Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hier ook vundo virus!!!

M@rc
16 antwoorden
  • heb alles gedaan fixvundo werkte niet,combofix wel en hijackthis maar weet nu niet wat ik moet verwijderen.ben al blij dat dit mij gelukt is.

    log combofix

    Windows" - 2007-06-02 10:39:28 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Windows\Bureaublad\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\fcebmedk.dll
    C:\WINDOWS\system32\xfnprrbn.dll
    C:\WINDOWS\system32\ljjhhfd.dll
    C:\WINDOWS\system32\yaccf.bak1
    C:\WINDOWS\system32\yaccf.bak2
    C:\WINDOWS\system32\yaccf.ini
    C:\WINDOWS\system32
    brrpnfx.ini
    C:\WINDOWS\system32\yaccf.bak1
    C:\WINDOWS\system32\yaccf.bak2
    C:\WINDOWS\system32\yaccf.ini
    C:\WINDOWS\system32\fccay.dll
    C:\WINDOWS\system32\tuvtqrp.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))


    2007-06-01 22:42 12,386,097 ——— C:\AVG7QT.DAT
    2007-06-01 21:40 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Simply Super Software
    2007-05-31 18:43 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-05-31 18:25 <DIR> d——– C:\Program Files\Webroot
    2007-05-31 18:25 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Webroot
    2007-05-31 18:20 <DIR> d——– C:\Program Files\Lavasoft
    2007-05-31 18:20 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Lavasoft
    2007-05-31 18:19 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-05-31 17:50 190,976 –a—— C:\Documents and Settings\Windows\ext.exe
    2007-05-31 17:50 190,976 –a—— C:\DOCUME~1\Windows\ext.exe
    2007-05-30 20:27 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Help
    2007-05-30 20:16 14,868 –a—— C:\WINDOWS\system32\bffpumul.exe
    2007-05-30 20:16 10,752 –a—— C:\WINDOWS\system32\j7251933.dll
    2007-05-29 22:03 <DIR> d——– C:\Program Files\AIDA32 - Enterprise System Information
    2007-05-24 18:08 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Nokia Multimedia Player
    2007-05-24 18:04 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Nokia
    2007-05-24 18:04 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Datalayer
    2007-05-24 18:03 <DIR> d——– C:\Documents and Settings\Windows\Phone Browser
    2007-05-24 18:03 <DIR> d——– C:\DOCUME~1\Windows\Phone Browser
    2007-05-24 18:02 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\PC Suite
    2007-05-24 18:01 <DIR> d——– C:\Program Files\Nokia
    2007-05-24 18:01 <DIR> d——– C:\Program Files\Common Files\PCSuite
    2007-05-24 18:01 <DIR> d——– C:\Program Files\Common Files\Nokia
    2007-05-08 22:04 <DIR> d——– C:\WINDOWS\system32\appmgmt


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-02 04:37:14 ——– d—–w C:\Program Files\Microsoft AntiSpyware
    2007-06-01 16:39:19 ——– d—–w C:\Program Files\Hitman Pro
    2007-05-31 15:53:24 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-25 06:22:47 560 —-a-w C:\DOCUME~1\Windows\APPLIC~1\ViewerApp.dat
    2007-05-24 16:01:21 ——– d—–w C:\Program Files\Common Files\InstallShield
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-02 17:35:01 54,464 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-04-02 17:35:01 367,286 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-03-06 08:33:05 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 22:12]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 01:03]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48]
    "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
    "SoundMan"="SOUNDMAN.EXE" []
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" []
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-01-30 21:13]
    "OmniaAXServer"="C:\Program Files\OmniaAX\OmniaSrv.exe" []
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39]
    "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-06 10:36]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 16:24]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WPI\WPI.hta


    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-02 10:42:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-06-02 10:44:05 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-02 10:43

