do 27/03/2008
Run from C:\Documents and Settings\Paul\Bureaublad\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: MSI US60SE Wireless Adapter - Pakketplanner-minipoort
DNS Server Search Order: 195.130.130.4
DNS Server Search Order: 195.130.130.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{946D9A9B-C21D-4EDE-8702-2D626283A67C}: DhcpNameServer=195.130.130.4 195.130.130.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer=195.130.130.4,195.130.130.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{946D9A9B-C21D-4EDE-8702-2D626283A67C}: DhcpNameServer=195.130.130.4 195.130.130.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer=195.130.130.4,195.130.130.132
HKLM\SYSTEM\CS2\Services\Tcpip\..\{946D9A9B-C21D-4EDE-8702-2D626283A67C}: DhcpNameServer=195.130.130.4 195.130.130.132
HKLM\SYSTEM\CS2\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer=195.130.130.4,195.130.130.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{946D9A9B-C21D-4EDE-8702-2D626283A67C}: DhcpNameServer=195.130.130.4 195.130.130.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer=195.130.130.4,195.130.130.132
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.4 195.130.130.132
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.4 195.130.130.132
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.4 195.130.130.132
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.130.130.4 195.130.130.132
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:48, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766
O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5563 bytes