Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan.vundo

M@rc
72 antwoorden
  • Ik heb gisteren tijdens het scannen van mijn pc een trojan.vundo gevonden in mijn system32 map.

    Ik heb het virus in quarantine laten plaatsen en vandaag naar nog meer gezocht. Ook kan ik mijn Taakbeheer niet opstarten.

    Op moment van schrijven ben ik aan het scannen met SUPERAntiSpyware en heb ik een hijackthis log gemaakt.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:53:56, on 1-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Documents and Settings\Admin\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\FILMS\FRAPS\FRAPS.EXE
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\tcntrkdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\@Home veiligheid\AntiVirus\pavexsc.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\limewire\limewire.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Diversen\HijackThis.exe
    C:\WINDOWS\system32\rundll32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Admin\svchost.exe
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntrkdm.exe DWram
    O4 - HKLM\..\Run: [BM538ace70] Rundll32.exe "C:\WINDOWS\system32\pwfnpetw.dll",s
    O4 - HKLM\..\RunServices: [WatchDog] C:\Program Files\WatchDog\watchdog.exe /.
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" clear
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Fraps] C:\FILMS\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntrkdm.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
    O4 - Startup: Xfire.lnk = C:\Spellen\Xfire\Xfire.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6C97E62-F9EC-4C2D-A05B-CE1040177F03}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS3\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS4\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    Zijn er fouten in mijn hijackthis logje, en moet ik naast SUPERAntiSpyware ook nog met een ander programma gaan scannen om van deze virus af te komen.

    Alvast bedankt.







  • Probeer eens de Vundo Fix:

    http://vundofix.atribune.org/
    http://www.atribune.org/
  • Ok, nu ben ik ook mijn explorer.exe(taakbalk) kwijt. Is dat een gevolg van het virus of ligt dat ergens anders aan?
  • Ik heb gescand met VundoFix maar die heeft niks kunnen vinden.
  • Hallo Niek,

    Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Hierbij mijn logje van Combofix en hijackthis.


    "Admin" - 2008-05-01 14:30:41 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\Bureaublad\"


    ((((((((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))


    2008-05-01 12:12 <DIR> d——– C:\VundoFix Backups
    2008-05-01 11:54 107,072 –a—— C:\WINDOWS\system32\ahmmqqae.dll
    2008-05-01 11:53 107,072 –a—— C:\WINDOWS\system32\pwfnpetw.dll
    2008-05-01 11:45 89,070 –a—— C:\WINDOWS\system32\myss_sb_uninstall.exe
    2008-05-01 11:42 <DIR> d——– C:\DOCUME~1\NETWOR~1\Mijn documenten
    2008-05-01 11:26 88,560 -ra—— C:\WINDOWS\system32\drivers\K320mgmt.sys
    2008-04-30 23:49 283,136 ——— C:\WINDOWS\system32\qoMcdCTn.dll
    2008-04-30 23:49 196,422 –ahs—- C:\WINDOWS\system32
    TCdcMoq.ini2
    2008-04-30 23:44 0 –a—— C:\WINDOWS\system32\taskkill.exe
    2008-04-30 23:44 <DIR> d–hs—- C:\DOCUME~1\Admin\!
    2008-04-30 23:43 858 –a—— C:\WINDOWS\system32\winpfz33.sys
    2008-04-30 23:42 88,961 –a—— C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    2008-04-30 23:42 298,311 –a—— C:\WINDOWS\system32\gside.exe
    2008-04-30 23:41 87,423 –a—— C:\Temp\oRUsa080.exe
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\pnVes05
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\jp7
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\dn4
    2008-04-30 23:41 <DIR> d——– C:\Temp\zvebs14
    2008-04-30 23:41 <DIR> d——– C:\Temp\1cb
    2008-04-30 23:41 <DIR> d——– C:\Temp
    2008-04-23 00:29 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-04-22 18:36 86,368 -ra—— C:\WINDOWS\system32\drivers\K320obex.sys
    2008-04-22 14:58 <DIR> d——– C:\Program Files\Common Files\Authentium
    2008-04-20 15:45 97,056 -ra—— C:\WINDOWS\system32\drivers\K320mdm.sys
    2008-04-20 15:45 9,328 -ra—— C:\WINDOWS\system32\drivers\K320mdfl.sys
    2008-04-20 15:45 61,504 -ra—— C:\WINDOWS\system32\drivers\K320bus.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cmnt.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cm.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320whnt.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320wh.sys
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Teleca
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson
    2008-04-20 15:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Documents
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Sony Ericsson
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    2008-04-10 14:53 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Leadertech
    2008-04-02 17:50 <DIR> d——– C:\Program Files\VideoLAN