    — E O F —


    log hijackthis


    Logfile of HijackThis v1.99.1
    Scan saved at 10:47:46, on 2-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Documents and Settings\Windows\Bureaublad\HijackThis.exe
    C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
    C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {A691251F-B07C-4167-9C36-C89121BD1A42} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [OmniaAXServer] C:\Program Files\OmniaAX\OmniaSrv.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Startup: PrintScreen.lnk = C:\Program Files\Gadwin Systems\PrintScreen\UNWISE.EXE
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
  • Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:cd63dc3655]O2 - BHO: (no name) - {A691251F-B07C-4167-9C36-C89121BD1A42} - (no file)[/b:cd63dc3655]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Opruiming van cookies en tijdelijke internetbestanden:
    Sluit alle open vensters van Internet Explorer.
    Ga naar het Configuratiescherm en dubbelklik op Internet-opties.
    Het venster "Eigenschappen voor Internet" voor internet zal openen.
    Ga naar het tabblad Algemeen.
    Klik op de knop Cookies verwijderen, en in het venster dat opent klik je op OK.
    Klik nu op de knop Bestanden verwijderen.
    In het venster dat opent vink je ook aan "Ook alle offline items verwijderen".
    Klik op de knop OK.

    Blokkeer ook nog de indirecte of third party cookies:
    Op het tabblad Privacy klik je op de knop geavanceerd.
    Plaats een vinkje bij "Automatische cookie-verwerking opheffen".
    Bij Directe cookies zorg je dat "Accepteren" aangeduid is.
    Bij Indirecte cookies kies je voor "Blokkeren".
    Klik op OK.
    Wanneer dit gebeurd is, sluit je het venster "Eigenschappen voor Internet".

    Opruiming van andere tijdelijke mappen en de prullenbak leegmaken:
    Ga naar Start, kies Uitvoeren en tik in: cleanmgr
    Druk daarna op OK en Schijfopruiming zal gestart worden.
    Indien je meerdere partities hebt kies je de partitie waarop Windows geïnstalleerd is.
    Laat nu je systeem scannen op bestanden die verwijderd kunnen worden.
    Wanneer het overzicht verschijnt zorg je dat enkel de volgende items aangevinkt zijn:
    - Tijdelijke internetbestanden
    - Prullenbak
    - Tijdelijke bestanden
    Klik daarna op OK.


    Download Dr. Web CureIt.
    Plaats het op je bureaublad.
    [list:cd63dc3655]
    [*:cd63dc3655]Dubbelklik op [b:cd63dc3655]drweb-cureit.exe[/b:cd63dc3655] en sta het programma toe om de express scan te starten. Dit is slechts een korte scan die de bestanden scant die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt zal de vraag gesteld worden 'cure it?'. Klik dan op de knop 'Yes to all'.
    [*:cd63dc3655]Klik op de knop 'Select drives' en zorg dat alle drives geselecteerd zijn om te laten scannen. De drives die gescand gaan worden zijn voorzien van een rood bolletje.
    [*:cd63dc3655]Klik aan de rechterkant op de grote knop met de groene pijl om de scan te starten.
    [*:cd63dc3655]Wanneer een geïnfecteerd bestand gevonden wordt, wordt of de vraag gesteld 'Cure It?' of 'Move?'. Klik in beide gevalle dan op de knop 'Yes to all'.
    [*:cd63dc3655]Wanneer de scan klaar is, kijk je of je het volgende icoontje kan aanklikken Dit staat naast in de onderste helft van programmavenster, links van lijstje (venster) met de geïnfecteerde bestanden. [img:cd63dc3655]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:cd63dc3655]
    [*:cd63dc3655]Indien je dit kan aanklikken, klik je erop, en daarna klik je op het icoontje er net onder en kies je [b:cd63dc3655]Move incurable[/b:cd63dc3655].
    [img:cd63dc3655]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:cd63dc3655]
    Dit zal de bestanden verplaatsen naar de map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden.
    [*:cd63dc3655]Kies in het menu File van Dr. Web CureIt voor 'Save Report List' en sla het logje op, op je bureaublad.
    [*:cd63dc3655]Sluit het programma Dr. Web CureIt af.
    [*:cd63dc3655]Herstart de computer en post het logje.
    [/list:u:cd63dc3655]
  • hier het logje van dr web

    en de virusscan geeft aan dat hij verwijdert is



    fcebmedk.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
    xfnprrbn.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  • Maak een nieuwe log met combofix en post deze.

