Vraag & Antwoord

Beveiliging & privacy

hier ook vundo virus!!!

16 antwoorden
  • heb alles gedaan fixvundo werkte niet,combofix wel en hijackthis maar weet nu niet wat ik moet verwijderen.ben al blij dat dit mij gelukt is. log combofix Windows" - 2007-06-02 10:39:28 Service Pack 2 [SAFE MODE] ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Windows\Bureaublad\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\fcebmedk.dll C:\WINDOWS\system32\xfnprrbn.dll C:\WINDOWS\system32\ljjhhfd.dll C:\WINDOWS\system32\yaccf.bak1 C:\WINDOWS\system32\yaccf.bak2 C:\WINDOWS\system32\yaccf.ini C:\WINDOWS\system32\nbrrpnfx.ini C:\WINDOWS\system32\yaccf.bak1 C:\WINDOWS\system32\yaccf.bak2 C:\WINDOWS\system32\yaccf.ini C:\WINDOWS\system32\fccay.dll C:\WINDOWS\system32\tuvtqrp.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 )))))))))))))))))))))))))))))))))) 2007-06-01 22:42 12,386,097 --------- C:\AVG7QT.DAT 2007-06-01 21:40 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Simply Super Software 2007-05-31 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-31 18:25 <DIR> d-------- C:\Program Files\Webroot 2007-05-31 18:25 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Webroot 2007-05-31 18:20 <DIR> d-------- C:\Program Files\Lavasoft 2007-05-31 18:20 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Lavasoft 2007-05-31 18:19 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-31 17:50 190,976 --a------ C:\Documents and Settings\Windows\ext.exe 2007-05-31 17:50 190,976 --a------ C:\DOCUME~1\Windows\ext.exe 2007-05-30 20:27 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Help 2007-05-30 20:16 14,868 --a------ C:\WINDOWS\system32\bffpumul.exe 2007-05-30 20:16 10,752 --a------ C:\WINDOWS\system32\j7251933.dll 2007-05-29 22:03 <DIR> d-------- C:\Program Files\AIDA32 - Enterprise System Information 2007-05-24 18:08 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Nokia Multimedia Player 2007-05-24 18:04 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Nokia 2007-05-24 18:04 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Datalayer 2007-05-24 18:03 <DIR> d-------- C:\Documents and Settings\Windows\Phone Browser 2007-05-24 18:03 <DIR> d-------- C:\DOCUME~1\Windows\Phone Browser 2007-05-24 18:02 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\PC Suite 2007-05-24 18:01 <DIR> d-------- C:\Program Files\Nokia 2007-05-24 18:01 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-05-24 18:01 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-05-08 22:04 <DIR> d-------- C:\WINDOWS\system32\appmgmt (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-02 04:37:14 -------- d-----w C:\Program Files\Microsoft AntiSpyware 2007-06-01 16:39:19 -------- d-----w C:\Program Files\Hitman Pro 2007-05-31 15:53:24 -------- d-----w C:\Program Files\MSN Messenger 2007-05-25 06:22:47 560 ----a-w C:\DOCUME~1\Windows\APPLIC~1\ViewerApp.dat 2007-05-24 16:01:21 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-02 17:35:01 54,464 ----a-w C:\WINDOWS\system32\perfc013.dat 2007-04-02 17:35:01 367,286 ----a-w C:\WINDOWS\system32\perfh013.dat 2007-03-17 13:45:54 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:10 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:10 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:10 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:59 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-06 08:33:05 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 22:12] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 01:03] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35] "SoundMan"="SOUNDMAN.EXE" [] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-01-30 21:13] "OmniaAXServer"="C:\Program Files\OmniaAX\OmniaSrv.exe" [] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-06 10:36] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 16:24] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WPI\WPI.hta ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-02 10:42:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-02 10:44:05 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-02 10:43 --- E O F --- log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 10:47:46, on 2-6-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Windows\Bureaublad\HijackThis.exe C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {A691251F-B07C-4167-9C36-C89121BD1A42} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [OmniaAXServer] C:\Program Files\OmniaAX\OmniaSrv.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: PrintScreen.lnk = C:\Program Files\Gadwin Systems\PrintScreen\UNWISE.EXE O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
