Vraag & Antwoord
hier ook vundo virus!!!
16 antwoorden
- heb alles gedaan fixvundo werkte niet,combofix wel en hijackthis maar weet nu niet wat ik moet verwijderen.ben al blij dat dit mij gelukt is.
log combofix
Windows" - 2007-06-02 10:39:28 Service Pack 2 [SAFE MODE]
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Windows\Bureaublad\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\fcebmedk.dll
C:\WINDOWS\system32\xfnprrbn.dll
C:\WINDOWS\system32\ljjhhfd.dll
C:\WINDOWS\system32\yaccf.bak1
C:\WINDOWS\system32\yaccf.bak2
C:\WINDOWS\system32\yaccf.ini
C:\WINDOWS\system32\nbrrpnfx.ini
C:\WINDOWS\system32\yaccf.bak1
C:\WINDOWS\system32\yaccf.bak2
C:\WINDOWS\system32\yaccf.ini
C:\WINDOWS\system32\fccay.dll
C:\WINDOWS\system32\tuvtqrp.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))
2007-06-01 22:42 12,386,097 ——— C:\AVG7QT.DAT
2007-06-01 21:40 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Simply Super Software
2007-05-31 18:43 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-31 18:25 <DIR> d——– C:\Program Files\Webroot
2007-05-31 18:25 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Webroot
2007-05-31 18:20 <DIR> d——– C:\Program Files\Lavasoft
2007-05-31 18:20 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Lavasoft
2007-05-31 18:19 <DIR> d——– C:\Program Files\SpywareBlaster
2007-05-31 17:50 190,976 –a—— C:\Documents and Settings\Windows\ext.exe
2007-05-31 17:50 190,976 –a—— C:\DOCUME~1\Windows\ext.exe
2007-05-30 20:27 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Help
2007-05-30 20:16 14,868 –a—— C:\WINDOWS\system32\bffpumul.exe
2007-05-30 20:16 10,752 –a—— C:\WINDOWS\system32\j7251933.dll
2007-05-29 22:03 <DIR> d——– C:\Program Files\AIDA32 - Enterprise System Information
2007-05-24 18:08 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Nokia Multimedia Player
2007-05-24 18:04 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Nokia
2007-05-24 18:04 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Datalayer
2007-05-24 18:03 <DIR> d——– C:\Documents and Settings\Windows\Phone Browser
2007-05-24 18:03 <DIR> d——– C:\DOCUME~1\Windows\Phone Browser
2007-05-24 18:02 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\PC Suite
2007-05-24 18:01 <DIR> d——– C:\Program Files\Nokia
2007-05-24 18:01 <DIR> d——– C:\Program Files\Common Files\PCSuite
2007-05-24 18:01 <DIR> d——– C:\Program Files\Common Files\Nokia
2007-05-08 22:04 <DIR> d——– C:\WINDOWS\system32\appmgmt
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-02 04:37:14 ——– d—–w C:\Program Files\Microsoft AntiSpyware
2007-06-01 16:39:19 ——– d—–w C:\Program Files\Hitman Pro
2007-05-31 15:53:24 ——– d—–w C:\Program Files\MSN Messenger
2007-05-25 06:22:47 560 —-a-w C:\DOCUME~1\Windows\APPLIC~1\ViewerApp.dat
2007-05-24 16:01:21 ——– d—–w C:\Program Files\Common Files\InstallShield
2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
2007-04-02 17:35:01 54,464 —-a-w C:\WINDOWS\system32\perfc013.dat
2007-04-02 17:35:01 367,286 —-a-w C:\WINDOWS\system32\perfh013.dat
2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 08:33:05 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 22:12]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 01:03]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
"SoundMan"="SOUNDMAN.EXE" []
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
"Logitech Utility"="Logi_MwX.Exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-01-30 21:13]
"OmniaAXServer"="C:\Program Files\OmniaAX\OmniaSrv.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-06 10:36]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 16:24]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WPI\WPI.hta
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 10:42:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-06-02 10:44:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-06-02 10:43
— E O F —
log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10:47:46, on 2-6-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Windows\Bureaublad\HijackThis.exe
C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A691251F-B07C-4167-9C36-C89121BD1A42} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OmniaAXServer] C:\Program Files\OmniaAX\OmniaSrv.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: PrintScreen.lnk = C:\Program Files\Gadwin Systems\PrintScreen\UNWISE.EXE
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe - Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:
[b:cd63dc3655]O2 - BHO: (no name) - {A691251F-B07C-4167-9C36-C89121BD1A42} - (no file)[/b:cd63dc3655]
Klik daarna op "Fix checked" en sluit HijackThis af.
