Trojan.vundo

anoniem · 1 mei 2008

Ik heb gisteren tijdens het scannen van mijn pc een trojan.vundo gevonden in mijn system32 map. Ik heb het virus in quarantine laten plaatsen en vandaag naar nog meer gezocht. Ook kan ik mijn Taakbeheer niet opstarten. Op moment van schrijven ben ik aan het scannen met SUPERAntiSpyware en heb ik een hijackthis log gemaakt. Logfile of HijackThis v1.99.1 Scan saved at 11:53:56, on 1-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Documents and Settings\Admin\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\DAEMON Tools\daemon.exe C:\FILMS\FRAPS\FRAPS.EXE C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\tcntrkdm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\@Home veiligheid\AntiVirus\pavexsc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\limewire\limewire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Diversen\HijackThis.exe C:\WINDOWS\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Admin\svchost.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntrkdm.exe DWram O4 - HKLM\..\Run: [BM538ace70] Rundll32.exe "C:\WINDOWS\system32\pwfnpetw.dll",s O4 - HKLM\..\RunServices: [WatchDog] C:\Program Files\WatchDog\watchdog.exe /. O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Fraps] C:\FILMS\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntrkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe O4 - Startup: Xfire.lnk = C:\Spellen\Xfire\Xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{D6C97E62-F9EC-4C2D-A05B-CE1040177F03}: NameServer = 213.51.144.37,213.51.129.37 O17 - HKLM\System\CS1\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37 O17 - HKLM\System\CS2\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37 O17 - HKLM\System\CS3\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37 O17 - HKLM\System\CS4\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Zijn er fouten in mijn hijackthis logje, en moet ik naast SUPERAntiSpyware ook nog met een ander programma gaan scannen om van deze virus af te komen. Alvast bedankt.

anoniem · 1 mei 2008

Probeer eens de Vundo Fix: http://vundofix.atribune.org/ http://www.atribune.org/

anoniem · 1 mei 2008

Ok, nu ben ik ook mijn explorer.exe(taakbalk) kwijt. Is dat een gevolg van het virus of ligt dat ergens anders aan?

anoniem · 1 mei 2008

Ik heb gescand met VundoFix maar die heeft niks kunnen vinden.

anoniem · 1 mei 2008

Hallo Niek, Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het. Als het tooltje klaar is, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

