Ga naar inhoud

[OPGELOST] malware en fout


Aanbevolen berichten

Ik heb een paar dagen geleden Zone alarm verwijderd zodat ik frost wire kon opstraten. Maar nu zit heel mijn pc vol met malware en er komt ook een fout op (zie afbeelding) en als ik op oke klik dan krijg ik een blauw scherm maar ik kan alles nog opstarten met ctrl+alt+delete. Kan iemand mij helpen AUB.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:54, on 2008-05-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MPK\MPK.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Network Monitor\netmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe

C:\WINDOWS\Fonts\svchost.exe

C:\windows\system32\jnwnw64j.exe

C:\Documents and Settings\Hilde\lsass.exe

C:\WINDOWS\System32\Rundll32.exe

C:\WINDOWS\mrofinu1000106.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\DeskSlide\DeskSlide.exe

C:\Program Files\Ares\Ares.exe

C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe

C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\DeskPins\DeskPins.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\rcntokdm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Index

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe,

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [{75-51-1E-EC-DW}] C:\windows\system32\jnwnw64j.exe DWram

O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Hilde\lsass.exe

O4 - HKLM\..\Run: [{a3d56726-30ce-a965-f54d-f1ce632803b0}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" DllInit

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rcntokdm.exe DWram

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [50175143] rundll32.exe "C:\WINDOWS\system32\qelcyffu.dll",b

O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\starter.exe

O4 - HKLM\..\Run: [bM532462df] Rundll32.exe "C:\WINDOWS\system32\vmacoeqk.dll",s

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [surfAccuracy] C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe

O4 - HKCU\..\Run: [ReJf5vH] C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe

O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background

O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntokdm.exe

O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64j.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

--

End of file - 12151 bytes

post-1991-1417703750,382_thumb.png

Link naar reactie
Delen op andere sites

  • Reacties 50
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Hoi Filkill,

Mooie verzameling op je pc, en doe dit even maar.

1. Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.

  • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware' en Start Malwarebytes' Anti-Malware' Klik daarna op Voltooien.
  • Kies in het hoofdscherm voor de tab Scanner en selecteer het keuzerondje Snelle Scan.
  • Druk op de knop Scan en zorg dat al je harde schijven/partities aangevinkt staan.
  • Druk dan op de knop Start Scan.
  • Het scannen kan een tijdje duren,dus wees geduldig.
  • Wanneer de scan voltooid is klik OK, daarna Bekijk Resultaten om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is daarna klik: Verwijder Selectie.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  • De log wordt automatisch bewaard door MBAM die je kan zien door de 'Logs tab' te klikken in MBAM.
  • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

Extra Nota:

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

2. Na herstart van je PC volg deze instructies om Combofix te downloaden :

  • Voer de instructies op de BleepingComputer pagina uit inclusief het installeren van de XP Recovery Console
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.
    OPMERKING: indien je tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

    Plaats deze log in je volgende post, samen met een vers HijackThis logje.

Succes

Xeno :)

Link naar reactie
Delen op andere sites

Hoi Filkill,

Dat heeft te maken met IE6, want normaliter is het gebruikelijk dat IE7 bij een gebruiker aanwezig is, even negeren en verder gaan, ik zet je wel ten gepaste tijde op het goede spoor.

Groetjes,

Xeno :)

Link naar reactie
Delen op andere sites

Hier de Mal ware bytes log

Malwarebytes' Anti-Malware 1.12

Database versie: 722

Scan type: Snelle Scan

Objecten gescand: 57931

Verstreken tijd: 20 minute(s), 9 second(s)

Geheugenprocessen geïnfecteerd: 6

Geheugenmodulen geïnfecteerd: 7

Registersleutels geïnfecteerd: 65

Registerwaarden geïnfecteerd: 13

Registerdata bestanden geïnfecteerd: 2

Mappen geïnfecteerd: 12

Bestanden geïnfecteerd: 87

Geheugenprocessen geïnfecteerd:

c:\WINDOWS\vmfuiehldwnrzwxvbsatifdpbgxlbxm\command.exe (AdWare.CommAd) -> Failed to unload process.

c:\program files\network monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.

c:\documents and settings\Hilde\application data\surfaccuracy\SAcc.exe (Adware.SurfAccuracy) -> Unloaded process successfully.

C:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\Hilde\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\Fonts\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

c:\WINDOWS\vmfuiehldwnrzwxvbsatifdpbgxlbxm\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully.

c:\program files\dbar\deskbar.dll (Adware.SoftMate) -> Unloaded module successfully.