Opruiming van cookies en tijdelijke internetbestanden:
Sluit alle open vensters van Internet Explorer.
Ga naar het Configuratiescherm en dubbelklik op Internet-opties.
Het venster "Eigenschappen voor Internet" voor internet zal openen.
Ga naar het tabblad Algemeen.
Klik op de knop Cookies verwijderen, en in het venster dat opent klik je op OK.
Klik nu op de knop Bestanden verwijderen.
In het venster dat opent vink je ook aan "Ook alle offline items verwijderen".
Klik op de knop OK.
Blokkeer ook nog de indirecte of third party cookies:
Op het tabblad Privacy klik je op de knop geavanceerd.
Plaats een vinkje bij "Automatische cookie-verwerking opheffen".
Bij Directe cookies zorg je dat "Accepteren" aangeduid is.
Bij Indirecte cookies kies je voor "Blokkeren".
Klik op OK.
Wanneer dit gebeurd is, sluit je het venster "Eigenschappen voor Internet".
Opruiming van andere tijdelijke mappen en de prullenbak leegmaken:
Ga naar Start, kies Uitvoeren en tik in: cleanmgr
Druk daarna op OK en Schijfopruiming zal gestart worden.
Indien je meerdere partities hebt kies je de partitie waarop Windows geïnstalleerd is.
Laat nu je systeem scannen op bestanden die verwijderd kunnen worden.
Wanneer het overzicht verschijnt zorg je dat enkel de volgende items aangevinkt zijn:
- Tijdelijke internetbestanden
- Prullenbak
- Tijdelijke bestanden
Klik daarna op OK.
Download Dr. Web CureIt.
Plaats het op je bureaublad.
[list:cd63dc3655]
[*:cd63dc3655]Dubbelklik op [b:cd63dc3655]drweb-cureit.exe[/b:cd63dc3655] en sta het programma toe om de express scan te starten. Dit is slechts een korte scan die de bestanden scant die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt zal de vraag gesteld worden 'cure it?'. Klik dan op de knop 'Yes to all'.
[*:cd63dc3655]Klik op de knop 'Select drives' en zorg dat alle drives geselecteerd zijn om te laten scannen. De drives die gescand gaan worden zijn voorzien van een rood bolletje.
[*:cd63dc3655]Klik aan de rechterkant op de grote knop met de groene pijl om de scan te starten.
[*:cd63dc3655]Wanneer een geïnfecteerd bestand gevonden wordt, wordt of de vraag gesteld 'Cure It?' of 'Move?'. Klik in beide gevalle dan op de knop 'Yes to all'.
[*:cd63dc3655]Wanneer de scan klaar is, kijk je of je het volgende icoontje kan aanklikken Dit staat naast in de onderste helft van programmavenster, links van lijstje (venster) met de geïnfecteerde bestanden. [img:cd63dc3655]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:cd63dc3655]
[*:cd63dc3655]Indien je dit kan aanklikken, klik je erop, en daarna klik je op het icoontje er net onder en kies je [b:cd63dc3655]Move incurable[/b:cd63dc3655].
[img:cd63dc3655]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:cd63dc3655]
Dit zal de bestanden verplaatsen naar de map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden.
[*:cd63dc3655]Kies in het menu File van Dr. Web CureIt voor 'Save Report List' en sla het logje op, op je bureaublad.
