Ga naar inhoud

msn virus2


Aanbevolen berichten

Graag in het vervolg een eigen (nieuw) topic starten, want inbreken in een andere thread maakt het alleen maar onoverzichtelijk. De moderators zullen dit bericht wel even een eigen plekje geven ... dat werkt makkelijker.

Je bent wel even té snel geweest om onmiddellijk naar SDFix te grijpen, want dat is (normaal) pas een programma dat gebruikt wordt nadat er een probleemanalyse gebeurd is. Maar goed ... geen probleem.

Eerst even de stappen afwerken die je eerst had moeten doen. Je MSN heb je al verwijderd heb ik begrepen. Volgende stap is een log van HiJackThis en dan eentje met Combofix. Plak beide logjes in een volgend bericht en dan kijken we verder.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:15:14, on 20/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\USB Disk Win98 Driver\Res.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\HPQ\Shared\hpqwmi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Provinciale Hogeschool Limburg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP United States - Computers, Laptops, Servers, Printers & more

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Provinciale Hogeschool Limburg

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phlimburg.be:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2EFCD117-C8C0-4DC7-9D1E-E01B4814876B} - C:\Program Files\ComPlus Applications\cofyl821058.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: 0 - {6F9B96C8-1F19-4B26-B684-903DADDAC0FB} - C:\Program Files\Outlook Express\qubap367.dll (file missing)

O2 - BHO: (no name) - {A57FB6AF-C8A1-4825-8898-891FCEC6645D} - C:\Program Files\ComPlus Applications\cofyl777444.dll (file missing)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab

O16 - DPF: {5908A47C-F569-4B46-8B35-5FE2C63CC276} (PEAgent) - http://www.phl.be/GGBTRENDMICRO/cabinet/PEAgent.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118127289296

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elke87.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab

O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.net/clients/uploader_v2.2.0.6.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.be/site/xupload/XUpload.ocx

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Policy Enforcer Agent (NVW_PEAgent) - Trend Micro Inc. - C:\WINDOWS\PEAgent\PEAgent.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 10040 bytes

Link naar reactie
Delen op andere sites

ComboFix 08-03-18.1 - Administrator 2008-03-20 18:17:23.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.208 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\copy.exe

C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\U66GMER7\iforex.com

C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\U66GMER7\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\host.exe

C:\WINDOWS\Fonts\acrsecB.fon

C:\WINDOWS\Fonts\acrsecI.fon

C:\WINDOWS\smdat32m.sys

C:\WINDOWS\system32\Cache

C:\WINDOWS\system32\lsprst7.dll

C:\WINDOWS\system32\temp1.exe

C:\WINDOWS\system32\temp2.exe

C:\WINDOWS\xcopy.exe

D:\Autorun.inf

D:\copy.exe

D:\host.exe

D:\Mijn documenten\STEM~1

D:\Mijn documenten\STEM~1\??stem\

D:\Mijn documenten\STEM~1\attrib.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))

.

2008-03-20 18:15 . 2008-03-20 18:15 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-20 12:05 . 2008-03-20 12:05 <DIR> d-------- C:\WINDOWS\ERUNT

2008-03-19 22:52 . 2008-03-19 22:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-03-19 22:33 . 2008-03-19 22:33 87,608 --a------ C:\Documents and Settings\Administrator\Application Data\ezpinst.exe

2008-03-19 22:08 . 2008-03-19 22:08 9,296 --a------ C:\WINDOWS\system32\cihrku.exe

2008-03-19 22:08 . 2008-03-19 22:08 244 --ah-c--- C:\sqmnoopt06.sqm

2008-03-19 22:08 . 2008-03-19 22:08 232 --ah-c--- C:\sqmdata06.sqm

2008-03-19 10:43 . 2008-03-19 10:43 9,296 --a------ C:\Documents and Settings\Administrator\nnoswz.exe

2008-03-19 08:39 . 2008-03-20 08:37 136,627 --a------ C:\WINDOWS\POTA777444.exe

2008-03-18 15:11 . 2008-03-18 15:11 9,296 --a------ C:\WINDOWS\system32\ucgnmg.exe

