Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Heb miss het gevreesde msn virus gelieve mij te helpen

Heb combofix laten draaien, maar krijg nog altijd volop waarschuwingen voor spyware enzo, en krijg hetvolgende log file:

ComboFix 08-03-24.1 - Paul 2008-03-24 23:46:30.1 - NTFSx86

Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

-- Script messages for sUBs --

Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"

GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"

VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

CF24177.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Paul\Application Data\FunWebProducts

C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\avatar.dat

C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\register.dat

C:\Documents and Settings\Paul\Application Data\FunWebProducts\Data\Paul\zbucks.dat

C:\Documents and Settings\Paul\Bureaublad\Error Cleaner.url

C:\Documents and Settings\Paul\Bureaublad\Privacy Protector.url

C:\Documents and Settings\Paul\Bureaublad\Spyware&Malware Protection.url

C:\Documents and Settings\Paul\Favorieten\Error Cleaner.url

C:\Documents and Settings\Paul\Favorieten\Privacy Protector.url

C:\Documents and Settings\Paul\Favorieten\Spyware&Malware Protection.url

C:\Program Files\akl

C:\Program Files\akl\akl.dll

C:\Program Files\akl\akl.exe

C:\Program Files\akl\uninstall.exe

C:\Program Files\akl\unsetup.exe

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\PopSwatr\History\allowed

C:\Program Files\FunWebProducts\PopSwatr\History\notallow

C:\Program Files\FunWebProducts\ScreenSaver\Images\01323489.urr

C:\Program Files\FunWebProducts\Shared\002EAE1C.dat

C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html

C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html

C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico

C:\Program Files\MyWebSearch\bar\Cache\002955E5.bin

C:\Program Files\MyWebSearch\bar\Cache\00296314.bin

C:\Program Files\MyWebSearch\bar\Cache\00296512.bin

C:\Program Files\MyWebSearch\bar\Cache\005D5D34

C:\Program Files\MyWebSearch\bar\Cache\0130211B

C:\Program Files\MyWebSearch\bar\Cache\0130292A.bin

C:\Program Files\MyWebSearch\bar\Cache\01302DDC.bin

C:\Program Files\MyWebSearch\bar\Cache\01303ACF.bin

C:\Program Files\MyWebSearch\bar\Cache\01303E18.bin

C:\Program Files\MyWebSearch\bar\Cache\0156840D.bin

C:\Program Files\MyWebSearch\bar\Cache\0156883C.bin

C:\Program Files\MyWebSearch\bar\Cache\015695F7.bin

C:\Program Files\MyWebSearch\bar\Cache\0156974C.bin

C:\Program Files\MyWebSearch\bar\Cache\015699A5

C:\Program Files\MyWebSearch\bar\Cache\0156A756.bin

C:\Program Files\MyWebSearch\bar\Cache\04A2AAC8

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search2

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif

C:\Program Files\MyWebSearch\bar\MSNBackgrounds\00953FE8.jpeg

C:\Program Files\MyWebSearch\bar\MSNBackgrounds\03DDAF8B.jpeg

C:\Program Files\MyWebSearch\bar\MSNBackgrounds\15891F09.jpeg

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\bar\Settings\setting2.htm

C:\Program Files\MyWebSearch\bar\Settings\settings.dat

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

C:\Program Files\Video Add-on

C:\WINDOWS\cookies.ini

C:\WINDOWS\dwnrpofk.dll

C:\WINDOWS\mslagent

C:\WINDOWS\mslagent\2_mslagent.dll

C:\WINDOWS\mslagent\mslagent.exe

C:\WINDOWS\mslagent\uninstall.exe

C:\WINDOWS\qvdntlmw.dll

C:\WINDOWS\rs.txt

C:\WINDOWS\system32\f3PSSavr.scr

C:\WINDOWS\system32\hwxpifaq.dll

C:\WINDOWS\system32\onqss.ini

C:\WINDOWS\system32\onqss.ini2

C:\WINDOWS\system32\oobqmwqy.ini

C:\WINDOWS\system32\yqwmqboo.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))

.

2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro

2008-03-24 22:00 . 2008-03-24 22:30 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel

2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo!