C:\WINDOWS\system32\qelcyffu.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\rqRHaBTn.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll (Trojan.Agent) -> Unloaded module successfully.

C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll (Trojan.Agent) -> Unloaded module successfully.

C:\WINDOWS\system32\pmnmligf.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21606823-066f-4b23-8f4a-0732f1fd5110} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{21606823-066f-4b23-8f4a-0732f1fd5110} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ysb.ysbobj (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ysb.ysbobj.1 (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{17d2f050-5fdf-11dc-8314-0800200c9a66} (Adware.Surfaccuracy) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{17d2f050-5fdf-11dc-8314-0800200c9a66} (Adware.Surfaccuracy) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sacc (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{180c4481-85e4-af57-5e4a-08be179fe565} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{180c4481-85e4-af57-5e4a-08be179fe565} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7a7ed042-3d33-1fcb-267b-4e225470861e} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{7a7ed042-3d33-1fcb-267b-4e225470861e} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8a81846f-eede-58fb-b3fe-2ba4b0f6bc50} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a81846f-eede-58fb-b3fe-2ba4b0f6bc50} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\IST (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Delete on reboot.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmligf (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SurfAccuracy (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50175143 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdater (Trojan.StartPage) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WebSUpdater (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{a3d56726-30ce-a965-f54d-f1ce632803b0} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM532462df (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LSA Shellu (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrhabtn -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrhabtn -> Delete on reboot.

Mappen geïnfecteerd:

C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Program Files\YourSiteBar (Trojan.Istbar) -> Quarantined and deleted successfully.

C:\Program Files\dbar (Adware.SoftMate) -> Delete on reboot.

C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\temp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\SurfAccuracy (Adware.SurfAccuracy) -> Delete on reboot.

C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04} (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\WINDOWS\vmfuiehldwnrzwxvbsatifdpbgxlbxm\asappsrv.dll (AdWare.CommAd) -> Delete on reboot.

c:\program files\dbar\deskbar.dll (Adware.SoftMate) -> Delete on reboot.

c:\WINDOWS\vmfuiehldwnrzwxvbsatifdpbgxlbxm\command.exe (AdWare.CommAd) -> Delete on reboot.

c:\program files\network monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

c:\documents and settings\Hilde\application data\surfaccuracy\SAcc.exe (Adware.SurfAccuracy) -> Delete on reboot.

C:\WINDOWS\system32\qelcyffu.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\uffycleq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRHaBTn.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\nTBaHRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nTBaHRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\winvi\update.exe (Trojan.StartPage) -> Quarantined and deleted successfully.

C:\Program Files\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\YourSiteBar\ysb.dll (Adware.ISTBar) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\components\ffcomponent.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\26JLXBLJ\ffcomponent.prod.v1000001.09fev2007.dll[1].d30d4a1b47483ec718ea41c66a8491c8 (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\4JNREWD9\SAccRecover.prod.v1010.07dec2007.exe[1].48dd164426fe89f486bd77dca80a8c43 (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\9X42SVLR\installer[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\EF2F656V\SAcc.prod.v1220.13dec2007.exe[1].941e71a18d8d5612567662f2a6c404bc (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\O5WPA7SL\istdownload[1].exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\UL0JYTM5\uninstaller.prod.v1009.06dec2007.exe[1].3e103a4cb5984103f7e11bb78d12e81f (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Bureaublad\setup.exe (Adware.YourSiteBar) -> Quarantined and deleted successfully.

C:\Program Files\YourSiteBar\imagemap_normal.bmp (Trojan.Istbar) -> Quarantined and deleted successfully.

C:\Program Files\YourSiteBar\imagemap_over.bmp (Trojan.Istbar) -> Quarantined and deleted successfully.

C:\Program Files\YourSiteBar\version.txt (Trojan.Istbar) -> Quarantined and deleted successfully.

C:\Program Files\YourSiteBar\yoursitebar.xml (Trojan.Istbar) -> Quarantined and deleted successfully.

C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\winvi\temp\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\License.lnk (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAccU.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\mrofinu1000106.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vmacoeqk.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\rcntokdm.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\a.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\svchost.exe (Worm.IRCBot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ddcATKEV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnmligf.dll (Trojan.Vundo) -> Delete on reboot.