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-05-01 09:45:09 ——– d—–w C:\Program Files\Hitman Pro
    2008-05-01 09:35:16 ——– d—–w C:\Program Files\LimeWire
    2008-05-01 09:28:30 ——– d—–w C:\Program Files\SUPERAntiSpyware
    2008-04-30 21:32:26 ——– d—–w C:\Program Files\Windows Media Connect 2
    2008-04-30 21:24:54 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Xfire
    2008-04-30 17:57:13 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Bioshock
    2008-04-29 12:14:35 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Azureus
    2008-04-26 12:43:49 ——– d—–w C:\Program Files\Winamp Remote
    2008-04-21 11:16:30 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:39:27 ——– d—–w C:\Program Files\Azureus
    2008-04-14 13:45:19 ——– d—–w C:\Program Files\DivX
    2008-04-12 16:34:50 83,854 —-a-w C:\WINDOWS\system32\perfc013.dat
    2008-04-12 16:34:50 472,888 —-a-w C:\WINDOWS\system32\perfh013.dat
    2008-04-10 09:35:32 409,600 —-a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-04-10 09:35:32 114,688 —-a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-04-02 15:52:55 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\vlc
    2008-03-31 21:25:52 161,096 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25:46 831,488 —-a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25:46 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25:46 682,496 —-a-w C:\WINDOWS\system32\DivX.dll
    2008-03-21 20:30:12 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30:08 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30:00 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30:00 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28:52 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28:50 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28:50 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28:50 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28:20 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:10:47 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-02-21 02:05:38 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05:38 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05:38 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 06:51:59 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39:05 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}=C:\WINDOWS\system32\ahmmqqae.dll [2008-05-01 11:54]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
    {759C858E-85A7-416A-B9F1-68A6F750DF4E}=C:\WINDOWS\system32\qoMcdCTn.dll [2008-04-30 23:49]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
    "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32
    wiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
    "BM538ace70"="C:\WINDOWS\system32\pwfnpetw.dll" [2008-05-01 11:53]
    "50b9fdec"="C:\WINDOWS\system32\icwnfkvc.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" [2007-04-04 14:20]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    "NoDispCPL"=0 (0x0)
    "DisableCMD"=0 (0x0)
    "DisableLockWorkstation"=0 (0x0)
    "DisableChangePassword"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)
    "NoLogOff"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskBar"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoSMHelp"=0 (0x0)
    "NoNetworkConnections"=0 (0x0)
    "NoSMMyDocs"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoSaveSettings"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoNetConnectDisconnect"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)
    "NoViewContextMenu"=0 (0x0)
    "NoWinKeys"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 C:\WINDOWS\system32\qoMcdCTn

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk]
    path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk
    backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag]
    C:\Documents and Settings\All Users\Application Data\Global seek 2 up\knobnew.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom]
    C:\DOCUME~1\Admin\APPLIC~1\INSIDE~1\idle grid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\tcntrkdm.exe DWram

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    rundll32.exe "C:\WINDOWS\system32\qsjklxbg.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Spellen\Counterstrike Source\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    "C:\Program Files\Save\Save.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}]
    c:\windows\system32\rwwnw64d.exe DWram


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-01 14:40:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-05-01 14:49:21 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2008-05-01 14:49
    C:\ComboFix2.txt … 2007-05-22 21:36

    — E O F —

    Logfile of HijackThis v1.99.1
    Scan saved at 14:54:18, on 1-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Diversen\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [BM538ace70] Rundll32.exe "C:\WINDOWS\system32\pwfnpetw.dll",s
    O4 - HKLM\..\Run: [50b9fdec] rundll32.exe "C:\WINDOWS\system32\icwnfkvc.dll",b
    O4 - HKLM\..\RunServices: [WatchDog] C:\Program Files\WatchDog\watchdog.exe /.
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" clear
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Fraps] C:\FILMS\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Xfire.lnk = C:\Spellen\Xfire\Xfire.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6C97E62-F9EC-4C2D-A05B-CE1040177F03}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS3\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS4\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




    Alleen heb ik nog een probleem gevonden. SUPERAntiSpyware had een paar bestanden in windows/system aangemerkt als virussen, en sinsdien is het voor mij NIET mogelijk om de pc normaal op te starten. Ik krijg een blauw scherm met opdrachten te zien een seconde ofzo, en dan start mijn pc automatisch op. Ik heb beide logs gemaakt in veilige modus.