2008-03-17 17:24 . 2008-03-17 17:24 9,296 --a------ C:\WINDOWS\system32\osqzoo.exe

2008-03-17 17:24 . 2008-03-17 17:24 244 --ah-c--- C:\sqmnoopt05.sqm

2008-03-17 17:24 . 2008-03-17 17:24 232 --ah-c--- C:\sqmdata05.sqm

2008-03-17 16:47 . 2008-03-17 16:47 9,296 --a------ C:\WINDOWS\system32\xfvhuk.exe

2008-03-17 16:47 . 2008-03-17 16:47 244 --ah-c--- C:\sqmnoopt04.sqm

2008-03-17 16:47 . 2008-03-17 16:47 232 --ah-c--- C:\sqmdata04.sqm

2008-03-17 15:11 . 2008-03-17 15:11 9,296 --a------ C:\WINDOWS\system32\sqmxmd.exe

2008-03-15 17:28 . 2008-03-15 17:28 9,296 --a------ C:\Documents and Settings\Administrator\wixhvf.exe

2008-03-15 17:15 . 2008-03-15 17:15 <DIR> d-------- C:\Program Files\Webroot

2008-03-15 10:47 . 2008-03-15 10:47 9,296 --a------ C:\WINDOWS\system32\alatuu.exe

2008-03-15 10:47 . 2008-03-15 10:47 244 --ah-c--- C:\sqmnoopt03.sqm

2008-03-15 10:47 . 2008-03-15 10:47 232 --ah-c--- C:\sqmdata03.sqm

2008-03-14 14:30 . 2008-03-14 14:30 244 --ah-c--- C:\sqmnoopt02.sqm

2008-03-14 14:30 . 2008-03-14 14:30 232 --ah-c--- C:\sqmdata02.sqm

2008-03-14 13:55 . 2008-03-15 10:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-03-14 13:55 . 2008-03-14 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-03-14 13:55 . 2008-03-15 10:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2008-03-13 20:16 . 2008-03-13 20:16 9,296 --a------ C:\WINDOWS\system32\jkavmn.exe

2008-03-13 20:16 . 2008-03-13 20:16 244 --ah-c--- C:\sqmnoopt01.sqm

2008-03-13 20:16 . 2008-03-13 20:16 232 --ah-c--- C:\sqmdata01.sqm

2008-03-13 15:06 . 2008-03-13 15:06 244 --ah-c--- C:\sqmnoopt00.sqm

2008-03-13 15:06 . 2008-03-13 15:06 232 --ah-c--- C:\sqmdata00.sqm

2008-03-11 22:35 . 2008-03-11 22:35 9,296 --a------ C:\WINDOWS\system32\sduzcp.exe

2008-02-27 13:04 . 2008-02-27 13:07 <DIR> d-------- C:\Program Files\Windows Live

2008-02-27 13:04 . 2008-02-27 13:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-27 13:03 . 2008-02-27 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-24 14:36 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-02-24 14:36 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-02-24 14:36 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-02-24 14:36 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-02-21 20:21 . 2008-02-21 20:37 187,934,908 --a--c--- C:\Krov.mpg

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 17:04 --------- d-----w C:\Program Files\Rainlendar2

2008-03-19 21:54 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-19 21:50 --------- d-----w C:\Program Files\CyberLink

2008-03-19 21:45 --------- d-----w C:\Program Files\Common Files\Ahead

2008-03-19 21:37 --------- d-----w C:\Program Files\LimeWire

2008-03-19 21:37 --------- d-----w C:\Program Files\DivX

2008-03-19 21:36 --------- d-----w C:\Program Files\Google

2008-03-19 21:33 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys

2008-03-19 21:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Vso

2008-03-17 19:46 --------- d-----w C:\Program Files\Hitman Pro

2008-03-17 09:20 --------- d-----w C:\Program Files\Data Entry for Windows

2008-03-15 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-15 15:52 --------- d-----w C:\Program Files\SpywareBlaster

2008-03-15 09:38 --------- d-----w C:\Program Files\Poink

2008-03-13 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-10 08:53 --------- d-----w C:\Program Files\SPSS