C:\Documents and Settings\Hilde\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites

Hier het logje:

======C:\WINDOWS====

----a-w 876 2008-03-27 19:09:01 C:\WINDOWS\$_hpcst$.hpc

----a-w 0 2008-05-23 14:27:52 C:\WINDOWS\0.log

----a-w 81,920 2008-04-28 10:41:13 C:\WINDOWS\ALCFDRTM.VER

----a-w 8,080 2008-05-14 17:10:55 C:\WINDOWS\Applian FLV Player Setup Log.txt

----a-w 17,504 2008-04-06 16:09:50 C:\WINDOWS\apulymewu.ban

----a-w 20,278 2008-05-22 18:22:32 C:\WINDOWS\BM532462df.txt

----a-w 109,875 2008-05-22 18:06:57 C:\WINDOWS\BM532462df.xml

--s-a-w 2,048 2008-05-23 14:27:06 C:\WINDOWS\bootstat.dat

----a-w 1,431 2008-05-09 15:27:33 C:\WINDOWS\cmgt_z.ini

----a-w 205,910 2009-04-15 03:06:11 C:\WINDOWS\comsetup.log

----a-w 128,883 2009-04-14 20:29:52 C:\WINDOWS\DirectX.log

----a-w 35,514 2009-04-15 03:06:31 C:\WINDOWS\DPINST.LOG

----a-w 12,590 2008-04-16 10:51:45 C:\WINDOWS\ecoj.bat

----a-w 530 2008-03-23 19:29:12 C:\WINDOWS\eReg.dat

----a-w 574,777 2009-04-15 03:06:10 C:\WINDOWS\FaxSetup.log

----a-w 14,547 2008-04-06 16:09:50 C:\WINDOWS\gatuxece.scr

----a-w 52 2008-05-09 15:18:21 C:\WINDOWS\GunzLauncher.INI

----a-w 965 2008-05-14 14:35:18 C:\WINDOWS\IE4 Error Log.txt

----a-w 14,214 2008-03-22 18:04:12 C:\WINDOWS\ifacix._sy

----a-w 14,488 2008-03-17 15:03:41 C:\WINDOWS\ifixahu.reg

----a-w 666,955 2009-04-15 03:06:11 C:\WINDOWS\iis6.log

----a-w 1,374 2009-04-15 03:06:11 C:\WINDOWS\imsins.log

----a-w 16,224 2008-04-06 16:09:50 C:\WINDOWS\iraqukuq.dat

----a-w 14,299 2008-04-16 10:51:45 C:\WINDOWS\ixotewabys.sys

----a-w 12,991 2008-04-16 10:51:45 C:\WINDOWS\izaketuvyz.exe

----a-w 12,327 2008-04-06 16:09:50 C:\WINDOWS\jonos.exe

----a-w 86 2009-04-15 03:06:32 C:\WINDOWS\KE.log

----a-w 179 2009-04-15 03:07:29 C:\WINDOWS\LDM.log

----a-w 36 2008-03-27 19:15:52 C:\WINDOWS\lnpth.lnf

----a-w 40,456 2009-04-15 03:06:10 C:\WINDOWS\MedCtrOC.log

----a-w 29,160 2009-04-15 03:06:10 C:\WINDOWS\msgsocm.log

----a-w 185,032 2009-04-15 03:06:05 C:\WINDOWS\msmqinst.log

----a-w 18,520 2008-05-15 06:42:22 C:\WINDOWS\My Video Downloader Setup Log.txt

----a-w 69 2008-05-06 10:29:05 C:\WINDOWS\NeroDigital.ini

----a-w 101,852 2009-04-15 03:06:10 C:\WINDOWS\netfxocm.log

----a-w 15,870 2008-04-06 16:09:50 C:\WINDOWS\nigegyvaj.ban

----a-w 123,204 2009-04-15 03:06:11 C:\WINDOWS\ntdtcsetup.log

----a-w 282,861 2009-04-15 03:06:10 C:\WINDOWS\ocgen.log

----a-w 36,094 2009-04-15 03:06:11 C:\WINDOWS\ocmsn.log

----a-w 18,040 2008-04-06 16:09:50 C:\WINDOWS\oqoli.lib

----a-w 173 2009-04-15 03:07:03 C:\WINDOWS\ot.log