[*:cd63dc3655]Sluit het programma Dr. Web CureIt af.
[*:cd63dc3655]Herstart de computer en post het logje.
[/list:u:cd63dc3655] - hier het logje van dr web
en de virusscan geeft aan dat hij verwijdert is
fcebmedk.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
xfnprrbn.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted. - Maak een nieuwe log met combofix en post deze.
Zijn er nog problemen? - hier de log van combofix
Windows" - 2007-06-03 15:03:32 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Windows\Bureaublad\"
((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))
2007-06-03 10:48 <DIR> d——– C:\Documents and Settings\Windows\Contacts
2007-06-03 10:48 <DIR> d——– C:\DOCUME~1\Windows\Contacts
2007-06-03 10:47 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
2007-06-03 10:47 <DIR> d——– C:\WINDOWS\LastGood
2007-06-03 08:40 <DIR> d——– C:\Documents and Settings\Windows\DoctorWeb
2007-06-03 08:40 <DIR> d——– C:\DOCUME~1\Windows\DoctorWeb
2007-06-03 08:23 <DIR> d——– C:\WINDOWS\system32\LogFiles
2007-06-02 10:44 49,152 –a—— C:\WINDOWS\nircmd.exe
2007-06-01 22:42 12,386,097 ——— C:\AVG7QT.DAT
2007-06-01 21:40 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Simply Super Software
2007-05-31 18:43 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-31 18:25 <DIR> d——– C:\Program Files\Webroot
2007-05-31 18:25 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Webroot
2007-05-31 18:20 <DIR> d——– C:\Program Files\Lavasoft
2007-05-31 18:20 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Lavasoft
2007-05-31 18:19 <DIR> d——– C:\Program Files\SpywareBlaster
2007-05-31 17:50 190,976 –a—— C:\Documents and Settings\Windows\ext.exe
2007-05-31 17:50 190,976 –a—— C:\DOCUME~1\Windows\ext.exe
2007-05-30 20:27 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Help
2007-05-30 20:16 14,868 –a—— C:\WINDOWS\system32\bffpumul.exe
2007-05-30 20:16 10,752 –a—— C:\WINDOWS\system32\j7251933.dll
2007-05-29 22:03 <DIR> d——– C:\Program Files\AIDA32 - Enterprise System Information
2007-05-24 18:08 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Nokia Multimedia Player
2007-05-24 18:04 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Nokia
2007-05-24 18:04 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\Datalayer
2007-05-24 18:03 <DIR> d——– C:\Documents and Settings\Windows\Phone Browser
2007-05-24 18:03 <DIR> d——– C:\DOCUME~1\Windows\Phone Browser
2007-05-24 18:02 <DIR> d——– C:\DOCUME~1\Windows\APPLIC~1\PC Suite
2007-05-24 18:01 <DIR> d——– C:\Program Files\Nokia
2007-05-24 18:01 <DIR> d——– C:\Program Files\Common Files\PCSuite
2007-05-24 18:01 <DIR> d——– C:\Program Files\Common Files\Nokia
2007-05-08 22:04 <DIR> d——– C:\WINDOWS\system32\appmgmt
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-03 13:03:25 ——– d—–w C:\Program Files\Microsoft AntiSpyware
2007-06-03 09:41:45 ——– d—–w C:\Program Files\MSN Messenger
2007-06-01 16:39:19 ——– d—–w C:\Program Files\Hitman Pro
2007-05-25 06:22:47 560 —-a-w C:\DOCUME~1\Windows\APPLIC~1\ViewerApp.dat
2007-05-24 16:01:21 ——– d—–w C:\Program Files\Common Files\InstallShield
2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
2007-04-02 17:35:01 54,464 —-a-w C:\WINDOWS\system32\perfc013.dat
2007-04-02 17:35:01 367,286 —-a-w C:\WINDOWS\system32\perfh013.dat
2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 08:33:05 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 22:12]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 10:48]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
"SoundMan"="SOUNDMAN.EXE" []
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
"Logitech Utility"="Logi_MwX.Exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-01-30 21:13]
"OmniaAXServer"="C:\Program Files\OmniaAX\OmniaSrv.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 20:28]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-06 10:36]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 16:24]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WPI\WPI.hta
*Newly Created Service* - ENTDRV51
*Newly Created Service* - FUTUREX
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-03 15:04:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-06-03 15:05:13
C:\ComboFix-quarantined-files.txt … 2007-06-03 15:05
C:\ComboFix2.txt … 2007-06-02 10:44
— E O F — - computer reageert wel weer normaal alvast bedankt voor je hulp
- heb trouwens nog een probleem ,windows sluit af en toe uitzichzelf uit en start uit zichzelf direct weer op,dit is al wel een half jaartje zo.wat kan dat zijn!!!!