    Zijn er nog problemen?
  • hier de log van combofix



    Windows" - 2007-06-03 15:03:32 Service Pack 2
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Windows\Bureaublad\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))


    2007-06-03 10:48 <DIR> d——– C:\Documents and Settings\Windows\Contacts
    2007-06-03 10:48 <DIR> d——– C:\DOCUME~1\Windows\Contacts
    2007-06-03 10:47 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
    2007-06-03 10:47 <DIR> d——– C:\WINDOWS\LastGood
    2007-06-03 08:40 <DIR> d——– C:\Documents and Settings\Windows\DoctorWeb
    2007-06-03 08:40 <DIR> d——– C:\DOCUME~1\Windows\DoctorWeb
    2007-06-03 08:23 <DIR> d——– C:\WINDOWS\system32\LogFiles
    2007-06-02 10:44 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-01 22:42 12,386,097 ——— C:\AVG7QT.DAT
    2007-06-01 21:40 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Simply Super Software
    2007-05-31 18:43 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-05-31 18:25 <DIR> d——– C:\Program Files\Webroot
    2007-05-31 18:25 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Webroot
    2007-05-31 18:20 <DIR> d——– C:\Program Files\Lavasoft
    2007-05-31 18:20 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Lavasoft
    2007-05-31 18:19 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-05-31 17:50 190,976 –a—— C:\Documents and Settings\Windows\ext.exe
    2007-05-31 17:50 190,976 –a—— C:\DOCUME~1\Windows\ext.exe
    2007-05-30 20:27 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Help
    2007-05-30 20:16 14,868 –a—— C:\WINDOWS\system32\bffpumul.exe
    2007-05-30 20:16 10,752 –a—— C:\WINDOWS\system32\j7251933.dll
    2007-05-29 22:03 <DIR> d——– C:\Program Files\AIDA32 - Enterprise System Information
    2007-05-24 18:08 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Nokia Multimedia Player
    2007-05-24 18:04 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Nokia
    2007-05-24 18:04 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Datalayer
    2007-05-24 18:03 <DIR> d——– C:\Documents and Settings\Windows\Phone Browser
    2007-05-24 18:03 <DIR> d——– C:\DOCUME~1\Windows\Phone Browser
    2007-05-24 18:02 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\PC Suite
    2007-05-24 18:01 <DIR> d——– C:\Program Files\Nokia
    2007-05-24 18:01 <DIR> d——– C:\Program Files\Common Files\PCSuite
    2007-05-24 18:01 <DIR> d——– C:\Program Files\Common Files\Nokia
    2007-05-08 22:04 <DIR> d——– C:\WINDOWS\system32\appmgmt


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-03 13:03:25 ——– d—–w C:\Program Files\Microsoft AntiSpyware
    2007-06-03 09:41:45 ——– d—–w C:\Program Files\MSN Messenger
    2007-06-01 16:39:19 ——– d—–w C:\Program Files\Hitman Pro
    2007-05-25 06:22:47 560 —-a-w C:\DOCUME~1\Windows\APPLIC~1\ViewerApp.dat
    2007-05-24 16:01:21 ——– d—–w C:\Program Files\Common Files\InstallShield
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-02 17:35:01 54,464 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-04-02 17:35:01 367,286 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-03-06 08:33:05 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 22:12]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
    "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48]
    "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
    "SoundMan"="SOUNDMAN.EXE" []
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" []
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-01-30 21:13]
    "OmniaAXServer"="C:\Program Files\OmniaAX\OmniaSrv.exe" []
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39]
    "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 20:28]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-06 10:36]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 16:24]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WPI\WPI.hta

    *Newly Created Service* - ENTDRV51
    *Newly Created Service* - FUTUREX

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-03 15:04:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …





    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-06-03 15:05:13
    C:\ComboFix-quarantined-files.txt … 2007-06-03 15:05
    C:\ComboFix2.txt … 2007-06-02 10:44

    — E O F —
  • computer reageert wel weer normaal alvast bedankt voor je hulp
  • heb trouwens nog een probleem ,windows sluit af en toe uitzichzelf uit en start uit zichzelf direct weer op,dit is al wel een half jaartje zo.wat kan dat zijn!!!!
  • Ga naar deze website: http://www.virustotal.com/en/indexf.html
    Laat volgend bestandje scannen: C:\DOCUME~1\Windows\ext.exe
    Post het resultaat van de scan.