----a-w 15,019 2008-03-17 15:03:41 C:\WINDOWS\pihaher.db

----a-w 10 2008-04-01 23:30:24 C:\WINDOWS\popcinfo.dat

----a-w 22 2008-05-22 17:43:00 C:\WINDOWS\pskt.ini

----a-w 1,409 2008-04-10 06:13:48 C:\WINDOWS\QTFont.for

---ha-w 54,156 2008-05-23 14:27:25 C:\WINDOWS\QTFont.qfn

----a-w 14,550 2008-04-16 10:51:45 C:\WINDOWS\reqewaqo.ban

----a-w 40 2008-04-10 19:10:07 C:\WINDOWS\RSoftInfo.dat

----a-w 32,632 2008-05-22 19:46:08 C:\WINDOWS\SchedLgU.Txt

----a-w 202,370 2009-04-15 03:12:46 C:\WINDOWS\setupact.log

----a-w 647,933 2008-04-23 12:21:30 C:\WINDOWS\setupapi.log

----a-w 10,826 2008-04-06 16:09:50 C:\WINDOWS\sevuge.dat

----a-w 227 2008-04-05 19:01:43 C:\WINDOWS\system.ini

----a-w 29,553 2009-04-15 03:06:11 C:\WINDOWS\tabletoc.log

----a-w 268,668 2009-04-15 03:06:11 C:\WINDOWS\tsoc.log

----a-w 18,620 2008-03-22 18:04:12 C:\WINDOWS\umurogygyt.exe

----a-w 11,466 2008-03-17 15:03:41 C:\WINDOWS\unitylysow.dll

----a-w 13,673 2008-03-17 15:03:41 C:\WINDOWS\uxidute._sy

----a-w 18,308 2008-03-22 18:04:12 C:\WINDOWS\vemydudy.bat

----a-w 4,663 2009-04-15 03:06:11 C:\WINDOWS\Wdf01005Inst.log

----a-w 159 2008-05-23 14:27:33 C:\WINDOWS\wiadebug.log

----a-w 49 2008-05-23 14:27:30 C:\WINDOWS\wiaservc.log

----a-w 768 2008-04-17 18:15:07 C:\WINDOWS\win.ini

----a-w 1,400,826 2008-05-22 19:46:06 C:\WINDOWS\WindowsUpdate.log

----a-w 92,340 2008-05-10 20:42:24 C:\WINDOWS\wmsetup.log

----a-w 12,786 2008-03-17 15:03:41 C:\WINDOWS\ycevigu.ban

----a-w 16,775 2008-03-17 15:03:41 C:\WINDOWS\ylavetequ.dll

----a-w 15,581 2008-04-16 10:51:45 C:\WINDOWS\yxiraza._sy

Entries: 68 (66)

Directories: 0 Files: 68

Bytes: 5,703,713 Blocks: 11,174

======C:\WINDOWS\system32=====

----a-w 16,644 2008-04-06 16:09:50 C:\WINDOWS\System32\ahebysora.lib

----a-w 687,592 2008-05-22 19:38:22 C:\WINDOWS\System32\atmtd.dll

----a-w 687,592 2008-05-22 19:38:22 C:\WINDOWS\System32\atmtd.dll._

----a-w 15 2008-05-22 14:32:11 C:\WINDOWS\System32\clkcnt.txt

----a-w 98,304 2008-03-31 10:08:55 C:\WINDOWS\System32\CmdLineExt.dll

----a-w 385,608 2008-05-16 07:46:52 C:\WINDOWS\System32\FNTCACHE.DAT

----a-w 401,977 2008-05-22 06:15:22 C:\WINDOWS\System32\g50.exe

----a-w 298,317 2008-05-22 14:29:23 C:\WINDOWS\System32\gside.exe

----a-w 12,484 2008-04-16 10:51:45 C:\WINDOWS\System32\ifyzede.bin

----a-w 18,357 2008-04-06 16:09:50 C:\WINDOWS\System32\ihog.sys

----a-w 49,193 2008-05-22 06:38:32 C:\WINDOWS\System32\jnwnw64j.exe

----a-w 6,300 2008-04-25 19:24:43 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log