2008-02-28 15:59 --------- d-----w C:\Program Files\MSN Messenger

2008-02-17 10:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-13 12:49 --------- d-----w C:\Program Files\Conduit

2008-01-20 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EFCD117-C8C0-4DC7-9D1E-E01B4814876B}]

C:\Program Files\ComPlus Applications\cofyl821058.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F9B96C8-1F19-4B26-B684-903DADDAC0FB}]

C:\Program Files\Outlook Express\qubap367.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57FB6AF-C8A1-4825-8898-891FCEC6645D}]

C:\Program Files\ComPlus Applications\cofyl777444.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-23 09:55 1298432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41 860160]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-21 10:16 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-21 10:11 126976]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 14:01 88209 C:\WINDOWS\AGRSMMSG.exe]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40 98394]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38 688218]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28 213054]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 09:11 290816]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 00:05 122939]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-12 11:40 790528]

"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 15:17 184320]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14 36975]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39 40960]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 21:46 401408]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 21:47 385024]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-07-22 21:51 356352]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-13 02:10 155648]

"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

"JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 21:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Mijn documenten\\Mijn muziek\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 15:26]

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-08-14 15:48]

S3 CpqDtct;CpqDtct;C:\WINDOWS\system32\Drivers\Cpqdtct.sys []

S3 NVW_PEAgent;Policy Enforcer Agent;"C:\WINDOWS\PEAgent\PEAgent.exe" /SERVICE []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078db82f-ed88-11db-89ae-001279c69347}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL System_Volume_Information\batexe\start2.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29044de8-1cc0-11dc-8a62-00170833fef6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ddb16b4-974d-11dc-8b8a-00170833fef6}]

\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71db356f-0b7d-11dc-8a22-001279c69347}]

\Shell\AutoRun\command - F:\Loader.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-20 18:20:21

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?7?1?8??P???? ???B???????????????B? ??????

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-20 18:24:29

ComboFix-quarantined-files.txt 2008-03-20 17:24:26

.

2008-03-13 14:09:33 --- E O F ---

Link naar reactie
Delen op andere sites

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {2EFCD117-C8C0-4DC7-9D1E-E01B4814876B} - C:\Program Files\ComPlus Applications\cofyl821058.dll (file missing)

O2 - BHO: 0 - {6F9B96C8-1F19-4B26-B684-903DADDAC0FB} - C:\Program Files\Outlook Express\qubap367.dll (file missing)

O2 - BHO: (no name) - {A57FB6AF-C8A1-4825-8898-891FCEC6645D} - C:\Program Files\ComPlus Applications\cofyl777444.dll (file missing)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} –

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map met Windows Verkenner.

C:\Program Files\Common Files\BOONTY Shared

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File ::

C:\WINDOWS\system32\cihrku.exe

C:\sqmnoopt06.sqm

C:\sqmdata06.sqm

C:\Documents and Settings\Administrator\nnoswz.exe

C:\WINDOWS\POTA777444.exe

C:\WINDOWS\system32\ucgnmg.exe

C:\WINDOWS\system32\osqzoo.exe

C:\sqmnoopt05.sqm

C:\sqmdata05.sqm

C:\WINDOWS\system32\xfvhuk.exe

C:\sqmnoopt04.sqm

C:\sqmdata04.sqm

C:\WINDOWS\system32\sqmxmd.exe

C:\Documents and Settings\Administrator\wixhvf.exe

C:\WINDOWS\system32\alatuu.exe

C:\sqmnoopt03.sqm

C:\sqmdata03.sqm

C:\sqmnoopt02.sqm

C:\sqmdata02.sqm

C:\WINDOWS\system32\jkavmn.exe

C:\sqmnoopt01.sqm

C:\sqmdata01.sqm

C:\sqmnoopt00.sqm

C:\sqmdata00.sqm

C:\WINDOWS\system32\sduzcp.exe

C:\Krov.mpg

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EFCD117-C8C0-4DC7-9D1E-E01B4814876B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F9B96C8-1F19-4B26-B684-903DADDAC0FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57FB6AF-C8A1-4825-8898-891FCEC6645D}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

  • 3 maanden later...
Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.