Vraag & Antwoord

3 antwoorden

C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\lgvoshqi.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\whxatmiu.dll
C:\WINDOWS\system32\byxxvvu.dll
C:\WINDOWS\system32\gebcdba.dll
C:\WINDOWS\system32\qomkjgf.dll
C:\WINDOWS\system32\urqonki.dll
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\ssttr.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\msxml3a.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

——-\nm

((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))

2007-06-21 17:13 49,152 –a—— C:\WINDOWS\nircmd.exe
2007-06-21 17:10 122,900 –a—— C:\WINDOWS\system32\tvvwgwya.exe
2007-06-20 22:15 <DIR> d——– C:\WINDOWS\system32\xircom
2007-06-20 22:15 <DIR> d——– C:\WINDOWS\srchasst
2007-06-20 22:15 <DIR> d——– C:\Program Files\msn gaming zone
2007-06-20 22:14 <DIR> d——– C:\Program Files\microsoft frontpage
2007-06-20 17:09 122,900 –a—— C:\WINDOWS\system32\srradkhn.exe
2007-06-14 20:26 <DIR> d——– C:\Program Files\Lavasoft
2007-06-14 20:26 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-12 22:54 <DIR> d——– C:\Program Files\Windows Live Safety Center
2007-06-07 23:53 524,288 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-07 19:57 <DIR> d——– C:\Program Files\Windows Live
2007-06-05 23:43 <DIR> d——– C:\Program Files\Common Files\xing shared
2007-06-04 19:33 2,580 –a—— C:\WINDOWS\system32\ocbdabwv.exe
2007-06-04 15:18 9,344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 –a—— C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 18:54 2,580 –a—— C:\WINDOWS\system32\nfcxwlxq.exe
2007-06-02 18:51 2,580 –a—— C:\WINDOWS\system32\bvvkxewd.exe
2007-05-30 23:56 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-05-30 23:08 190,976 –a—— C:\DOCUME~1\FAMILY~1\ext.exe
2007-05-27 14:24 <DIR> d——– C:\Program Files\Winamp

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 15:24:27 288 —-a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80671102}.dat
2007-06-21 15:24:27 288 —-a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80671102}.dat
2007-06-20 20:15:00 ——– d—–w C:\Program Files\Windows NT
2007-06-20 15:11:51 ——– d—–w C:\DOCUME~1\FAMILY~1\APPLIC~1\VoipBuster
2007-06-14 18:25:41 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-07 17:57:49 ——– d—–w C:\Program Files\Messenger Plus! Live
2007-06-07 17:57:48 ——– d—–w C:\Program Files\MSN Messenger
2007-06-05 22:28:14 ——– d—–w C:\DOCUME~1\FAMILY~1\APPLIC~1\Real
2007-06-05 21:43:26 ——– d—–w C:\Program Files\Common Files\Real
2007-06-04 19:36:17 ——– d—–w C:\Program Files\TuneUp Utilities 2007
2007-05-27 13:14:40 ——– d—–w C:\DOCUME~1\FAMILY~1\APPLIC~1\Skype
2007-05-16 15:32:55 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 23:37:26 ——– d—–w C:\DOCUME~1\FAMILY~1\APPLIC~1\gtk-2.0
2007-05-14 17:12:41 ——– d—–w C:\Program Files\GIMP-2.0
2007-05-14 17:11:20 ——– d—–w C:\Program Files\Common Files\GTK
2007-05-03 15:53:15 ——– d—–w C:\Program Files\Paltalk Messenger
2007-04-26 21:12:03 ——– d—–w C:\Program Files\Real
2007-04-25 14:21:15 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
2007-04-13 13:19:52 7,680 —-a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-29 02:42:42 29,704 —-a-w C:\WINDOWS\system32\uxtuneup.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 23:44]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-11 00:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-06-09 04:07 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 16:09]
"Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [2002-12-03 19:29]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-05 23:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VoipBuster"="C:\program files\voipbuster.com\voipbuster\voipbuster.exe" [2007-06-21 17:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo "=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo "=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 14:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurqpp]
wvurqpp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

Contents of the 'Scheduled Tasks' folder
2007-06-21 15:11:02 C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
2007-05-18 16:56:20 C:\WINDOWS\tasks\Easy Onderhoud.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 17:25:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 17:27:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-06-21 17:27

— E O F —

Anoniem 21 juni 2007 15:48

Hullu, wil je een eigen topic beginnen aub, ik zal gerben even vragen of hij dit bericht in een nieuw topic zetten kan.

Anoniem 21 juni 2007 19:49

afgesplitst

Anoniem 21 juni 2007 19:54

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.