----a-w 12,065 2008-03-17 15:03:41 C:\WINDOWS\System32\kivajala.sys

----a-w 16,757 2008-04-16 10:51:45 C:\WINDOWS\System32\kovyse.bin

----a-w 147 2008-05-23 14:27:59 C:\WINDOWS\System32\msnav32.ax

----a-w 64,508 2008-04-22 14:39:37 C:\WINDOWS\System32\perfc009.dat

----a-w 84,506 2008-04-22 14:39:37 C:\WINDOWS\System32\perfc013.dat

----a-w 409,368 2008-04-22 14:39:37 C:\WINDOWS\System32\perfh009.dat

----a-w 475,102 2008-04-22 14:39:37 C:\WINDOWS\System32\perfh013.dat

----a-w 1,041,278 2008-04-22 14:39:37 C:\WINDOWS\System32\PerfStringBackup.INI

------w 28,672 2008-05-22 19:35:08 C:\WINDOWS\System32\pmnmligf.dll

------w 93,184 2008-05-22 19:35:06 C:\WINDOWS\System32\qelcyffu.dll

------w 200,770 2008-05-22 19:35:08 C:\WINDOWS\System32\rcntokdm.exe

------w 376,832 2008-05-22 19:35:06 C:\WINDOWS\System32\rqRHaBTn.dll

----a-w 587 2008-05-01 19:20:24 C:\WINDOWS\System32\runrefog.lnk

----a-w 49,210 2008-05-22 19:38:10 C:\WINDOWS\System32\rwwnw64d.exe

----a-w 2,560 2008-05-22 06:26:05 C:\WINDOWS\System32\tayaxhix.exe

----a-w 16,817 2008-04-16 10:51:45 C:\WINDOWS\System32\tuhag.vbs

----a-w 147,456 2008-05-21 11:30:31 C:\WINDOWS\System32\vbzip10.dll

------w 109,056 2008-05-22 19:35:08 C:\WINDOWS\System32\vmacoeqk.dll

----a-w 861 2008-05-22 06:15:44 C:\WINDOWS\System32\winpfz33.sys

----a-w 2,206 2008-05-23 14:28:15 C:\WINDOWS\System32\wpa.dbl

---h--w 4,212 2008-05-21 10:30:17 C:\WINDOWS\System32\zllictbl.dat

------w 439,808 2008-05-22 19:35:08 C:\WINDOWS\System32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll

----a-w 330,752 2008-05-05 16:24:34 C:\WINDOWS\System32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll

----a-w 63,902 2008-05-23 14:28:10 C:\WINDOWS\System32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe

Entries: 36 (35)

Directories: 0 Files: 36

Bytes: 6,632,999 Blocks: 12,969

======C:\WINDOWS\system32\drivers=====

--sha-w 35,874,080 2008-05-21 11:12:09 C:\WINDOWS\System32\drivers\fidbox.dat

--sha-w 481,532 2008-05-21 11:12:09 C:\WINDOWS\System32\drivers\fidbox.idx

--sha-w 2,254,624 2008-05-21 11:12:10 C:\WINDOWS\System32\drivers\fidbox2.dat

--sha-w 212,444 2008-05-21 11:12:10 C:\WINDOWS\System32\drivers\fidbox2.idx

----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys

----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys

---ha-w 0 2009-04-15 03:06:13 C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

---ha-w 0 2009-04-15 03:06:18 C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

Entries: 8 (2)

Directories: 0 Files: 8

Bytes: 38,865,592 Blocks: 75,911

=======C:\Program Files=====

----a-w 10 2008-05-21 11:27:09 C:\Program Files\.autoreg

----a-w 0 2008-03-26 11:56:55 C:\Program Files\temp01

Entries: 2 (2)

Directories: 0 Files: 2

Bytes: 10 Blocks: 1

=======C:=====

----a-w 57 2008-04-19 18:21:08 C:\Avi2Dvd_Log.txt

--sh--w 211 2008-04-05 19:01:43 C:\boot.ini

----a-w 277 2008-03-22 16:35:05 C:\debugInstaller.txt

--sha-w 1,610,612,736 2008-05-23 14:27:03 C:\pagefile.sys

----a-w 512 2009-04-14 07:25:42 C:\ScanSectorLog.dat

----a-w 216 2008-05-13 19:02:08 C:\temp.txt

Entries: 6 (4)

Directories: 0 Files: 6

Bytes: 1,610,614,009 Blocks: 3,145,733

======C:\Documents and Settings\Hilde\Application Data======

----a-w 14,969 2008-03-22 18:04:12 C:\Documents and Settings\Hilde\Application Data\bojovisime.lib

----a-w 14,312 2008-04-16 10:51:45 C:\Documents and Settings\Hilde\Application Data\inuj.bin

----a-w 11,505 2008-04-16 10:51:45 C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin

----a-w 17,115 2008-04-06 16:09:50 C:\Documents and Settings\Hilde\Application Data\keqy.inf