    Doe dit ook voor volgende bestanden:
    C:\WINDOWS\system32\bffpumul.exe
    C:\WINDOWS\system32\j7251933.dll


    Rechtsklik op "Deze computer".
    Kies Eigenschappen.
    Ga naar het tabblad Geavanceerd.
    Bij Opstart en herstelinstellingen klik je op "Instellingen".
    Haal het vinkje weg bij "De computer automatisch opnieuw starten".
    Plaats een vinkje bij "Een gebeurtenis in het systeemlogboek vastleggen".
    Bij foutopsporingsgevens vastleggen selecteer je "Geen".
    Klik op "Ok" en klik nog een keer op "Ok".
    Herstart de computer.

    Voortaan zal je als er iets gebeurt een BSOD (blauw scherm) krijgen met een foutcode (een stop code).
    Post de volledige en exacte foutcode.
  • VIRUS TOTAL ext.exe


    Antivirus Version Update Result
    AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
    AntiVir 7.4.0.29 06.01.2007 Worm/Agent.A.223
    Authentium 4.93.8 05.23.2007 no virus found
    Avast 4.7.997.0 06.01.2007 no virus found
    AVG 7.5.0.467 06.03.2007 I-Worm/Generic.BUT
    BitDefender 7.2 06.03.2007 Trojan.MSnBot.A
    CAT-QuickHeal 9.00 06.02.2007 (Suspicious) - DNAScan
    ClamAV devel-20070416 06.03.2007 no virus found
    DrWeb 4.33 06.03.2007 no virus found
    eSafe 7.0.15.0 06.03.2007 Win32.Agent.a
    eTrust-Vet 30.7.3688 06.03.2007 no virus found
    Ewido 4.0 06.03.2007 no virus found
    FileAdvisor 1 06.03.2007 no virus found
    Fortinet 2.85.0.0 06.02.2007 W32/Agent.A!worm.im
    F-Prot 4.3.2.48 06.01.2007 no virus found
    F-Secure 6.70.13030.0 06.03.2007 IM-Worm.Win32.Agent.a
    Ikarus T3.1.1.8 06.03.2007 IM-Worm.Win32.Licat.d
    Kaspersky 4.0.2.24 06.03.2007 IM-Worm.Win32.Agent.a
    McAfee 5044 06.01.2007 no virus found
    Microsoft 1.2503 06.03.2007 no virus found
    NOD32v2 2305 06.01.2007 no virus found
    Norman 5.80.02 06.01.2007 W32/Smallworm.XD
    Panda 9.0.0.4 06.03.2007 Suspicious file
    Prevx1 V2 06.03.2007 no virus found
    Sophos 4.18.0 06.01.2007 no virus found
    Sunbelt 2.2.907.0 05.30.2007 VIPRE.Suspicious
    Symantec 10 06.03.2007 no virus found
    TheHacker 6.1.6.128 05.31.2007 no virus found
    VBA32 3.12.0 06.02.2007 no virus found
    VirusBuster 4.3.23:9 06.03.2007 no virus found
    Webwasher-Gateway 6.0.1 06.03.2007 Worm.Agent.A.223
  • virustotal C:\WINDOWS\system32\bffpumul.exe