anoniem · 1 mei 2008

Hierbij mijn logje van Combofix en hijackthis. "Admin" - 2008-05-01 14:30:41 Service Pack 2 [SAFE MODE] ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\Bureaublad\" ((((((((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))))) 2008-05-01 12:12 <DIR> d-------- C:\VundoFix Backups 2008-05-01 11:54 107,072 --a------ C:\WINDOWS\system32\ahmmqqae.dll 2008-05-01 11:53 107,072 --a------ C:\WINDOWS\system32\pwfnpetw.dll 2008-05-01 11:45 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe 2008-05-01 11:42 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Mijn documenten 2008-05-01 11:26 88,560 -ra------ C:\WINDOWS\system32\drivers\K320mgmt.sys 2008-04-30 23:49 283,136 --------- C:\WINDOWS\system32\qoMcdCTn.dll 2008-04-30 23:49 196,422 --ahs---- C:\WINDOWS\system32\nTCdcMoq.ini2 2008-04-30 23:44 0 --a------ C:\WINDOWS\system32\taskkill.exe 2008-04-30 23:44 <DIR> d--hs---- C:\DOCUME~1\Admin\! 2008-04-30 23:43 858 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-04-30 23:42 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-04-30 23:42 298,311 --a------ C:\WINDOWS\system32\gside.exe 2008-04-30 23:41 87,423 --a------ C:\Temp\oRUsa080.exe 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\pnVes05 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\jp7 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\dn4 2008-04-30 23:41 <DIR> d-------- C:\Temp\zvebs14 2008-04-30 23:41 <DIR> d-------- C:\Temp\1cb 2008-04-30 23:41 <DIR> d-------- C:\Temp 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-04-22 18:36 86,368 -ra------ C:\WINDOWS\system32\drivers\K320obex.sys 2008-04-22 14:58 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-04-20 15:45 97,056 -ra------ C:\WINDOWS\system32\drivers\K320mdm.sys 2008-04-20 15:45 9,328 -ra------ C:\WINDOWS\system32\drivers\K320mdfl.sys 2008-04-20 15:45 61,504 -ra------ C:\WINDOWS\system32\drivers\K320bus.sys 2008-04-20 15:45 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cmnt.sys 2008-04-20 15:45 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cm.sys 2008-04-20 15:45 5,840 -ra------ C:\WINDOWS\system32\drivers\K320whnt.sys 2008-04-20 15:45 5,840 -ra------ C:\WINDOWS\system32\drivers\K320wh.sys 2008-04-20 15:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Teleca 2008-04-20 15:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson 2008-04-20 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents 2008-04-20 15:39 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-04-20 15:39 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-04-20 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca 2008-04-20 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson 2008-04-10 14:53 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Leadertech 2008-04-02 17:50 <DIR> d-------- C:\Program Files\VideoLAN (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-05-01 09:45:09 -------- d-----w C:\Program Files\Hitman Pro 2008-05-01 09:35:16 -------- d-----w C:\Program Files\LimeWire 2008-05-01 09:28:30 -------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-30 21:32:26 -------- d-----w C:\Program Files\Windows Media Connect 2 2008-04-30 21:24:54 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Xfire 2008-04-30 17:57:13 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Bioshock 2008-04-29 12:14:35 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Azureus 2008-04-26 12:43:49 -------- d-----w C:\Program Files\Winamp Remote 2008-04-21 11:16:30 -------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-18 19:39:27 -------- d-----w C:\Program Files\Azureus 2008-04-14 13:45:19 -------- d-----w C:\Program Files\DivX 2008-04-12 16:34:50 83,854 ----a-w C:\WINDOWS\system32\perfc013.dat 2008-04-12 16:34:50 472,888 ----a-w C:\WINDOWS\system32\perfh013.dat 2008-04-10 09:35:32 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-04-10 09:35:32 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-04-02 15:52:55 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\vlc 2008-03-31 21:25:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 21:25:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25:46 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25:46 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25:46 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-21 20:30:12 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30:08 