Vraag & Antwoord

Beveiliging & privacy

Hardnekkige Trojan

3 antwoorden
  • Gegroet, een tijdje terug (lees:3 dagen) heb ik een dubieus programma geopend waarbij ik niet zo over heb nagedacht over de gevolgen, sindsdien is het erg slecht gesteld met mijn computer. Er komen meldingen vanuit mijn taakbalk dat mijn PC geinfecteerd is, er zijn casino/dating/etc icoontjes op mijn Bureaublad, en ik krijg telkens foutmeldingen van iexplore.exe(terwijl ik IE echt nooit gebruik). Bovendien kan ik op bijna geen enkele site meer komen zonder constant op F5 te drukken, en al mijn bookmarks zijn ook verdwenen (In Firefox dus) Ik heb zelf al erg veel geprobeerd; msconfig, ad-aware, virusscan, Trojanhunter, de bestanden die in Taskmanager stonden zelf verwijderen, allemaal zonder effect, de bestanden blijven terugkomen. Ik werk met Windows XP SP1. Hierbij een HJTL: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:18:30, on 3-12-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Xfire\xfire.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\TEMP\win95.exe C:\WINDOWS\mgrs.exe C:\Program Files\Audacity\audacity.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Ableton\Live 6.0.9\Program\Live 6.0.9.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Alex\LOCALS~1\Temp\Rar$EX00.687\HiJackThis.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\System32\ntos.exe, O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {CE92CB06-A5D2-46B7-88FC-BB15CF231C21} - C:\WINDOWS\System32\cfgmgr3.dll O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v4.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe O4 - HKLM\..\Run: [dipsritc] rundll32.exe "C:\Program Files\dipsritc\rwdklshg.dll",Init O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvzam.dll,startup O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win95.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [Bhmm] "C:\WINDOWS\System32\RACLE~1\ntvdm.exe" -vt yazb O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: findfast.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: autorun.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{76948F98-0319-43DC-85F3-8C4BB796B211}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CCS\Services\Tcpip\..\{7E92B53B-AC91-430B-B398-A607B3757393}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.173 O17 - HKLM\System\CS1\Services\Tcpip\..\{76948F98-0319-43DC-85F3-8C4BB796B211}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.173 O17 - HKLM\System\CS2\Services\Tcpip\..\{76948F98-0319-43DC-85F3-8C4BB796B211}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.173 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: wingkb32 - C:\WINDOWS\SYSTEM32\wingkb32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe (file missing) -- End of file - 5669 bytes Ik hoop dat iemand mij uit deze benarde situatie kan helpen. ;) Groeten, Alexander
  • Hoi Alexander, Enige reden waarom je systeem geen essentiele servicespacks voor Windows bevat? Je hebt geen eens service pack 1. Ga nu nog niet updaten maar doe dit pas als je systeem weer helemaal malware vrij is! 1. Je draait Hijackthis vanuit een temp map, op deze manier geen backups erg makkelijk verloren. Pak Hijackthis uit naar een eigen map, bijvoorbeeld C:\Program Files\[b:92936593f9]Hijackthis[/b:92936593f9] 2. Download [url=http://downloads.andymanchesta.com/RemovalTools/SDFix.zip]SDFix[/url] naar je [b:92936593f9]Bureaublad[/b:92936593f9]. Dubbelklik om te openen, selecteer alle bestanden en pak ze uit naar een eigen map met de naam [u:92936593f9]SDFix[/u:92936593f9]. Start je computer op in [url=http://users.telenet.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Open de map SDfix en dubbelklik op [b:92936593f9]runthis.bat[/b:92936593f9] om de tool te starten. Computer laten herstarten wanneer dit gevraagd wordt. SDfix loopt verder en opent na afloop een rapportje! Post dit rapport in je volgende antwoord. 3. Download [b:92936593f9][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url][/b:92936593f9] naar je [b:92936593f9]bureaublad[/b:92936593f9] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:92936593f9]download Combofix opnieuw[/b:92936593f9]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:92936593f9]combofix.exe[/u:92936593f9] Kies voor "Continue" door [b:92936593f9]1[/b:92936593f9] te typen gevolgd door [b:92936593f9]ENTER[/b:92936593f9]. Tijdens het runnen van de fix, [b:92936593f9]NIET[/b:92936593f9] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:92936593f9]combofix.txt[/b:92936593f9] openen. [i:92936593f9]Plaats in je volgende antwoord het logje van combofix ([i]combofix.txt[/i:92936593f9]) tesamen met een vers Hijackthis log. [/i] Post nu het logje van SDfix, Combofix en een vers Hijackthis logje in je volgende bericht. Succes! Pim :)