2008-03-24 20:49 . 2008-03-24 20:49 <DIR> d----c--- C:\Documents and Settings\Dimitri\Bureaubladvirii

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladFWebdEditor.exe

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfwebd.exe

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfkwp2.0.exe

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfkwp1.5.exe

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\Bureaubladfilemanagerclient.exe

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladEditorFKWP2.0.exe

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladEditorFKWP1.5.exe

2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nemwdewf

2008-03-24 19:35 . 2008-03-24 19:35 <DIR> d----c--- C:\Program Files\PC-Cleaner

2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery

2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Documents and Settings\Paul\Bureaubladvirii

2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladTrojan.Win32.BlackBird.exe

2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladFWebdEditor.exe

2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfwebd.exe

2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfkwp2.0.exe

2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfkwp1.5.exe

2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\Bureaubladfilemanagerclient.exe

2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladEditorFKWP2.0.exe

2008-03-24 10:45 . 2008-03-24 10:45 4,096 --a--c--- C:\Documents and Settings\Paul\BureaubladEditorFKWP1.5.exe

2008-03-24 10:44 . 2008-03-24 10:44 4,096 --a--c--- C:\WINDOWS\system32vbsys2.dll

2008-03-24 10:43 . 2008-03-24 10:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ebcnqbgj

2008-03-24 10:43 . 2008-03-24 06:22 221,184 --a--c--- C:\WINDOWS\vbgtorfd.dll

2008-03-24 10:43 . 2008-03-24 06:22 212,992 --a--c--- C:\WINDOWS\kdftlboewkf.dll

2008-03-24 10:43 . 2008-03-24 10:43 114,688 --a--c--- C:\WINDOWS\system32\orifcrcz.exe

2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe

2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live

2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-21 01:42 . 2008-03-22 04:12 1,542,897 ---hsc--- C:\WINDOWS\system32\yhxrmier.ini

2008-03-20 01:37 . 2008-03-21 01:38 1,539,734 ---hsc--- C:\WINDOWS\system32\axlwsfxg.ini

2008-03-18 17:15 . 2008-03-20 01:38 1,522,334 ---hsc--- C:\WINDOWS\system32\xokmdpso.ini

2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32

2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo!

2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 23:08 --------- dc----w C:\Program Files\Symantec AntiVirus

2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo!

2008-03-24 21:30 --------- dc----w C:\Program Files\Google

2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar

2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger

2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information

2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD13890-4053-435A-9ABF-432925B093D3}]

2008-03-24 06:22 212992 --a--c--- C:\WINDOWS\kdftlboewkf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCFBDF40-1737-4D50-BAF2-525D3BC925DF}]

C:\WINDOWS\system32\ssqno.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

"lptiifmw"="C:\WINDOWS\system32\orifcrcz.exe" [2008-03-24 10:43 114688]

"qpuawjsu"="C:\WINDOWS\system32\lkhqlejw.exe" [2008-03-25 00:10 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]

"NWEReboot"="" []

"NvCplDaemon"="NvQTwk" []

"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920]

Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"16HspacqHV"= C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378]

"dwnrpofk"= {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll [ ]

"vbgtorfd"= {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll [2008-03-24 06:22 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl]

pmnnlkl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]

C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]

R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45]

S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37]

S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]

S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25]

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-24 23:10:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-25 00:09:00

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll

-> C:\WINDOWS\vbgtorfd.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

.

**************************************************************************

.

Voltooingstijd: 2008-03-25 0:38:13 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-24 23:38:03

.

2008-03-21 02:32:08 --- E O F ---

  • Reacties 52
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:

Wat een bende "rotzooi" heb jij binnengehaald op je PC, zeg. Lang geleden dat ik nog zo'n hoopje besmetting op 1 PC heb gezien :s En dan heb je de kar nog even voor het paard gespannen door al onmiddellijk met Combofix te beginnen (al heeft dat al wel wat opgeruimd, maar uiteraard niet de onderliggende oorzaken aangepakt). Maar goed ... geen probleem.