  • Sluit alle open vensters. Start HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:cd63dc3655]O2 - BHO: (no name) - {A691251F-B07C-4167-9C36-C89121BD1A42} - (no file)[/b:cd63dc3655] Klik daarna op "Fix checked" en sluit HijackThis af. Opruiming van cookies en tijdelijke internetbestanden: Sluit alle open vensters van Internet Explorer. Ga naar het Configuratiescherm en dubbelklik op Internet-opties. Het venster "Eigenschappen voor Internet" voor internet zal openen. Ga naar het tabblad Algemeen. Klik op de knop Cookies verwijderen, en in het venster dat opent klik je op OK. Klik nu op de knop Bestanden verwijderen. In het venster dat opent vink je ook aan "Ook alle offline items verwijderen". Klik op de knop OK. Blokkeer ook nog de indirecte of third party cookies: Op het tabblad Privacy klik je op de knop geavanceerd. Plaats een vinkje bij "Automatische cookie-verwerking opheffen". Bij Directe cookies zorg je dat "Accepteren" aangeduid is. Bij Indirecte cookies kies je voor "Blokkeren". Klik op OK. Wanneer dit gebeurd is, sluit je het venster "Eigenschappen voor Internet". Opruiming van andere tijdelijke mappen en de prullenbak leegmaken: Ga naar Start, kies Uitvoeren en tik in: cleanmgr Druk daarna op OK en Schijfopruiming zal gestart worden. Indien je meerdere partities hebt kies je de partitie waarop Windows geïnstalleerd is. Laat nu je systeem scannen op bestanden die verwijderd kunnen worden. Wanneer het overzicht verschijnt zorg je dat enkel de volgende items aangevinkt zijn: - Tijdelijke internetbestanden - Prullenbak - Tijdelijke bestanden Klik daarna op OK. Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]Dr. Web CureIt[/url]. Plaats het op je bureaublad. [list:cd63dc3655] [*:cd63dc3655]Dubbelklik op [b:cd63dc3655]drweb-cureit.exe[/b:cd63dc3655] en sta het programma toe om de express scan te starten. Dit is slechts een korte scan die de bestanden scant die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt zal de vraag gesteld worden 'cure it?'. Klik dan op de knop 'Yes to all'. [*:cd63dc3655]Klik op de knop 'Select drives' en zorg dat alle drives geselecteerd zijn om te laten scannen. De drives die gescand gaan worden zijn voorzien van een rood bolletje. [*:cd63dc3655]Klik aan de rechterkant op de grote knop met de groene pijl om de scan te starten. [*:cd63dc3655]Wanneer een geïnfecteerd bestand gevonden wordt, wordt of de vraag gesteld 'Cure It?' of 'Move?'. Klik in beide gevalle dan op de knop 'Yes to all'. [*:cd63dc3655]Wanneer de scan klaar is, kijk je of je het volgende icoontje kan aanklikken Dit staat naast in de onderste helft van programmavenster, links van lijstje (venster) met de geïnfecteerde bestanden. [img:cd63dc3655]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:cd63dc3655] [*:cd63dc3655]Indien je dit kan aanklikken, klik je erop, en daarna klik je op het icoontje er net onder en kies je [b:cd63dc3655]Move incurable[/b:cd63dc3655]. [img:cd63dc3655]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:cd63dc3655] Dit zal de bestanden verplaatsen naar de map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. [*:cd63dc3655]Kies in het menu File van Dr. Web CureIt voor 'Save Report List' en sla het logje op, op je bureaublad. [*:cd63dc3655]Sluit het programma Dr. Web CureIt af. [*:cd63dc3655]Herstart de computer en post het logje. [/list:u:cd63dc3655]
  • hier het logje van dr web en de virusscan geeft aan dat hij verwijdert is fcebmedk.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted. xfnprrbn.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  • Maak een nieuwe log met combofix en post deze. Zijn er nog problemen?