  • Ok, hier een paar logs. Noot; als ik nu in normale modus opstart blokkeert de hele PC :? catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 22:40:18 Windows 5.1.2600 NTFS detected NTDLL code modification: ZwQuerySystemInformation scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:f4,35,40,68,b6,f7,b7,d1,34,54,55,b3,66,88,cf,de,0c,d2,d4,2c,75,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,6b,b8,7e,a8,c0,4f,fb,4f,27,ed,9c,bc,6d,db,79,d2,bd,.. "khjeh"=hex:8f,90,39,15,e9,12,12,fc,73,fc,34,0f,2d,d5,bd,31,54,59,fc,7f,2b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:ca,23,9a,24,ad,7a,de,27,31,66,fa,5f,64,60,0d,13,f4,e9,85,ea,87,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:59,9e,25,40,49,4b,37,2d,5a,4e,3a,52,1e,fd,ad,e4,77,da,e2,f3,86,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:f8,c4,76,3d,77,9b,c7,f3,6c,43,f8,3d,3f,28,0e,7f,95,3f,1a,d2,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:28,5e,e1,ed,4e,fb,f8,86,a7,d4,2a,54,7a,0b,ae,ec,a4,4c,5d,99,b0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:f4,35,40,68,b6,f7,b7,d1,34,54,55,b3,66,88,cf,de,0c,d2,d4,2c,75,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,6b,b8,7e,a8,c0,4f,fb,4f,27,ed,9c,bc,6d,db,79,d2,bd,.. "khjeh"=hex:8f,90,39,15,e9,12,12,fc,73,fc,34,0f,2d,d5,bd,31,54,59,fc,7f,2b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:ca,23,9a,24,ad,7a,de,27,31,66,fa,5f,64,60,0d,13,f4,e9,85,ea,87,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:59,9e,25,40,49,4b,37,2d,5a,4e,3a,52,1e,fd,ad,e4,77,da,e2,f3,86,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:f8,c4,76,3d,77,9b,c7,f3,6c,43,f8,3d,3f,28,0e,7f,95,3f,1a,d2,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:28,5e,e1,ed,4e,fb,f8,86,a7,d4,2a,54,7a,0b,ae,ec,a4,4c,5d,99,b0,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:58:15, on 3-12-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alex\Bureaublad\HiJackThis.exe O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {CE92CB06-A5D2-46B7-88FC-BB15CF231C21} - C:\WINDOWS\System32\cfgmgr3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Bhmm] "C:\WINDOWS\System32\RACLE~1\ntvdm.exe" -vt yazb O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{76948F98-0319-43DC-85F3-8C4BB796B211}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CCS\Services\Tcpip\..\{7E92B53B-AC91-430B-B398-A607B3757393}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.173 O17 - HKLM\System\CS1\Services\Tcpip\..\{76948F98-0319-43DC-85F3-8C4BB796B211}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.173 O17 - HKLM\System\CS2\Services\Tcpip\..\{76948F98-0319-43DC-85F3-8C4BB796B211}: NameServer = 85.255.113.146,85.255.112.173 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.173 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe (file missing) -- End of file - 4327 bytes SDFix: Version 1.116 Run by Alex on ma 03-12-2007 at 21:56 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFX\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted C:\Program Files\E404 Helper\e404.v4.dll - Deleted C:\Program Files\Common Files\Yazzle1162OinAdmin.exe - Deleted C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe - Deleted C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\autorun.exe - Deleted C:\Documents and Settings\Alex\Menu Start\Programma's\Opstarten\findfast.exe - Deleted C:\Program Files\spoolsv.exe - Deleted C:\Documents and Settings\Alex\~tmp1174.exe - Deleted C:\WINDOWS\avp.exe - Deleted C:\WINDOWS\Casino.ico - Deleted C:\WINDOWS\Free Online Dating.ico - Deleted C:\WINDOWS\mgrs.exe - Deleted C:\WINDOWS\Spyware Remover.ico - Deleted C:\WINDOWS\system32\Kernel32.exe - Deleted C:\WINDOWS\system32\printer.exe - Deleted C:\WINDOWS\system32\spoolvs.exe - Deleted C:\WINDOWS\xpupdate.exe - Deleted C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted C:\WINDOWS\system32\wsnpoem\video.dll - Deleted Folder C:\Program Files\E404 Helper - Removed Folder C:\WINDOWS\system32\wsnpoem - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 22:40:18 Windows 5.1.2600 NTFS detected NTDLL code modification: ZwQuerySystemInformation scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:f4,35,40,68,b6,f7,b7,d1,34,54,55,b3,66,88,cf,de,0c,d2,d4,2c,75,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,6b,b8,7e,a8,c0,4f,fb,4f,27,ed,9c,bc,6d,db,79,d2,bd,.. "khjeh"=hex:8f,90,39,15,e9,12,12,fc,73,fc,34,0f,2d,d5,bd,31,54,59,fc,7f,2b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:ca,23,9a,24,ad,7a,de,27,31,66,fa,5f,64,60,0d,13,f4,e9,85,ea,87,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:59,9e,25,40,49,4b,37,2d,5a,4e,3a,52,1e,fd,ad,e4,77,da,e2,f3,86,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:f8,c4,76,3d,77,9b,c7,f3,6c,43,f8,3d,3f,28,0e,7f,95,3f,1a,d2,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:28,5e,e1,ed,4e,fb,f8,86,a7,d4,2a,54,7a,0b,ae,ec,a4,4c,5d,99,b0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:f4,35,40,68,b6,f7,b7,d1,34,54,55,b3,66,88,cf,de,0c,d2,d4,2c,75,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,6b,b8,7e,a8,c0,4f,fb,4f,27,ed,9c,bc,6d,db,79,d2,bd,.. "khjeh"=hex:8f,90,39,15,e9,12,12,fc,73,fc,34,0f,2d,d5,bd,31,54,59,fc,7f,2b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:ca,23,9a,24,ad,7a,de,27,31,66,fa,5f,64,60,0d,13,f4,e9,85,ea,87,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:59,9e,25,40,49,4b,37,2d,5a,4e,3a,52,1e,fd,ad,e4,77,da,e2,f3,86,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:f8,c4,76,3d,77,9b,c7,f3,6c,43,f8,3d,3f,28,0e,7f,95,3f,1a,d2,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:28,5e,e1,ed,4e,fb,f8,86,a7,d4,2a,54,7a,0b,ae,ec,a4,4c,5d,99,b0,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\printer.exe"="C:\\WINDOWS\\System32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\spoolvs.exe"="C:\\WINDOWS\\System32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Alex\\Menu Start\\Programma's\\Opstarten\\findfast.exe"="C:\\Documents and Settings\\Alex\\Menu Start\\Programma's\\Opstarten\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\All Users.WINDOWS\\Menu Start\\Programma's\\Opstarten\\autorun.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Start\\Programma's\\Opstarten\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019" "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\TEMP\\win56.exe"="C:\\WINDOWS\\TEMP\\win56.exe:*:Enabled:win56" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\printer.exe"="C:\\WINDOWS\\System32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\spoolvs.exe"="C:\\WINDOWS\\System32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Alex\\Menu Start\\Programma's\\Opstarten\\findfast.exe"="C:\\Documents and Settings\\Alex\\Menu Start\\Programma's\\Opstarten\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\All Users.WINDOWS\\Menu Start\\Programma's\\Opstarten\\autorun.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Start\\Programma's\\Opstarten\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019" "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFX\SDFix\backups\backups.zip Files with Hidden Attributes: Sat 20 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe" Tue 23 Nov 2004 303,104 A..H. --- "C:\Documents and Settings\Alex\Bureaublad\Maya\Maya44.dll" Tue 23 Nov 2004 325,344 A..H. --- "C:\Documents and Settings\Alex\Bureaublad\Maya\Maya44.sys" Tue 23 Nov 2004 139,264 A..H. --- "C:\Documents and Settings\Alex\Bureaublad\Maya\Maya44USBPanel.exe" Tue 23 Nov 2004 23,360 A..H. --- "C:\Documents and Settings\Alex\Bureaublad\Maya\pgusbmm3.sys" Wed 24 Nov 2004 299,008 A..H. --- "C:\Documents and Settings\Alex\Bureaublad\Maya\Setup98ME.exe" Wed 24 Nov 2004 315,392 A..H. --- "C:\Documents and Settings\Alex\Bureaublad\Maya\SetupXP2k.exe" Thu 22 Nov 2007 8,194,048 ...H. --- "C:\Documents and Settings\Alex\Bureaublad\School\MCV\~WRL0005.tmp" Sun 2 Dec 2007 12,254,720 ...H. --- "C:\Documents and Settings\Alex\Bureaublad\School\MCV\~WRL2853.tmp" Finished! Hoop dat je hier wat mee kan :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.