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28:52 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28:50 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28:50 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28:50 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28:20 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:10:47 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-21 02:05:38 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-02-21 02:05:38 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05:38 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-20 06:51:59 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}=C:\WINDOWS\system32\ahmmqqae.dll [2008-05-01 11:54] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {759C858E-85A7-416A-B9F1-68A6F750DF4E}=C:\WINDOWS\system32\qoMcdCTn.dll [2008-04-30 23:49] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42] "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41] "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "BM538ace70"="C:\WINDOWS\system32\pwfnpetw.dll" [2008-05-01 11:53] "50b9fdec"="C:\WINDOWS\system32\icwnfkvc.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16] "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /. [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispCPL"=0 (0x0) "DisableCMD"=0 (0x0) "DisableLockWorkstation"=0 (0x0) "DisableChangePassword"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoLogOff"=0 (0x0) "NoStartMenuSubFolders"=0 (0x0) "NoSetTaskBar"=0 (0x0) "NoSetFolders"=0 (0x0) "NoRecentDocsMenu"=0 (0x0) "NoSMHelp"=0 (0x0) "NoNetworkConnections"=0 (0x0) "NoSMMyDocs"=0 (0x0) "NoSetActiveDesktop"=0 (0x0) "NoActiveDesktopChanges"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoClose"=0 (0x0) "NoNetConnectDisconnect"=0 (0x0) "NoTrayContextMenu"=0 (0x0) "NoViewContextMenu"=0 (0x0) "NoWinKeys"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 C:\WINDOWS\system32\qoMcdCTn [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk] path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag] C:\Documents and Settings\All Users\Application Data\Global seek 2 up\knobnew.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom] C:\DOCUME~1\Admin\APPLIC~1\INSIDE~1\idle grid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched] C:\WINDOWS\system32\tcntrkdm.exe DWram [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] rundll32.exe "C:\WINDOWS\system32\qsjklxbg.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Spellen\Counterstrike Source\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\WatchDog\watchdog.exe /. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "C:\Program Files\Save\Save.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}] c:\windows\system32\rwwnw64d.exe DWram ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 14:40:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2008-05-01 14:49:21 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2008-05-01 14:49 C:\ComboFix2.txt ... 2007-05-22 21:36 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 14:54:18, on 1-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\Diversen\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [BM538ace70] Rundll32.exe "C:\WINDOWS\system32\pwfnpetw.dll",s O4 - HKLM\..\Run: [50b9fdec] rundll32.exe "C:\WINDOWS\system32\icwnfkvc.dll",b O4 - HKLM\..\RunServices: [WatchDog] C:\Program Files\WatchDog\watchdog.exe /. O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Fraps] C:\FILMS\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Xfire.lnk = C:\Spellen\Xfire\Xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{D6C97E62-F9EC-4C2D-A05B-CE1040177F03}: NameServer = 213.51.144.37,213.51.129.37 O17 - HKLM\System\CS1\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37 O17 - HKLM\System\CS2\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37 O17 - HKLM\System\CS3\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37 O17 - HKLM\System\CS4\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Alleen heb ik nog een probleem gevonden. SUPERAntiSpyware had een paar bestanden in windows/system aangemerkt als virussen, en sinsdien is het voor mij NIET mogelijk om de pc normaal op te starten. Ik krijg een blauw scherm met opdrachten te zien een seconde ofzo, en dan start mijn pc automatisch op. Ik heb beide logs gemaakt in veilige modus.