- Ga naar deze website: http://www.virustotal.com/en/indexf.html
Laat volgend bestandje scannen: C:\DOCUME~1\Windows\ext.exe
Post het resultaat van de scan.
Doe dit ook voor volgende bestanden:
C:\WINDOWS\system32\bffpumul.exe
C:\WINDOWS\system32\j7251933.dll
Rechtsklik op "Deze computer".
Kies Eigenschappen.
Ga naar het tabblad Geavanceerd.
Bij Opstart en herstelinstellingen klik je op "Instellingen".
Haal het vinkje weg bij "De computer automatisch opnieuw starten".
Plaats een vinkje bij "Een gebeurtenis in het systeemlogboek vastleggen".
Bij foutopsporingsgevens vastleggen selecteer je "Geen".
Klik op "Ok" en klik nog een keer op "Ok".
Herstart de computer.
Voortaan zal je als er iets gebeurt een BSOD (blauw scherm) krijgen met een foutcode (een stop code).
Post de volledige en exacte foutcode. - VIRUS TOTAL ext.exe
Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
AntiVir 7.4.0.29 06.01.2007 Worm/Agent.A.223
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.01.2007 no virus found
AVG 7.5.0.467 06.03.2007 I-Worm/Generic.BUT
BitDefender 7.2 06.03.2007 Trojan.MSnBot.A
CAT-QuickHeal 9.00 06.02.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 06.03.2007 no virus found
DrWeb 4.33 06.03.2007 no virus found
eSafe 7.0.15.0 06.03.2007 Win32.Agent.a
eTrust-Vet 30.7.3688 06.03.2007 no virus found
Ewido 4.0 06.03.2007 no virus found
FileAdvisor 1 06.03.2007 no virus found
Fortinet 2.85.0.0 06.02.2007 W32/Agent.A!worm.im
F-Prot 4.3.2.48 06.01.2007 no virus found
F-Secure 6.70.13030.0 06.03.2007 IM-Worm.Win32.Agent.a
Ikarus T3.1.1.8 06.03.2007 IM-Worm.Win32.Licat.d
Kaspersky 4.0.2.24 06.03.2007 IM-Worm.Win32.Agent.a
McAfee 5044 06.01.2007 no virus found
Microsoft 1.2503 06.03.2007 no virus found
NOD32v2 2305 06.01.2007 no virus found
Norman 5.80.02 06.01.2007 W32/Smallworm.XD
Panda 9.0.0.4 06.03.2007 Suspicious file
Prevx1 V2 06.03.2007 no virus found
Sophos 4.18.0 06.01.2007 no virus found
Sunbelt 2.2.907.0 05.30.2007 VIPRE.Suspicious
Symantec 10 06.03.2007 no virus found
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 06.02.2007 no virus found
VirusBuster 4.3.23:9 06.03.2007 no virus found
Webwasher-Gateway 6.0.1 06.03.2007 Worm.Agent.A.223 - virustotal C:\WINDOWS\system32\bffpumul.exe
Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
AntiVir 7.4.0.29 06.01.2007 HEUR/Malware
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.01.2007 no virus found
AVG 7.5.0.467 06.03.2007 no virus found
BitDefender 7.2 06.03.2007 no virus found
CAT-QuickHeal 9.00 06.02.2007 no virus found
ClamAV devel-20070416 06.03.2007 no virus found
DrWeb 4.33 06.03.2007 no virus found
eSafe 7.0.15.0 06.03.2007 no virus found
eTrust-Vet 30.7.3688 06.03.2007 no virus found
Ewido 4.0 06.03.2007 no virus found