Laten we hier even mee beginnen.Open een kladblokbestand. Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Documents and Settings\Dimitri\Bureaubladvirii

C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird. exe

C:\Documents and Settings\Dimitri\BureaubladFWebdEditor.exe

C:\Documents and Settings\Dimitri\Bureaubladfwebd.exe

C:\Documents and Settings\Dimitri\Bureaubladfkwp2.0.exe

C:\Documents and Settings\Dimitri\Bureaubladfkwp1.5.exe

C:\Documents and Settings\Dimitri\Bureaubladfilemanagerclient.exe

C:\Documents and Settings\Dimitri\BureaubladEditorFKWP2.0.exe

C:\Documents and Settings\Dimitri\BureaubladEditorFKWP1.5.exe

C:\Documents and Settings\All Users\Application Data\nemwdewf

C:\Documents and Settings\Paul\BureaubladTrojan.Win32.BlackBird.exe

C:\Documents and Settings\Paul\BureaubladFWebdEditor.exe

C:\Documents and Settings\Paul\Bureaubladfwebd.exe

C:\Documents and Settings\Paul\Bureaubladfkwp2.0.exe

C:\Documents and Settings\Paul\Bureaubladfkwp1.5.exe

C:\Documents and Settings\Paul\Bureaubladfilemanagerclient.exe

C:\Documents and Settings\Paul\BureaubladEditorFKWP2.0.exe

C:\Documents and Settings\Paul\BureaubladEditorFKWP1.5.exe

C:\WINDOWS\system32vbsys2.dll

C:\Documents and Settings\All Users\Application Data\ebcnqbgj

C:\WINDOWS\vbgtorfd.dll

C:\WINDOWS\kdftlboewkf.dll

C:\WINDOWS\system32\orifcrcz.exe

C:\WINDOWS\system32\yhxrmier.ini

C:\WINDOWS\system32\axlwsfxg.ini

C:\WINDOWS\system32\xokmdpso.ini

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal Combofix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Download VundoFix naar je bureaublad.

[*]Dubbelklik VundoFix.exe om het te starten.

[*]Klik op de Scan for Vundo knop.

[*]Eenmaal gedaan met scannen, klik op de Remove Vundo knop.

[*]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES

[*]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.

[*]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.

[*]Start je pc terug opnieuw op.

Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.

In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

Download HiJackThis, sla dit op in een eigen map en maak er een logje mee.

Maak nu opnieuw met Combofix een log. Hang dit laatste log, samen met een log van HiJackThis en Vundofix aan je volgend bericht.

Geplaatst:
voor jullie foute dingen gaan denken
"Foute dingen denken", daar doen we hier niet aan mee. Het was eerder uit verbazing dat het woordje "rotzooi" plots in mij opkwam, meer niet hoor :laugh:
Geplaatst:

Zou wel kunnen als je eerst die fix met Combofix hebt uitgevoerd. Hang dat logje van Vundo eens aan een berichtje. Log brengt wel duidelijkheid. Ga dan maar verder naar HiJackThis en Combofix.

Geplaatst:

Dat logje moet je vinden op je basispartitie dus bvb. C:\Vundofix.txt. Maar als het progje geen door Vundo besmette bestanden (meer) heeft ontdekt, zal dit normaal leeg zijn. Dan hoef je het ook niet te posten, natuurlijk.

Geplaatst:

ok alle twee gedaan

hier zijn de log files eerste is hijack dan combo

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:15:52, on 25/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\uhsxibsd.exe

C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe

C:\Program Files\DV Series\Console\Watch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {DCFBDF40-1737-4D50-BAF2-525D3BC925DF} - C:\WINDOWS\system32\ssqno.dll (file missing)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [lptiifmw] C:\WINDOWS\system32\orifcrcz.exe

O4 - HKCU\..\Run: [qpuawjsu] C:\WINDOWS\system32\lkhqlejw.exe

O4 - HKCU\..\Run: [wdvwdtpb] C:\WINDOWS\system32\ifefgfil.exe

O4 - HKCU\..\Run: [msnetraw] C:\WINDOWS\system32\uhsxibsd.exe

O4 - HKLM\..\Policies\Explorer\Run: [16HspacqHV] C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe

O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed001YYBE_ZNxdm119YYBE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766

O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132

O20 - Winlogon Notify: pmnnlkl - pmnnlkl.dll (file missing)

O21 - SSODL: RomUnknown - {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll

O21 - SSODL: dwnrpofk - {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll (file missing)

O21 - SSODL: vbgtorfd - {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 7795 bytes

ComboFix 08-03-24.1 - Paul 2008-03-25 14:18:03.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.172 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))

.