anoniem · 1 mei 2008

Open een kladblokbestand. Kopieer de ondestaande code, en plak deze in het kladblokbestand. Sla het kladblokbestand op als CFScript.txt [code:1:2be0038e52]File:: C:\WINDOWS\system32\ahmmqqae.dll C:\WINDOWS\system32\pwfnpetw.dll C:\WINDOWS\system32\qoMcdCTn.dll C:\WINDOWS\system32\nTCdcMoq.ini2 C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\gside.exe C:\Temp\oRUsa080.exe Folder:: C:\VundoFix Backups C:\Temp\zvebs14 C:\Temp\1cb Folderlook:: C:\DOCUME~1\Admin\! Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{759C858E-85A7-416A-B9F1-68A6F750DF4E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "50b9fdec"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}] [/code:1:2be0038e52] Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe [img:2be0038e52]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:2be0038e52] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

anoniem · 1 mei 2008

Hierbij het nieuwe Combofix logje. "Admin" - 2008-05-01 15:14:16 Service Pack 2 [SAFE MODE] ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\" Command switches used :: ""C:\Documents and Settings\Admin\Bureaublad\CFScript.txt"" ((((((((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))))) 2008-05-01 12:12 <DIR> d-------- C:\VundoFix Backups 2008-05-01 11:54 107,072 --a------ C:\WINDOWS\system32\ahmmqqae.dll 2008-05-01 11:53 107,072 --a------ C:\WINDOWS\system32\pwfnpetw.dll 2008-05-01 11:45 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe 2008-05-01 11:42 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Mijn documenten 2008-05-01 11:26 88,560 -ra------ C:\WINDOWS\system32\drivers\K320mgmt.sys 2008-04-30 23:49 283,136 --------- C:\WINDOWS\system32\qoMcdCTn.dll 2008-04-30 23:49 197,311 --ahs---- C:\WINDOWS\system32\nTCdcMoq.ini2 2008-04-30 23:44 0 --a------ C:\WINDOWS\system32\taskkill.exe 2008-04-30 23:44 <DIR> d--hs---- C:\DOCUME~1\Admin\! 2008-04-30 23:43 858 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-04-30 23:42 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-04-30 23:42 298,311 --a------ C:\WINDOWS\system32\gside.exe 2008-04-30 23:41 87,423 --a------ C:\Temp\oRUsa080.exe 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\pnVes05 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\jp7 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\dn4 2008-04-30 23:41 <DIR> d-------- C:\Temp\zvebs14 2008-04-30 23:41 <DIR> d-------- C:\Temp\1cb 2008-04-30 23:41 <DIR> d-------- C:\Temp 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-04-22 18:36 86,368 -ra------ C:\WINDOWS\system32\drivers\K320obex.sys 2008-04-22 14:58 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-04-20 15:45 97,056 -ra------ C:\WINDOWS\system32\drivers\K320mdm.sys 2008-04-20 15:45 9,328 -ra------ C:\WINDOWS\system32\drivers\K320mdfl.sys 2008-04-20 15:45 61,504 -ra------ C:\WINDOWS\system32\drivers\K320bus.sys 2008-04-20 15:45 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cmnt.sys 2008-04-20 15:45 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cm.sys 2008-04-20 15:45 5,840 -ra------ C:\WINDOWS\system32\drivers\K320whnt.sys 2008-04-20 15:45 5,840 -ra------ C:\WINDOWS\system32\drivers\K320wh.sys 2008-04-20 15:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Teleca 2008-04-20 15:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson 2008-04-20 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents 2008-04-20 15:39 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-04-20 15:39 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-04-20 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca 2008-04-20 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson 2008-04-10 14:53 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Leadertech 2008-04-02 17:50 <DIR> d-------- C:\Program Files\VideoLAN (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-05-01 09:45:09 -------- d-----w C:\Program Files\Hitman Pro 2008-05-01 09:28:30 -------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-30 21:32:26 -------- d-----w C:\Program Files\Windows Media Connect 2 2008-04-30 21:24:54 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Xfire 2008-04-30 17:57:13 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Bioshock 2008-04-29 12:14:35 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Azureus 2008-04-26 12:43:49 -------- d-----w C:\Program Files\Winamp Remote 2008-04-21 11:16:30 -------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-18 19:39:27 -------- d-----w C:\Program Files\Azureus 2008-04-14 13:45:19 -------- d-----w C:\Program Files\DivX 2008-04-12 16:34:50 83,854 ----a-w C:\WINDOWS\system32\perfc013.dat 2008-04-12 16:34:50 472,888 ----a-w C:\WINDOWS\system32\perfh013.dat 2008-04-10 09:35:32 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-04-10 09:35:32 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-04-02 15:52:55 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\vlc 2008-03-31 21:25:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 21:25:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25:46 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25:46 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25:46 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-21 20:30:12 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30:08 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28:52 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28:50 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28:50 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28:50 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28:20 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:10:47 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-21 02:05:38 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-02-21 02:05:38 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05:38 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-20 06:51:59 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}=C:\WINDOWS\system32\ahmmqqae.dll [2008-05-01 11:54] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {759C858E-85A7-416A-B9F1-68A6F750DF4E}=C:\WINDOWS\system32\qoMcdCTn.dll [2008-04-30 23:49] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42] "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41] "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "BM538ace70"="C:\WINDOWS\system32\pwfnpetw.dll" [2008-05-01 11:53] "50b9fdec"="C:\WINDOWS\system32\icwnfkvc.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16] "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /. [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispCPL"=0 (0x0) "DisableCMD"=0 (0x0) "DisableLockWorkstation"=0 (0x0) "DisableChangePassword"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoLogOff"=0 (0x0) "NoStartMenuSubFolders"=0 (0x0) "NoSetTaskBar"=0 (0x0) "NoSetFolders"=0 (0x0) "NoRecentDocsMenu"=0 (0x0) "NoSMHelp"=0 (0x0) "NoNetworkConnections"=0 (0x0) "NoSMMyDocs"=0 (0x0) "NoSetActiveDesktop"=0 (0x0) "NoActiveDesktopChanges"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoClose"=0 (0x0) "NoNetConnectDisconnect"=0 (0x0) "NoTrayContextMenu"=0 (0x0) "NoViewContextMenu"=0 (0x0) "NoWinKeys"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 C:\WINDOWS\system32\qoMcdCTn [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk] path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag] C:\Documents and Settings\All Users\Application Data\Global seek 2 up\knobnew.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom] C:\DOCUME~1\Admin\APPLIC~1\INSIDE~1\idle grid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched] C:\WINDOWS\system32\tcntrkdm.exe DWram [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] rundll32.exe "C:\WINDOWS\system32\qsjklxbg.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Spellen\Counterstrike Source\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\WatchDog\watchdog.exe /. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "C:\Program Files\Save\Save.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}] c:\windows\system32\rwwnw64d.exe DWram ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 15:16:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2008-05-01 15:21:48 C:\ComboFix-quarantined-files.txt ... 2008-05-01 15:21 C:\ComboFix2.txt ... 2008-05-01 14:49 C:\ComboFix3.txt ... 2007-05-22 21:36 --- E O F ---