  • hier de log van combofix Windows" - 2007-06-03 15:03:32 Service Pack 2 ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Windows\Bureaublad\" ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 )))))))))))))))))))))))))))))))))) 2007-06-03 10:48 <DIR> d-------- C:\Documents and Settings\Windows\Contacts 2007-06-03 10:48 <DIR> d-------- C:\DOCUME~1\Windows\Contacts 2007-06-03 10:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-06-03 10:47 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-03 08:40 <DIR> d-------- C:\Documents and Settings\Windows\DoctorWeb 2007-06-03 08:40 <DIR> d-------- C:\DOCUME~1\Windows\DoctorWeb 2007-06-03 08:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-06-02 10:44 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-01 22:42 12,386,097 --------- C:\AVG7QT.DAT 2007-06-01 21:40 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Simply Super Software 2007-05-31 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-31 18:25 <DIR> d-------- C:\Program Files\Webroot 2007-05-31 18:25 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Webroot 2007-05-31 18:20 <DIR> d-------- C:\Program Files\Lavasoft 2007-05-31 18:20 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Lavasoft 2007-05-31 18:19 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-31 17:50 190,976 --a------ C:\Documents and Settings\Windows\ext.exe 2007-05-31 17:50 190,976 --a------ C:\DOCUME~1\Windows\ext.exe 2007-05-30 20:27 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Help 2007-05-30 20:16 14,868 --a------ C:\WINDOWS\system32\bffpumul.exe 2007-05-30 20:16 10,752 --a------ C:\WINDOWS\system32\j7251933.dll 2007-05-29 22:03 <DIR> d-------- C:\Program Files\AIDA32 - Enterprise System Information 2007-05-24 18:08 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Nokia Multimedia Player 2007-05-24 18:04 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Nokia 2007-05-24 18:04 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\Datalayer 2007-05-24 18:03 <DIR> d-------- C:\Documents and Settings\Windows\Phone Browser 2007-05-24 18:03 <DIR> d-------- C:\DOCUME~1\Windows\Phone Browser 2007-05-24 18:02 <DIR> d-------- C:\DOCUME~1\Windows\APPLIC~1\PC Suite 2007-05-24 18:01 <DIR> d-------- C:\Program Files\Nokia 2007-05-24 18:01 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-05-24 18:01 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-05-08 22:04 <DIR> d-------- C:\WINDOWS\system32\appmgmt (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-03 13:03:25 -------- d-----w C:\Program Files\Microsoft AntiSpyware 2007-06-03 09:41:45 -------- d-----w C:\Program Files\MSN Messenger 2007-06-01 16:39:19 -------- d-----w C:\Program Files\Hitman Pro 2007-05-25 06:22:47 560 ----a-w C:\DOCUME~1\Windows\APPLIC~1\ViewerApp.dat 2007-05-24 16:01:21 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-02 17:35:01 54,464 ----a-w C:\WINDOWS\system32\perfc013.dat 2007-04-02 17:35:01 367,286 ----a-w C:\WINDOWS\system32\perfh013.dat 2007-03-17 13:45:54 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:10 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:10 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:10 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:59 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-06 08:33:05 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 22:12] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35] "SoundMan"="SOUNDMAN.EXE" [] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-01-30 21:13] "OmniaAXServer"="C:\Program Files\OmniaAX\OmniaSrv.exe" [] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 20:28] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-06 10:36] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 16:24] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WPI\WPI.hta *Newly Created Service* - ENTDRV51 *Newly Created Service* - FUTUREX ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-03 15:04:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-03 15:05:13 C:\ComboFix-quarantined-files.txt ... 2007-06-03 15:05 C:\ComboFix2.txt ... 2007-06-02 10:44 --- E O F ---
  • computer reageert wel weer normaal alvast bedankt voor je hulp
  • heb trouwens nog een probleem ,windows sluit af en toe uitzichzelf uit en start uit zichzelf direct weer op,dit is al wel een half jaartje zo.wat kan dat zijn!!!!