  • Open een kladblokbestand.
    Kopieer de ondestaande code, en plak deze in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt
    [code:1:2be0038e52]File::
    C:\WINDOWS\system32\ahmmqqae.dll
    C:\WINDOWS\system32\pwfnpetw.dll
    C:\WINDOWS\system32\qoMcdCTn.dll
    C:\WINDOWS\system32
    TCdcMoq.ini2
    C:\WINDOWS\system32\winpfz33.sys
    C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    C:\WINDOWS\system32\gside.exe
    C:\Temp\oRUsa080.exe

    Folder::
    C:\VundoFix Backups
    C:\Temp\zvebs14
    C:\Temp\1cb

    Folderlook::
    C:\DOCUME~1\Admin\!

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{759C858E-85A7-416A-B9F1-68A6F750DF4E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "50b9fdec"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}]
    [/code:1:2be0038e52]
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
    [img:2be0038e52]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:2be0038e52]
    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
  • Hierbij het nieuwe Combofix logje.

    "Admin" - 2008-05-01 15:14:16 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\"
    Command switches used :: ""C:\Documents and Settings\Admin\Bureaublad\CFScript.txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))


    2008-05-01 12:12 <DIR> d——– C:\VundoFix Backups
    2008-05-01 11:54 107,072 –a—— C:\WINDOWS\system32\ahmmqqae.dll
    2008-05-01 11:53 107,072 –a—— C:\WINDOWS\system32\pwfnpetw.dll
    2008-05-01 11:45 89,070 –a—— C:\WINDOWS\system32\myss_sb_uninstall.exe
    2008-05-01 11:42 <DIR> d——– C:\DOCUME~1\NETWOR~1\Mijn documenten
    2008-05-01 11:26 88,560 -ra—— C:\WINDOWS\system32\drivers\K320mgmt.sys
    2008-04-30 23:49 283,136 ——— C:\WINDOWS\system32\qoMcdCTn.dll
    2008-04-30 23:49 197,311 –ahs—- C:\WINDOWS\system32
    TCdcMoq.ini2
    2008-04-30 23:44 0 –a—— C:\WINDOWS\system32\taskkill.exe
    2008-04-30 23:44 <DIR> d–hs—- C:\DOCUME~1\Admin\!
    2008-04-30 23:43 858 –a—— C:\WINDOWS\system32\winpfz33.sys
    2008-04-30 23:42 88,961 –a—— C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    2008-04-30 23:42 298,311 –a—— C:\WINDOWS\system32\gside.exe
    2008-04-30 23:41 87,423 –a—— C:\Temp\oRUsa080.exe
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\pnVes05
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\jp7
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\dn4
    2008-04-30 23:41 <DIR> d——– C:\Temp\zvebs14
    2008-04-30 23:41 <DIR> d——– C:\Temp\1cb
    2008-04-30 23:41 <DIR> d——– C:\Temp
    2008-04-23 00:29 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-04-22 18:36 86,368 -ra—— C:\WINDOWS\system32\drivers\K320obex.sys
    2008-04-22 14:58 <DIR> d——– C:\Program Files\Common Files\Authentium
    2008-04-20 15:45 97,056 -ra—— C:\WINDOWS\system32\drivers\K320mdm.sys
    2008-04-20 15:45 9,328 -ra—— C:\WINDOWS\system32\drivers\K320mdfl.sys
    2008-04-20 15:45 61,504 -ra—— C:\WINDOWS\system32\drivers\K320bus.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cmnt.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cm.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320whnt.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320wh.sys
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Teleca
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson
    2008-04-20 15:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Documents
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Sony Ericsson
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    2008-04-10 14:53 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Leadertech
    2008-04-02 17:50 <DIR> d——– C:\Program Files\VideoLAN