anoniem · 1 mei 2008

De instructies met CFscript zijn niet gelukt. Probeer nog een keer. Loopt er iets mis meldt het me dan.

anoniem · 1 mei 2008

Ik heb het opnieuw geprobeerd. Als het niet gewerkt heeft is het mogelijk dat die het dan wel doet na het opnieuw opstarten van de pc. "Admin" - 2008-05-01 15:30:06 Service Pack 2 [SAFE MODE] ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\" Command switches used :: ""C:\Documents and Settings\Admin\Bureaublad\CFScript.txt"" ((((((((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))))) 2008-05-01 12:12 <DIR> d-------- C:\VundoFix Backups 2008-05-01 11:54 107,072 --a------ C:\WINDOWS\system32\ahmmqqae.dll 2008-05-01 11:53 107,072 --a------ C:\WINDOWS\system32\pwfnpetw.dll 2008-05-01 11:45 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe 2008-05-01 11:42 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Mijn documenten 2008-05-01 11:26 88,560 -ra------ C:\WINDOWS\system32\drivers\K320mgmt.sys 2008-04-30 23:49 283,136 --------- C:\WINDOWS\system32\qoMcdCTn.dll 2008-04-30 23:49 197,887 --ahs---- C:\WINDOWS\system32\nTCdcMoq.ini2 2008-04-30 23:44 0 --a------ C:\WINDOWS\system32\taskkill.exe 2008-04-30 23:44 <DIR> d--hs---- C:\DOCUME~1\Admin\! 2008-04-30 23:43 858 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-04-30 23:42 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-04-30 23:42 298,311 --a------ C:\WINDOWS\system32\gside.exe 2008-04-30 23:41 87,423 --a------ C:\Temp\oRUsa080.exe 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\pnVes05 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\jp7 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\dn4 2008-04-30 23:41 <DIR> d-------- C:\Temp\zvebs14 2008-04-30 23:41 <DIR> d-------- C:\Temp\1cb 2008-04-30 23:41 <DIR> d-------- C:\Temp 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-04-22 18:36 86,368 -ra------ C:\WINDOWS\system32\drivers\K320obex.sys 2008-04-22 14:58 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-04-20 15:45 97,056 -ra------ C:\WINDOWS\system32\drivers\K320mdm.sys 2008-04-20 15:45 9,328 -ra------ C:\WINDOWS\system32\drivers\K320mdfl.sys 2008-04-20 15:45 61,504 -ra------ C:\WINDOWS\system32\drivers\K320bus.sys 2008-04-20 15:45 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cmnt.sys 2008-04-20 15:45 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cm.sys 2008-04-20 15:45 5,840 -ra------ C:\WINDOWS\system32\drivers\K320whnt.sys 2008-04-20 15:45 5,840 -ra------ C:\WINDOWS\system32\drivers\K320wh.sys 2008-04-20 15:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Teleca 2008-04-20 15:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson 2008-04-20 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents 2008-04-20 15:39 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-04-20 15:39 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-04-20 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca 2008-04-20 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson 2008-04-10 14:53 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Leadertech 2008-04-02 17:50 <DIR> d-------- C:\Program Files\VideoLAN (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-05-01 09:45:09 -------- d-----w C:\Program Files\Hitman Pro 2008-05-01 09:28:30 -------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-30 21:32:26 -------- d-----w C:\Program Files\Windows Media Connect 2 2008-04-30 21:24:54 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Xfire 2008-04-30 17:57:13 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Bioshock 2008-04-29 12:14:35 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Azureus 2008-04-26 12:43:49 -------- d-----w C:\Program Files\Winamp Remote 2008-04-21 11:16:30 -------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-18 19:39:27 -------- d-----w C:\Program Files\Azureus 2008-04-14 13:45:19 -------- d-----w C:\Program Files\DivX 2008-04-12 16:34:50 83,854 ----a-w C:\WINDOWS\system32\perfc013.dat 2008-04-12 16:34:50 472,888 ----a-w C:\WINDOWS\system32\perfh013.dat 2008-04-10 09:35:32 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-04-10 09:35:32 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-04-02 15:52:55 