  • Ga naar deze website: http://www.virustotal.com/en/indexf.html Laat volgend bestandje scannen: C:\DOCUME~1\Windows\ext.exe Post het resultaat van de scan. Doe dit ook voor volgende bestanden: C:\WINDOWS\system32\bffpumul.exe C:\WINDOWS\system32\j7251933.dll Rechtsklik op "Deze computer". Kies Eigenschappen. Ga naar het tabblad Geavanceerd. Bij Opstart en herstelinstellingen klik je op "Instellingen". Haal het vinkje weg bij "De computer automatisch opnieuw starten". Plaats een vinkje bij "Een gebeurtenis in het systeemlogboek vastleggen". Bij foutopsporingsgevens vastleggen selecteer je "Geen". Klik op "Ok" en klik nog een keer op "Ok". Herstart de computer. Voortaan zal je als er iets gebeurt een BSOD (blauw scherm) krijgen met een foutcode (een stop code). Post de volledige en exacte foutcode.
  • VIRUS TOTAL ext.exe Antivirus Version Update Result AhnLab-V3 2007.5.31.2 06.01.2007 no virus found AntiVir 7.4.0.29 06.01.2007 Worm/Agent.A.223 Authentium 4.93.8 05.23.2007 no virus found Avast 4.7.997.0 06.01.2007 no virus found AVG 7.5.0.467 06.03.2007 I-Worm/Generic.BUT BitDefender 7.2 06.03.2007 Trojan.MSnBot.A CAT-QuickHeal 9.00 06.02.2007 (Suspicious) - DNAScan ClamAV devel-20070416 06.03.2007 no virus found DrWeb 4.33 06.03.2007 no virus found eSafe 7.0.15.0 06.03.2007 Win32.Agent.a eTrust-Vet 30.7.3688 06.03.2007 no virus found Ewido 4.0 06.03.2007 no virus found FileAdvisor 1 06.03.2007 no virus found Fortinet 2.85.0.0 06.02.2007 W32/Agent.A!worm.im F-Prot 4.3.2.48 06.01.2007 no virus found F-Secure 6.70.13030.0 06.03.2007 IM-Worm.Win32.Agent.a Ikarus T3.1.1.8 06.03.2007 IM-Worm.Win32.Licat.d Kaspersky 4.0.2.24 06.03.2007 IM-Worm.Win32.Agent.a McAfee 5044 06.01.2007 no virus found Microsoft 1.2503 06.03.2007 no virus found NOD32v2 2305 06.01.2007 no virus found Norman 5.80.02 06.01.2007 W32/Smallworm.XD Panda 9.0.0.4 06.03.2007 Suspicious file Prevx1 V2 06.03.2007 no virus found Sophos 4.18.0 06.01.2007 no virus found Sunbelt 2.2.907.0 05.30.2007 VIPRE.Suspicious Symantec 10 06.03.2007 no virus found TheHacker 6.1.6.128 05.31.2007 no virus found VBA32 3.12.0 06.02.2007 no virus found VirusBuster 4.3.23:9 06.03.2007 no virus found Webwasher-Gateway 6.0.1 06.03.2007 Worm.Agent.A.223
  • virustotal C:\WINDOWS\system32\bffpumul.exe Antivirus Version Update Result AhnLab-V3 2007.5.31.2 06.01.2007 no virus found AntiVir 7.4.0.29 06.01.2007 HEUR/Malware Authentium 4.93.8 05.23.2007 no virus found Avast 4.7.997.0 06.01.2007 no virus found AVG 7.5.0.467 06.03.2007 no virus found BitDefender 7.2 06.03.2007 no virus found CAT-QuickHeal 9.00 06.02.2007 no virus found ClamAV devel-20070416 06.03.2007 no virus found DrWeb 4.33 06.03.2007 no virus found eSafe 7.0.15.0 06.03.2007 no virus found eTrust-Vet 30.7.3688 06.03.2007 no virus found Ewido 4.0 06.03.2007 no virus found FileAdvisor 