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-05-01 09:45:09 ——– d—–w C:\Program Files\Hitman Pro
    2008-05-01 09:28:30 ——– d—–w C:\Program Files\SUPERAntiSpyware
    2008-04-30 21:32:26 ——– d—–w C:\Program Files\Windows Media Connect 2
    2008-04-30 21:24:54 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Xfire
    2008-04-30 17:57:13 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Bioshock
    2008-04-29 12:14:35 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Azureus
    2008-04-26 12:43:49 ——– d—–w C:\Program Files\Winamp Remote
    2008-04-21 11:16:30 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:39:27 ——– d—–w C:\Program Files\Azureus
    2008-04-14 13:45:19 ——– d—–w C:\Program Files\DivX
    2008-04-12 16:34:50 83,854 —-a-w C:\WINDOWS\system32\perfc013.dat
    2008-04-12 16:34:50 472,888 —-a-w C:\WINDOWS\system32\perfh013.dat
    2008-04-10 09:35:32 409,600 —-a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-04-10 09:35:32 114,688 —-a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-04-02 15:52:55 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\vlc
    2008-03-31 21:25:52 161,096 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25:46 831,488 —-a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25:46 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25:46 682,496 —-a-w C:\WINDOWS\system32\DivX.dll
    2008-03-21 20:30:12 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30:08 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30:00 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30:00 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28:52 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28:50 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28:50 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28:50 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28:20 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:10:47 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-02-21 02:05:38 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05:38 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05:38 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 06:51:59 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39:05 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}=C:\WINDOWS\system32\ahmmqqae.dll [2008-05-01 11:54]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
    {759C858E-85A7-416A-B9F1-68A6F750DF4E}=C:\WINDOWS\system32\qoMcdCTn.dll [2008-04-30 23:49]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
    "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32
    wiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
    "BM538ace70"="C:\WINDOWS\system32\pwfnpetw.dll" [2008-05-01 11:53]
    "50b9fdec"="C:\WINDOWS\system32\icwnfkvc.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" [2007-04-04 14:20]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    "NoDispCPL"=0 (0x0)
    "DisableCMD"=0 (0x0)
    "DisableLockWorkstation"=0 (0x0)
    "DisableChangePassword"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)
    "NoLogOff"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskBar"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoSMHelp"=0 (0x0)
    "NoNetworkConnections"=0 (0x0)
    "NoSMMyDocs"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoSaveSettings"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoNetConnectDisconnect"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)
    "NoViewContextMenu"=0 (0x0)
    "NoWinKeys"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 C:\WINDOWS\system32\qoMcdCTn

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk]
    path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk
    backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag]
    C:\Documents and Settings\All Users\Application Data\Global seek 2 up\knobnew.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom]
    C:\DOCUME~1\Admin\APPLIC~1\INSIDE~1\idle grid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\tcntrkdm.exe DWram

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    rundll32.exe "C:\WINDOWS\system32\qsjklxbg.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Spellen\Counterstrike Source\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    "C:\Program Files\Save\Save.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}]
    c:\windows\system32\rwwnw64d.exe DWram


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-01 15:16:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-05-01 15:21:48
    C:\ComboFix-quarantined-files.txt … 2008-05-01 15:21
    C:\ComboFix2.txt … 2008-05-01 14:49
    C:\ComboFix3.txt … 2007-05-22 21:36

    — E O F —





  • De instructies met CFscript zijn niet gelukt.
    Probeer nog een keer.
    Loopt er iets mis meldt het me dan.
  • Ik heb het opnieuw geprobeerd. Als het niet gewerkt heeft is het mogelijk dat die het dan wel doet na het opnieuw opstarten van de pc.

    "Admin" - 2008-05-01 15:30:06 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\"
    Command switches used :: ""C:\Documents and Settings\Admin\Bureaublad\CFScript.txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))