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\vlc 2008-03-31 21:25:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 21:25:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25:46 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25:46 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25:46 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-21 20:30:12 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30:08 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28:52 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28:50 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28:50 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28:50 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28:20 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:10:47 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-21 02:05:38 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-02-21 02:05:38 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05:38 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-20 06:51:59 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}=C:\WINDOWS\system32\ahmmqqae.dll [2008-05-01 11:54] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {759C858E-85A7-416A-B9F1-68A6F750DF4E}=C:\WINDOWS\system32\qoMcdCTn.dll [2008-04-30 23:49] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42] "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41] "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "BM538ace70"="C:\WINDOWS\system32\pwfnpetw.dll" [2008-05-01 11:53] "50b9fdec"="C:\WINDOWS\system32\icwnfkvc.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16] "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /. [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispCPL"=0 (0x0) "DisableCMD"=0 (0x0) "DisableLockWorkstation"=0 (0x0) "DisableChangePassword"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoLogOff"=0 (0x0) "NoStartMenuSubFolders"=0 (0x0) "NoSetTaskBar"=0 (0x0) "NoSetFolders"=0 (0x0) "NoRecentDocsMenu"=0 (0x0) "NoSMHelp"=0 (0x0) "NoNetworkConnections"=0 (0x0) "NoSMMyDocs"=0 (0x0) "NoSetActiveDesktop"=0 (0x0) "NoActiveDesktopChanges"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoClose"=0 (0x0) "NoNetConnectDisconnect"=0 (0x0) "NoTrayContextMenu"=0 (0x0) "NoViewContextMenu"=0 (0x0) "NoWinKeys"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 C:\WINDOWS\system32\qoMcdCTn [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk] path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag] C:\Documents and Settings\All Users\Application Data\Global seek 2 up\knobnew.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom] C:\DOCUME~1\Admin\APPLIC~1\INSIDE~1\idle grid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched] C:\WINDOWS\system32\tcntrkdm.exe DWram [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] rundll32.exe "C:\WINDOWS\system32\qsjklxbg.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Spellen\Counterstrike Source\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\WatchDog\watchdog.exe /. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "C:\Program Files\Save\Save.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}] c:\windows\system32\rwwnw64d.exe DWram ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 15:31:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2008-05-01 15:37:02 C:\ComboFix-quarantined-files.txt ... 2008-05-01 15:37 C:\ComboFix2.txt ... 2008-05-01 15:21 C:\ComboFix3.txt ... 2008-05-01 14:49 --- E O F ---

anoniem · 1 mei 2008

Post even de inhoud van CFScript.txt hier.

anoniem · 1 mei 2008

File:: C:\WINDOWS\system32\ahmmqqae.dll C:\WINDOWS\system32\pwfnpetw.dll C:\WINDOWS\system32\qoMcdCTn.dll C:\WINDOWS\system32\nTCdcMoq.ini2 C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\gside.exe C:\Temp\oRUsa080.exe Folder:: C:\VundoFix Backups C:\Temp\zvebs14 C:\Temp\1cb Folderlook:: C:\DOCUME~1\Admin\! Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{759C858E-85A7-416A-B9F1-68A6F750DF4E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "50b9fdec"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}]

anoniem · 1 mei 2008

Dat is goed. Je moet dit bestandje gewoon in ComboFix slepen. ComboFix zal dan starten.

