Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojan dumaru en bargain buddy

gerben
1 antwoord
  • beste Juisterr, bedankt voor de tip, hier volgt het log van Combofix:
    [code:1:de3b52cfec]Ederveen - 06-12-21 22:41:14,46 Service Pack 2
    ComboFix 06.11.27 - Running from: "D:\kees"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-21 to 2006-12-21 ))))))))))))))))))))))))))))))))))


    2006-12-21 21:33 <DIR> d——– C:\Program Files\Lavasoft
    2006-12-20 16:11 <DIR> d——– C:\Program Files\XoftSpySE
    2006-12-20 14:57 78,336 –a—— C:\WINDOWS\system32\drivers\ssi.sys
    2006-12-20 14:57 102,912 –a—— C:\WINDOWS\system32\islzma.dll
    2006-12-20 14:57 <DIR> d——– C:\Program Files\Webroot
    2006-12-20 14:57 <DIR> d——– C:\Documents and Settings\Ederveen\Application Data\Webroot
    2006-12-20 14:56 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2006-12-20 14:56 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2006-12-20 14:55 <DIR> d——– C:\Program Files\SpywareBlaster
    2006-12-20 14:43 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2006-12-20 14:43 <DIR> d——– C:\Program Files\Hitman Pro
    2006-12-19 17:40 <DIR> d——– C:\Program Files\SPYWAREfighter
    2006-12-19 17:40 <DIR> d——– C:\Program Files\Common Files\Application
    2006-12-19 17:07 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2006-12-19 17:07 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2006-12-19 17:07 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2006-12-19 17:07 <DIR> d——– C:\Program Files\Spyware Doctor
    2006-12-19 17:07 <DIR> d——– C:\Documents and Settings\Ederveen\Application Data\PC Tools
    2006-12-10 16:49 <DIR> d——– C:\Program Files\Mozart9
    2006-12-10 16:49 <DIR> d——– C:\Documents and Settings\Ederveen\Application Data\Mozart 9
    2006-11-27 15:52 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-21 22:32 ——– d——– C:\Documents and Settings\Ederveen\Application Data\Azureus
    2006-12-21 21:34 ——– d——– C:\Documents and Settings\Ederveen\Application Data\Lavasoft
    2006-12-19 17:40 ——– d——– C:\Program Files\Common Files
    2006-12-18 02:14 ——– d——– C:\Program Files\Outlook Express
    2006-12-18 02:14 ——– d——– C:\Program Files\Internet Explorer
    2006-12-18 02:14 ——– d——– C:\Program Files\Common Files\System
    2006-12-11 20:37 9116 –a—— C:\Documents and Settings\Ederveen\Application Data\ViewerApp.dat
    2006-12-10 12:44 ——– d——– C:\Documents and Settings\Ederveen\Application Data\AdobeUM
    2006-12-07 07:40 2362184 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-11-28 20:34 ——– d——– C:\Program Files\WinTV
    2006-11-26 12:39 3194880 –a—— C:\Program Files\TooltaskforceWmoversie2_6c.mdb
    2006-11-16 22:08 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-11-16 22:06 ——– d——– C:\Program Files\Creative
    2006-11-15 22:56 ——– d——– C:\Program Files\MSXML 4.0
    2006-11-13 11:18 ——– d——– C:\Program Files\Java
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-11-02 15:57 ——– d——– C:\Program Files\EasyStart
    2006-11-01 14:39 ——– d——– C:\Program Files\EasyGPS
    2006-10-28 20:17 ——– d——– C:\Program Files\Google
    2006-10-22 14:46 ——– d——– C:\Documents and Settings\Ederveen\Application Data\Google
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
    2006-10-13 13:41 65536 –a—— C:\WINDOWS\system32
    wwks.dll
    2006-10-13 13:41 64000 –a—— C:\WINDOWS\system32
    wapi32.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32
    wprovau.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
    "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\
    bj.exe\""
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
    "OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
    "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "Norton"="C:\\Program Files\\ASUS\\WLAN Card Utilities\\NorExec.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "Nokia Tray Application"="C:\\Program Files\\Common Files\\Nokia\\NCLTools\\NclTray.exe"
    "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~2\\LAUNCH~1.EXE -onlytray"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
    "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
    "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
    "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
    "spywarefighterguard"="C:\\Program Files\\SPYWAREfighter\\spftray.exe"
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\vtigerCRM Email Reminder.job
    C:\WINDOWS\tasks\vtigerCRM Notification Scheduler.job
    C:\WINDOWS\tasks\XoftSpySE.job

    Completion time: 06-12-21 22:45:14.60
    C:\ComboFix.txt … 06-12-21 22:45
    [/code:1:de3b52cfec]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.