    2008-05-01 12:12 <DIR> d——– C:\VundoFix Backups
    2008-05-01 11:54 107,072 –a—— C:\WINDOWS\system32\ahmmqqae.dll
    2008-05-01 11:53 107,072 –a—— C:\WINDOWS\system32\pwfnpetw.dll
    2008-05-01 11:45 89,070 –a—— C:\WINDOWS\system32\myss_sb_uninstall.exe
    2008-05-01 11:42 <DIR> d——– C:\DOCUME~1\NETWOR~1\Mijn documenten
    2008-05-01 11:26 88,560 -ra—— C:\WINDOWS\system32\drivers\K320mgmt.sys
    2008-04-30 23:49 283,136 ——— C:\WINDOWS\system32\qoMcdCTn.dll
    2008-04-30 23:49 197,887 –ahs—- C:\WINDOWS\system32
    TCdcMoq.ini2
    2008-04-30 23:44 0 –a—— C:\WINDOWS\system32\taskkill.exe
    2008-04-30 23:44 <DIR> d–hs—- C:\DOCUME~1\Admin\!
    2008-04-30 23:43 858 –a—— C:\WINDOWS\system32\winpfz33.sys
    2008-04-30 23:42 88,961 –a—— C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    2008-04-30 23:42 298,311 –a—— C:\WINDOWS\system32\gside.exe
    2008-04-30 23:41 87,423 –a—— C:\Temp\oRUsa080.exe
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\pnVes05
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\jp7
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\dn4
    2008-04-30 23:41 <DIR> d——– C:\Temp\zvebs14
    2008-04-30 23:41 <DIR> d——– C:\Temp\1cb
    2008-04-30 23:41 <DIR> d——– C:\Temp
    2008-04-23 00:29 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-04-22 18:36 86,368 -ra—— C:\WINDOWS\system32\drivers\K320obex.sys
    2008-04-22 14:58 <DIR> d——– C:\Program Files\Common Files\Authentium
    2008-04-20 15:45 97,056 -ra—— C:\WINDOWS\system32\drivers\K320mdm.sys
    2008-04-20 15:45 9,328 -ra—— C:\WINDOWS\system32\drivers\K320mdfl.sys
    2008-04-20 15:45 61,504 -ra—— C:\WINDOWS\system32\drivers\K320bus.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cmnt.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cm.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320whnt.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320wh.sys
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Teleca
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson
    2008-04-20 15:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Documents
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Sony Ericsson
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    2008-04-10 14:53 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Leadertech
    2008-04-02 17:50 <DIR> d——– C:\Program Files\VideoLAN


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-05-01 09:45:09 ——– d—–w C:\Program Files\Hitman Pro
    2008-05-01 09:28:30 ——– d—–w C:\Program Files\SUPERAntiSpyware
    2008-04-30 21:32:26 ——– d—–w C:\Program Files\Windows Media Connect 2
    2008-04-30 21:24:54 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Xfire
    2008-04-30 17:57:13 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Bioshock
    2008-04-29 12:14:35 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Azureus
    2008-04-26 12:43:49 ——– d—–w C:\Program Files\Winamp Remote
    2008-04-21 11:16:30 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:39:27 ——– d—–w C:\Program Files\Azureus
    2008-04-14 13:45:19 ——– d—–w C:\Program Files\DivX
    2008-04-12 16:34:50 83,854 —-a-w C:\WINDOWS\system32\perfc013.dat
    2008-04-12 16:34:50 472,888 —-a-w C:\WINDOWS\system32\perfh013.dat
    2008-04-10 09:35:32 409,600 —-a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-04-10 09:35:32 114,688 —-a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-04-02 15:52:55 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\vlc
    2008-03-31 21:25:52 161,096 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25:46 831,488 —-a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25:46 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25:46 682,496 —-a-w C:\WINDOWS\system32\DivX.dll
    2008-03-21 20:30:12 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30:08 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30:00 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30:00 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28:52 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28:50 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28:50 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28:50 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28:20 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:10:47 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-02-21 02:05:38 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05:38 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05:38 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 06:51:59 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39:05 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}=C:\WINDOWS\system32\ahmmqqae.dll [2008-05-01 11:54]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
    {759C858E-85A7-416A-B9F1-68A6F750DF4E}=C:\WINDOWS\system32\qoMcdCTn.dll [2008-04-30 23:49]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
    "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32
    wiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
    "BM538ace70"="C:\WINDOWS\system32\pwfnpetw.dll" [2008-05-01 11:53]
    "50b9fdec"="C:\WINDOWS\system32\icwnfkvc.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" [2007-04-04 14:20]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    "NoDispCPL"=0 (0x0)
    "DisableCMD"=0 (0x0)
    "DisableLockWorkstation"=0 (0x0)
    "DisableChangePassword"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)
    "NoLogOff"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskBar"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoSMHelp"=0 (0x0)
    "NoNetworkConnections"=0 (0x0)
    "NoSMMyDocs"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoSaveSettings"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoNetConnectDisconnect"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)
    "NoViewContextMenu"=0 (0x0)
    "NoWinKeys"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 C:\WINDOWS\system32\qoMcdCTn