anoniem · 1 mei 2008

Dat heb ik gedaan. Ik zal het opnieuw proberen nadat ik mijn pc opnieuw opgestart heb.

anoniem · 1 mei 2008

Neen. Niet opnieuw opstarten. Geef aan wat er misloopt. Laat Combofix de computer niet herstarten?

anoniem · 1 mei 2008

Nadat combofix klaar is krijg ik alleen een melding van windows die ik ook krijg bij het opstarten van windows in veilige modus. Dan zegt combofix dat die de nieuwe log aanmaakt. Hij laat de pc inderdaad niet opnieuw opstarten.

anoniem · 1 mei 2008

Post de nieuwe log van ComboFix.

anoniem · 1 mei 2008

"Admin" - 2008-05-01 15:58:12 Service Pack 2 [SAFE MODE] ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\" Command switches used :: ""C:\Documents and Settings\Admin\Bureaublad\CFScript.txt"" ((((((((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))))) 2008-05-01 12:12 <DIR> d-------- C:\VundoFix Backups 2008-05-01 11:54 107,072 --a------ C:\WINDOWS\system32\ahmmqqae.dll 2008-05-01 11:53 107,072 --a------ C:\WINDOWS\system32\pwfnpetw.dll 2008-05-01 11:45 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe 2008-05-01 11:42 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Mijn documenten 2008-05-01 11:26 88,560 -ra------ C:\WINDOWS\system32\drivers\K320mgmt.sys 2008-04-30 23:49 283,136 --------- C:\WINDOWS\system32\qoMcdCTn.dll 2008-04-30 23:49 198,501 --ahs---- C:\WINDOWS\system32\nTCdcMoq.ini2 2008-04-30 23:44 0 --a------ C:\WINDOWS\system32\taskkill.exe 2008-04-30 23:44 <DIR> d--hs---- C:\DOCUME~1\Admin\! 2008-04-30 23:43 858 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-04-30 23:42 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-04-30 23:42 298,311 --a------ C:\WINDOWS\system32\gside.exe 2008-04-30 23:41 87,423 --a------ C:\Temp\oRUsa080.exe 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\pnVes05 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\jp7 2008-04-30 23:41 <DIR> d-------- C:\WINDOWS\system32\dn4 2008-04-30 23:41 <DIR> d-------- C:\Temp\zvebs14 2008-04-30 23:41 <DIR> d-------- C:\Temp\1cb 2008-04-30 23:41 <DIR> d-------- C:\Temp 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-04-22 18:36 86,368 -ra------ C:\WINDOWS\system32\drivers\K320obex.sys 2008-04-22 14:58 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-04-20 15:45 97,056 -ra------ C:\WINDOWS\system32\drivers\K320mdm.sys 2008-04-20 15:45 9,328 -ra------ C:\WINDOWS\system32\drivers\K320mdfl.sys 2008-04-20 15:45 61,504 -ra------ C:\WINDOWS\system32\drivers\K320bus.sys 2008-04-20 15:45 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cmnt.sys 2008-04-20 15:45 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cm.sys 2008-04-20 15:45 5,840 -ra------ C:\WINDOWS\system32\drivers\K320whnt.sys 2008-04-20 15:45 5,840 -ra------ C:\WINDOWS\system32\drivers\K320wh.sys 2008-04-20 15:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Teleca 2008-04-20 15:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson 2008-04-20 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents 2008-04-20 15:39 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-04-20 15:39 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-04-20 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca 2008-04-20 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson 2008-04-10 14:53 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Leadertech 2008-04-02 17:50 <DIR> d-------- C:\Program Files\VideoLAN (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-05-01 09:45:09 -------- d-----w C:\Program Files\Hitman Pro 2008-05-01 09:28:30 -------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-30 21:32:26 -------- d-----w C:\Program Files\Windows Media Connect 2 2008-04-30 21:24:54 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Xfire 2008-04-30 17:57:13 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Bioshock 2008-04-29 12:14:35 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Azureus 2008-04-26 12:43:49 -------- d-----w C:\Program Files\Winamp Remote 2008-04-21 11:16:30 -------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-18 19:39:27 -------- d-----w C:\Program Files\Azureus 2008-04-14 13:45:19 -------- d-----w C:\Program Files\DivX 2008-04-12 16:34:50 83,854 ----a-w C:\WINDOWS\system32\perfc013.dat 2008-04-12 16:34:50 472,888 ----a-w C:\WINDOWS\system32\perfh013.dat 2008-04-10 