    Antivirus Version Update Result
    AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
    AntiVir 7.4.0.29 06.01.2007 HEUR/Malware
    Authentium 4.93.8 05.23.2007 no virus found
    Avast 4.7.997.0 06.01.2007 no virus found
    AVG 7.5.0.467 06.03.2007 no virus found
    BitDefender 7.2 06.03.2007 no virus found
    CAT-QuickHeal 9.00 06.02.2007 no virus found
    ClamAV devel-20070416 06.03.2007 no virus found
    DrWeb 4.33 06.03.2007 no virus found
    eSafe 7.0.15.0 06.03.2007 no virus found
    eTrust-Vet 30.7.3688 06.03.2007 no virus found
    Ewido 4.0 06.03.2007 no virus found
    FileAdvisor 1 06.03.2007 no virus found
    Fortinet 2.85.0.0 06.02.2007 no virus found
    F-Prot 4.3.2.48 06.01.2007 no virus found
    F-Secure 6.70.13030.0 06.03.2007 no virus found
    Ikarus T3.1.1.8 06.03.2007 no virus found
    Kaspersky 4.0.2.24 06.03.2007 no virus found
    McAfee 5044 06.01.2007 no virus found
    Microsoft 1.2503 06.03.2007 no virus found
    NOD32v2 2305 06.01.2007 no virus found
    Norman 5.80.02 06.01.2007 no virus found
    Panda 9.0.0.4 06.03.2007 Suspicious file
    Prevx1 V2 06.03.2007 no virus found
    Sophos 4.18.0 06.01.2007 no virus found
    Sunbelt 2.2.907.0 05.30.2007 no virus found
    Symantec 10 06.03.2007 no virus found
    TheHacker 6.1.6.128 05.31.2007 no virus found
    VBA32 3.12.0 06.02.2007 no virus found
    VirusBuster 4.3.23:9 06.03.2007 no virus found
    Webwasher-Gateway 6.0.1 06.03.2007 Heuristic.Malware
  • virustotal van laatste bestand:




    Antivirus Version Update Result
    AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
    AntiVir 7.4.0.29 06.01.2007 no virus found
    Authentium 4.93.8 05.23.2007 no virus found
    Avast 4.7.997.0 06.01.2007 no virus found
    AVG 7.5.0.467 06.03.2007 no virus found
    BitDefender 7.2 06.03.2007 no virus found
    CAT-QuickHeal 9.00 06.02.2007 no virus found
    ClamAV devel-20070416 06.03.2007 no virus found
    DrWeb 4.33 06.03.2007 no virus found
    eSafe 7.0.15.0 06.03.2007 no virus found
    eTrust-Vet 30.7.3688 06.03.2007 no virus found
    Ewido 4.0 06.03.2007 no virus found
    FileAdvisor 1 06.03.2007 no virus found
    Fortinet 2.85.0.0 06.02.2007 no virus found
    F-Prot 4.3.2.48 06.01.2007 no virus found
    F-Secure 6.70.13030.0 06.03.2007 no virus found
    Ikarus T3.1.1.8 06.03.2007 no virus found
    Kaspersky 4.0.2.24 06.03.2007 no virus found
    McAfee 5044 06.01.2007 no virus found
    Microsoft 1.2503 06.03.2007 no virus found
    NOD32v2 2305 06.01.2007 no virus found
    Norman 5.80.02 06.01.2007 no virus found
    Panda 9.0.0.4 06.03.2007 no virus found
    Prevx1 V2 06.03.2007 Polynomial.Code.Exploit
    Sophos 4.18.0 06.01.2007 no virus found
    Sunbelt 2.2.907.0 05.30.2007 no virus found
    Symantec 10 06.03.2007 no virus found
    TheHacker 6.1.6.128 05.31.2007 no virus found
    VBA32 3.12.0 06.02.2007 no virus found
    VirusBuster 4.3.23:9 06.03.2007 no virus found
    Webwasher-Gateway 6.0.1 06.03.2007 no virus found
  • Alle drie de bestandjes mag je verwijderen.
    Meldt of er nog problemen zijn.
  • heb de bestandjes verwijdert,tot nu toe nog geen problemen weer gehad.Alleen dan dat windows af en toe opnieuw opstart heb wel een code in systeemlog staan foutcode; 1000000a,parameter1:ffffff94,parameter2: 00000002,parameter3:00000000,parameter4: 804fed92.
  • en nogmaals bedankt m@rc!!
  • Post de exacte foutcode aub.
  • hoi m@rc heb het blauwe scherm gehad dit is wat ik in beeld krijg,

    IRQL_NOT_LESS_OR_EQUAL


    stop: 0x0000000A (0x00000018,0x0000000,0x804f6809)


    hoop dat je hier wat aan hebt!!!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.