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk]
    path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk
    backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag]
    C:\Documents and Settings\All Users\Application Data\Global seek 2 up\knobnew.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom]
    C:\DOCUME~1\Admin\APPLIC~1\INSIDE~1\idle grid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\tcntrkdm.exe DWram

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    rundll32.exe "C:\WINDOWS\system32\qsjklxbg.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Spellen\Counterstrike Source\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    "C:\Program Files\Save\Save.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}]
    c:\windows\system32\rwwnw64d.exe DWram


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-01 15:31:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-05-01 15:37:02
    C:\ComboFix-quarantined-files.txt … 2008-05-01 15:37
    C:\ComboFix2.txt … 2008-05-01 15:21
    C:\ComboFix3.txt … 2008-05-01 14:49

    — E O F —





  • Post even de inhoud van CFScript.txt hier.
  • File::
    C:\WINDOWS\system32\ahmmqqae.dll
    C:\WINDOWS\system32\pwfnpetw.dll
    C:\WINDOWS\system32\qoMcdCTn.dll
    C:\WINDOWS\system32
    TCdcMoq.ini2
    C:\WINDOWS\system32\winpfz33.sys
    C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    C:\WINDOWS\system32\gside.exe
    C:\Temp\oRUsa080.exe

    Folder::
    C:\VundoFix Backups
    C:\Temp\zvebs14
    C:\Temp\1cb

    Folderlook::
    C:\DOCUME~1\Admin\!

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{759C858E-85A7-416A-B9F1-68A6F750DF4E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "50b9fdec"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}]
  • Dat is goed.
    Je moet dit bestandje gewoon in ComboFix slepen.
    ComboFix zal dan starten.
  • Dat heb ik gedaan. Ik zal het opnieuw proberen nadat ik mijn pc opnieuw opgestart heb.
  • Neen. Niet opnieuw opstarten.
    Geef aan wat er misloopt.
    Laat Combofix de computer niet herstarten?
  • Nadat combofix klaar is krijg ik alleen een melding van windows die ik ook krijg bij het opstarten van windows in veilige modus.

    Dan zegt combofix dat die de nieuwe log aanmaakt.

    Hij laat de pc inderdaad niet opnieuw opstarten.
  • Post de nieuwe log van ComboFix.
  • "Admin" - 2008-05-01 15:58:12 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\"
    Command switches used :: ""C:\Documents and Settings\Admin\Bureaublad\CFScript.txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))


    2008-05-01 12:12 <DIR> d——– C:\VundoFix Backups
    2008-05-01 11:54 107,072 –a—— C:\WINDOWS\system32\ahmmqqae.dll
    2008-05-01 11:53 107,072 –a—— C:\WINDOWS\system32\pwfnpetw.dll
    2008-05-01 11:45 89,070 –a—— C:\WINDOWS\system32\myss_sb_uninstall.exe
    2008-05-01 11:42 <DIR> d——– C:\DOCUME~1\NETWOR~1\Mijn documenten
    2008-05-01 11:26 88,560 -ra—— C:\WINDOWS\system32\drivers\K320mgmt.sys
    2008-04-30 23:49 283,136 ——— C:\WINDOWS\system32\qoMcdCTn.dll
    2008-04-30 23:49 198,501 –ahs—- C:\WINDOWS\system32
    TCdcMoq.ini2
    2008-04-30 23:44 0 –a—— C:\WINDOWS\system32\taskkill.exe
    2008-04-30 23:44 <DIR> d–hs—- C:\DOCUME~1\Admin\!
    2008-04-30 23:43 858 –a—— C:\WINDOWS\system32\winpfz33.sys
    2008-04-30 23:42 88,961 –a—— C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    2008-04-30 23:42 298,311 –a—— C:\WINDOWS\system32\gside.exe
    2008-04-30 23:41 87,423 –a—— C:\Temp\oRUsa080.exe
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\pnVes05
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\jp7
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\dn4
    2008-04-30 23:41 <DIR> d——– C:\Temp\zvebs14
    2008-04-30 23:41 <DIR> d——– C:\Temp\1cb
    2008-04-30 23:41 <DIR> d——– C:\Temp
    2008-04-23 00:29 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-04-22 18:36 86,368 -ra—— C:\WINDOWS\system32\drivers\K320obex.sys
    2008-04-22 14:58 <DIR> d——– C:\Program Files\Common Files\Authentium
    2008-04-20 15:45 97,056 -ra—— C:\WINDOWS\system32\drivers\K320mdm.sys
    2008-04-20 15:45 9,328 -ra—— C:\WINDOWS\system32\drivers\K320mdfl.sys
    2008-04-20 15:45 61,504 -ra—— C:\WINDOWS\system32\drivers\K320bus.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cmnt.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cm.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320whnt.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320wh.sys
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Teleca
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson
    2008-04-20 15:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Documents
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Sony Ericsson
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    2008-04-10 14:53 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Leadertech
    2008-04-02 17:50 <DIR> d——– C:\Program Files\VideoLAN