09:35:32 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-04-10 09:35:32 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-04-02 15:52:55 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\vlc 2008-03-31 21:25:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 21:25:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25:46 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25:46 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25:46 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-21 20:30:12 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30:08 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28:52 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28:50 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28:50 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28:50 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28:20 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:10:47 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-21 02:05:38 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-02-21 02:05:38 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05:38 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-20 06:51:59 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {0DBE9761-3CDC-4C0F-BB31-7AF8756CF594}=C:\WINDOWS\system32\qoMcdCTn.dll [2008-04-30 23:49] {3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}=C:\WINDOWS\system32\ahmmqqae.dll [2008-05-01 11:54] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42] "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41] "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "BM538ace70"="C:\WINDOWS\system32\pwfnpetw.dll" [2008-05-01 11:53] "50b9fdec"="C:\WINDOWS\system32\icwnfkvc.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16] "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /. [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispCPL"=0 (0x0) "DisableCMD"=0 (0x0) "DisableLockWorkstation"=0 (0x0) "DisableChangePassword"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoLogOff"=0 (0x0) "NoStartMenuSubFolders"=0 (0x0) "NoSetTaskBar"=0 (0x0) "NoSetFolders"=0 (0x0) "NoRecentDocsMenu"=0 (0x0) "NoSMHelp"=0 (0x0) "NoNetworkConnections"=0 (0x0) "NoSMMyDocs"=0 (0x0) "NoSetActiveDesktop"=0 (0x0) "NoActiveDesktopChanges"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoClose"=0 (0x0) "NoNetConnectDisconnect"=0 (0x0) "NoTrayContextMenu"=0 (0x0) "NoViewContextMenu"=0 (0x0) "NoWinKeys"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 C:\WINDOWS\system32\qoMcdCTn [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk] path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag] C:\Documents and Settings\All Users\Application Data\Global seek 2 up\knobnew.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom] C:\DOCUME~1\Admin\APPLIC~1\INSIDE~1\idle grid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched] C:\WINDOWS\system32\tcntrkdm.exe DWram [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] rundll32.exe "C:\WINDOWS\system32\qsjklxbg.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Spellen\Counterstrike Source\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\WatchDog\watchdog.exe /. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "C:\Program Files\Save\Save.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}] c:\windows\system32\rwwnw64d.exe DWram ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 16:04:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2008-05-01 16:09:22 C:\ComboFix-quarantined-files.txt ... 2008-05-01 16:09 C:\ComboFix2.txt ... 2008-05-01 15:37 C:\ComboFix3.txt ... 2008-05-01 15:21 --- E O F ---

anoniem · 1 mei 2008

Kan je starten in gewone windows modus en dan de instructies uitvoeren Niek? Of lukt dat niet?

anoniem · 1 mei 2008

Ik zal het proberen, tot nu toe gaat mijn pc bij het opstarten van windows normaal na het laadscherm van windows naar een blauw scherm en start opnieuw op waarin ik kan kiezen of ik veilige modus of normaal wil opstarten.

anoniem · 1 mei 2008

Post de foutmelding die je krijgt anders ook even.

Trojan.vundo

Vraag

Link naar reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

72 antwoorden op deze vraag

Aanbevolen berichten

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Populaire leden

Leden

Recente topics