1 06.03.2007 no virus found Fortinet 2.85.0.0 06.02.2007 no virus found F-Prot 4.3.2.48 06.01.2007 no virus found F-Secure 6.70.13030.0 06.03.2007 no virus found Ikarus T3.1.1.8 06.03.2007 no virus found Kaspersky 4.0.2.24 06.03.2007 no virus found McAfee 5044 06.01.2007 no virus found Microsoft 1.2503 06.03.2007 no virus found NOD32v2 2305 06.01.2007 no virus found Norman 5.80.02 06.01.2007 no virus found Panda 9.0.0.4 06.03.2007 Suspicious file Prevx1 V2 06.03.2007 no virus found Sophos 4.18.0 06.01.2007 no virus found Sunbelt 2.2.907.0 05.30.2007 no virus found Symantec 10 06.03.2007 no virus found TheHacker 6.1.6.128 05.31.2007 no virus found VBA32 3.12.0 06.02.2007 no virus found VirusBuster 4.3.23:9 06.03.2007 no virus found Webwasher-Gateway 6.0.1 06.03.2007 Heuristic.Malware
  • virustotal van laatste bestand: Antivirus Version Update Result AhnLab-V3 2007.5.31.2 06.01.2007 no virus found AntiVir 7.4.0.29 06.01.2007 no virus found Authentium 4.93.8 05.23.2007 no virus found Avast 4.7.997.0 06.01.2007 no virus found AVG 7.5.0.467 06.03.2007 no virus found BitDefender 7.2 06.03.2007 no virus found CAT-QuickHeal 9.00 06.02.2007 no virus found ClamAV devel-20070416 06.03.2007 no virus found DrWeb 4.33 06.03.2007 no virus found eSafe 7.0.15.0 06.03.2007 no virus found eTrust-Vet 30.7.3688 06.03.2007 no virus found Ewido 4.0 06.03.2007 no virus found FileAdvisor 1 06.03.2007 no virus found Fortinet 2.85.0.0 06.02.2007 no virus found F-Prot 4.3.2.48 06.01.2007 no virus found F-Secure 6.70.13030.0 06.03.2007 no virus found Ikarus T3.1.1.8 06.03.2007 no virus found Kaspersky 4.0.2.24 06.03.2007 no virus found McAfee 5044 06.01.2007 no virus found Microsoft 1.2503 06.03.2007 no virus found NOD32v2 2305 06.01.2007 no virus found Norman 5.80.02 06.01.2007 no virus found Panda 9.0.0.4 06.03.2007 no virus found Prevx1 V2 06.03.2007 Polynomial.Code.Exploit Sophos 4.18.0 06.01.2007 no virus found Sunbelt 2.2.907.0 05.30.2007 no virus found Symantec 10 06.03.2007 no virus found TheHacker 6.1.6.128 05.31.2007 no virus found VBA32 3.12.0 06.02.2007 no virus found VirusBuster 4.3.23:9 06.03.2007 no virus found Webwasher-Gateway 6.0.1 06.03.2007 no virus found
  • Alle drie de bestandjes mag je verwijderen. Meldt of er nog problemen zijn.
  • heb de bestandjes verwijdert,tot nu toe nog geen problemen weer gehad.Alleen dan dat windows af en toe opnieuw opstart heb wel een code in systeemlog staan foutcode; 1000000a,parameter1:ffffff94,parameter2: 00000002,parameter3:00000000,parameter4: 804fed92.
  • en nogmaals bedankt m@rc!!
  • Post de exacte foutcode aub.
  • hoi m@rc heb het blauwe scherm gehad dit is wat ik in beeld krijg, IRQL_NOT_LESS_OR_EQUAL stop: 0x0000000A (0x00000018,0x0000000,0x804f6809) hoop dat je hier wat aan hebt!!!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.