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-05-01 09:45:09 ——– d—–w C:\Program Files\Hitman Pro
    2008-05-01 09:28:30 ——– d—–w C:\Program Files\SUPERAntiSpyware
    2008-04-30 21:32:26 ——– d—–w C:\Program Files\Windows Media Connect 2
    2008-04-30 21:24:54 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Xfire
    2008-04-30 17:57:13 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Bioshock
    2008-04-29 12:14:35 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Azureus
    2008-04-26 12:43:49 ——– d—–w C:\Program Files\Winamp Remote
    2008-04-21 11:16:30 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:39:27 ——– d—–w C:\Program Files\Azureus
    2008-04-14 13:45:19 ——– d—–w C:\Program Files\DivX
    2008-04-12 16:34:50 83,854 —-a-w C:\WINDOWS\system32\perfc013.dat
    2008-04-12 16:34:50 472,888 —-a-w C:\WINDOWS\system32\perfh013.dat
    2008-04-10 09:35:32 409,600 —-a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-04-10 09:35:32 114,688 —-a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-04-02 15:52:55 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\vlc
    2008-03-31 21:25:52 161,096 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25:46 831,488 —-a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25:46 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25:46 682,496 —-a-w C:\WINDOWS\system32\DivX.dll
    2008-03-21 20:30:12 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30:08 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30:00 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30:00 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28:52 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28:50 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28:50 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28:50 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28:20 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:10:47 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-02-21 02:05:38 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05:38 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05:38 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 06:51:59 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39:05 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {0DBE9761-3CDC-4C0F-BB31-7AF8756CF594}=C:\WINDOWS\system32\qoMcdCTn.dll [2008-04-30 23:49]
    {3930ccb2-59db-44cb-ae85-6eb5f3b3bd52}=C:\WINDOWS\system32\ahmmqqae.dll [2008-05-01 11:54]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
    "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32
    wiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
    "BM538ace70"="C:\WINDOWS\system32\pwfnpetw.dll" [2008-05-01 11:53]
    "50b9fdec"="C:\WINDOWS\system32\icwnfkvc.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" [2007-04-04 14:20]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    "NoDispCPL"=0 (0x0)
    "DisableCMD"=0 (0x0)
    "DisableLockWorkstation"=0 (0x0)
    "DisableChangePassword"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)
    "NoLogOff"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskBar"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoSMHelp"=0 (0x0)
    "NoNetworkConnections"=0 (0x0)
    "NoSMMyDocs"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoSaveSettings"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoNetConnectDisconnect"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)
    "NoViewContextMenu"=0 (0x0)
    "NoWinKeys"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 C:\WINDOWS\system32\qoMcdCTn

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk]
    path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk
    backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag]
    C:\Documents and Settings\All Users\Application Data\Global seek 2 up\knobnew.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom]
    C:\DOCUME~1\Admin\APPLIC~1\INSIDE~1\idle grid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\tcntrkdm.exe DWram

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    rundll32.exe "C:\WINDOWS\system32\qsjklxbg.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Spellen\Counterstrike Source\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    "C:\Program Files\Save\Save.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F-FD-D4-43-DW}]
    c:\windows\system32\rwwnw64d.exe DWram


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-01 16:04:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-05-01 16:09:22
    C:\ComboFix-quarantined-files.txt … 2008-05-01 16:09
    C:\ComboFix2.txt … 2008-05-01 15:37
    C:\ComboFix3.txt … 2008-05-01 15:21

    — E O F —





  • Kan je starten in gewone windows modus en dan de instructies uitvoeren Niek?
    Of lukt dat niet?
  • Ik zal het proberen, tot nu toe gaat mijn pc bij het opstarten van windows normaal na het laadscherm van windows naar een blauw scherm en start opnieuw op waarin ik kan kiezen of ik veilige modus of normaal wil opstarten.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.