----a-w 13,170 2008-03-22 18:04:11 C:\Documents and Settings\Hilde\Application Data\ledu.db

----a-w 13,907 2008-04-06 16:09:50 C:\Documents and Settings\Hilde\Application Data\lyzy.dll

----a-w 14,545 2008-03-17 15:03:41 C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll

----a-w 15,319 2008-03-22 18:04:11 C:\Documents and Settings\Hilde\Application Data\qakimatet.dl

----a-w 15,829 2008-03-17 15:03:41 C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin

----a-w 15,603 2008-03-17 15:03:41 C:\Documents and Settings\Hilde\Application Data\ukytyvy.ban

----a-w 19,478 2008-04-16 10:51:45 C:\Documents and Settings\Hilde\Application Data\wocox.lib

Entries: 11 (11)

Directories: 0 Files: 11

Bytes: 165,752 Blocks: 329

======C:\Temp======

----a-w 175,653 2008-05-13 19:07:23 C:\Temp\clip0001.mp4

----a-w 300 2008-03-18 16:52:22 C:\Temp\debug.txt

Entries: 2 (2)

Directories: 0 Files: 2

Bytes: 175,953 Blocks: 345

======C:\Documents and Settings\Hilde======

---ha-w 5,767,168 2008-05-22 19:46:11 C:\Documents and Settings\Hilde\NTUSER.DAT

---ha-w 192,512 2008-05-23 18:17:32 C:\Documents and Settings\Hilde\NTUSER.DAT.LOG

--sh--w 188 2008-05-22 19:46:06 C:\Documents and Settings\Hilde\ntuser.ini

Entries: 3 (0)

Directories: 0 Files: 3

Bytes: 5,959,868 Blocks: 11,641

======C:\WINDOWS\Downloaded Program Files====

Entries: 0 (0)

Directories: 0 Files: 0

Bytes: 0 Blocks: 0

=============

En wat bedoel je met En hierna mag je ook eens praten met H..de.

Link naar reactie
Delen op andere sites

Hoi Filkill,

Open een kladblokbestand.

Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF

IF EXIST log.txt DEL log.txt

ECHO Deleting files>>log.txt

FOR %%g in (

C:\WINDOWS\System32\atmtd.dll

C:\WINDOWS\System32\atmtd.dll._

C:\WINDOWS\System32\g50.exe

C:\WINDOWS\System32\gside.exe

C:\WINDOWS\System32\jnwnw64j.exe

C:\WINDOWS\System32\pmnmligf.dll

C:\WINDOWS\System32\qelcyffu.dll

C:\WINDOWS\System32\rcntokdm.exe

C:\WINDOWS\System32\rqRHaBTn.dll

C:\WINDOWS\System32\rwwnw64d.exe

C:\WINDOWS\System32\tayaxhix.exe

C:\WINDOWS\System32\vmacoeqk.dll) DO (

DEL /Q %%gPCH

IF EXIST %%g (

ATTRIB -r -s -h %%g

DEL %%g

REN %%g *PCH

IF EXIST %%gPCH (

ECHO renamed to %%gPCH>>log.txt)

IF EXIST %%g (

ECHO %%g not deleted>>log.txt

) ELSE (

ECHO %%g deleted>>log.txt)

) ELSE (

ECHO %%g not found>>log.txt))

START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.

Bij "Opslaan in" kies je: Bureaublad

Bij "Bestandsnaam" zet je: del.bat

Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).

Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Voer nu de instructie van Combofix uit.

Succes,

Xeno :)

Link naar reactie
Delen op andere sites

Hier de inhoud:

Deleting files

C:\WINDOWS\System32\atmtd.dll deleted

C:\WINDOWS\System32\atmtd.dll._ deleted

C:\WINDOWS\System32\g50.exe deleted

C:\WINDOWS\System32\gside.exe deleted

renamed to C:\WINDOWS\System32\jnwnw64j.exePCH

C:\WINDOWS\System32\jnwnw64j.exe deleted

C:\WINDOWS\System32\pmnmligf.dll deleted

C:\WINDOWS\System32\qelcyffu.dll deleted

C:\WINDOWS\System32\rcntokdm.exe deleted

C:\WINDOWS\System32\rqRHaBTn.dll deleted

C:\WINDOWS\System32\rwwnw64d.exe deleted

C:\WINDOWS\System32\tayaxhix.exe deleted

C:\WINDOWS\System32\vmacoeqk.dll deleted

Ps. Krijg ik nu geen foutmelding eer bij combofix?

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.