FileAdvisor 1 06.03.2007 no virus found
Fortinet 2.85.0.0 06.02.2007 no virus found
F-Prot 4.3.2.48 06.01.2007 no virus found
F-Secure 6.70.13030.0 06.03.2007 no virus found
Ikarus T3.1.1.8 06.03.2007 no virus found
Kaspersky 4.0.2.24 06.03.2007 no virus found
McAfee 5044 06.01.2007 no virus found
Microsoft 1.2503 06.03.2007 no virus found
NOD32v2 2305 06.01.2007 no virus found
Norman 5.80.02 06.01.2007 no virus found
Panda 9.0.0.4 06.03.2007 Suspicious file
Prevx1 V2 06.03.2007 no virus found
Sophos 4.18.0 06.01.2007 no virus found
Sunbelt 2.2.907.0 05.30.2007 no virus found
Symantec 10 06.03.2007 no virus found
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 06.02.2007 no virus found
VirusBuster 4.3.23:9 06.03.2007 no virus found
Webwasher-Gateway 6.0.1 06.03.2007 Heuristic.Malware - virustotal van laatste bestand:
Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
AntiVir 7.4.0.29 06.01.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.01.2007 no virus found
AVG 7.5.0.467 06.03.2007 no virus found
BitDefender 7.2 06.03.2007 no virus found
CAT-QuickHeal 9.00 06.02.2007 no virus found
ClamAV devel-20070416 06.03.2007 no virus found
DrWeb 4.33 06.03.2007 no virus found
eSafe 7.0.15.0 06.03.2007 no virus found
eTrust-Vet 30.7.3688 06.03.2007 no virus found
Ewido 4.0 06.03.2007 no virus found
FileAdvisor 1 06.03.2007 no virus found
Fortinet 2.85.0.0 06.02.2007 no virus found
F-Prot 4.3.2.48 06.01.2007 no virus found
F-Secure 6.70.13030.0 06.03.2007 no virus found
Ikarus T3.1.1.8 06.03.2007 no virus found
Kaspersky 4.0.2.24 06.03.2007 no virus found
McAfee 5044 06.01.2007 no virus found
Microsoft 1.2503 06.03.2007 no virus found
NOD32v2 2305 06.01.2007 no virus found
Norman 5.80.02 06.01.2007 no virus found
Panda 9.0.0.4 06.03.2007 no virus found
Prevx1 V2 06.03.2007 Polynomial.Code.Exploit
Sophos 4.18.0 06.01.2007 no virus found
Sunbelt 2.2.907.0 05.30.2007 no virus found
Symantec 10 06.03.2007 no virus found
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 06.02.2007 no virus found
VirusBuster 4.3.23:9 06.03.2007 no virus found
Webwasher-Gateway 6.0.1 06.03.2007 no virus found - Alle drie de bestandjes mag je verwijderen.
Meldt of er nog problemen zijn. - heb de bestandjes verwijdert,tot nu toe nog geen problemen weer gehad.Alleen dan dat windows af en toe opnieuw opstart heb wel een code in systeemlog staan foutcode; 1000000a,parameter1:ffffff94,parameter2: 00000002,parameter3:00000000,parameter4: 804fed92.
- en nogmaals bedankt m@rc!!
- Post de exacte foutcode aub.
- hoi m@rc heb het blauwe scherm gehad dit is wat ik in beeld krijg,
IRQL_NOT_LESS_OR_EQUAL
stop: 0x0000000A (0x00000018,0x0000000,0x804f6809)
hoop dat je hier wat aan hebt!!!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.