2008-03-25 12:50 . 2008-03-25 12:50 <DIR> d----c--- C:\VundoFix Backups

2008-03-25 12:38 . 2008-03-25 12:38 106,496 --a--c--- C:\WINDOWS\system32\uhsxibsd.exe

2008-03-25 11:43 . 2008-03-25 11:43 106,496 --a--c--- C:\WINDOWS\system32\ifefgfil.exe

2008-03-25 00:10 . 2008-03-25 00:10 94,208 --a--c--- C:\WINDOWS\system32\lkhqlejw.exe

2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro

2008-03-24 22:00 . 2008-03-24 22:30 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel

2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo!

2008-03-24 20:49 . 2008-03-24 20:49 <DIR> d----c--- C:\Documents and Settings\Dimitri\Bureaubladvirii

2008-03-24 20:49 . 2008-03-24 20:49 4,096 --a--c--- C:\Documents and Settings\Dimitri\BureaubladTrojan.Win32.BlackBird.exe

2008-03-24 20:48 . 2008-03-24 20:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nemwdewf

2008-03-24 19:35 . 2008-03-24 19:35 <DIR> d----c--- C:\Program Files\PC-Cleaner

2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Program Files\Inet Delivery

2008-03-24 10:45 . 2008-03-24 10:45 <DIR> d----c--- C:\Documents and Settings\Paul\Bureaubladvirii

2008-03-24 10:43 . 2008-03-24 10:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ebcnqbgj

2008-03-24 10:43 . 2008-03-24 06:22 98,304 --a--c--- C:\WINDOWS\norlatmx.exe

2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live

2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32

2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo!

2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 11:39 --------- dc----w C:\Program Files\Symantec AntiVirus

2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo!

2008-03-24 21:30 --------- dc----w C:\Program Files\Google

2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar

2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger

2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information

2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat

2006-02-19 02:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCFBDF40-1737-4D50-BAF2-525D3BC925DF}]

C:\WINDOWS\system32\ssqno.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

"lptiifmw"="C:\WINDOWS\system32\orifcrcz.exe" [ ]

"qpuawjsu"="C:\WINDOWS\system32\lkhqlejw.exe" [2008-03-25 00:10 94208]

"wdvwdtpb"="C:\WINDOWS\system32\ifefgfil.exe" [2008-03-25 11:43 106496]

"msnetraw"="C:\WINDOWS\system32\uhsxibsd.exe" [2008-03-25 12:38 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]

"NWEReboot"="" []

"NvCplDaemon"="NvQTwk" []

"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920]

Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"16HspacqHV"= C:\Documents and Settings\All Users\Application Data\ebcnqbgj\ajopifyx.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"RomUnknown"= {b989b1ee-a010-4226-9e36-1de85c2c006a} - C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll [2008-03-24 10:40 14378]

"dwnrpofk"= {3DDB1E8C-A180-4F58-946F-EBAABCD8974F} - C:\WINDOWS\dwnrpofk.dll [ ]

"vbgtorfd"= {A9E17830-1B45-47C1-AF9E-3081FBD5AEF6} - C:\WINDOWS\vbgtorfd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlkl]

pmnnlkl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]

C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]

R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45]

S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37]

S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]

S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25]

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-25 11:39:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-25 14:25:32

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\Installer\{b989b1ee-a010-4226-9e36-1de85c2c006a}\RomUnknown.dll

.

Voltooingstijd: 2008-03-25 14:29:35

ComboFix-quarantined-files.txt 2008-03-25 13:29:14

ComboFix2.txt 2008-03-25 11:21:46

ComboFix3.txt 2008-03-24 23:38:14

.

2008-03-21 02:32:08 --- E O F ---

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.