Vraag & Antwoord

Beveiliging & privacy

Trojan.vundo

Anoniem
M@rc
72 antwoorden
  • Hier het ComboFix logje;

    "Admin" - 2008-05-02 12:02:26 Service Pack 2
    ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\Bureaublad\"


    ((((((((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))


    2008-05-01 20:15 <DIR> d——– C:\Avenger
    2008-05-01 20:09 0 –a—— C:\WINDOWS\nsreg.dat
    2008-05-01 11:42 <DIR> d——– C:\DOCUME~1\NETWOR~1\Mijn documenten
    2008-05-01 11:26 88,560 -ra—— C:\WINDOWS\system32\drivers\K320mgmt.sys
    2008-04-30 23:44 0 –a—— C:\WINDOWS\system32\taskkill.exe
    2008-04-30 23:44 <DIR> d–hs—- C:\DOCUME~1\Admin\!
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\pnVes05
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\jp7
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\dn4
    2008-04-30 23:41 <DIR> d——– C:\Temp
    2008-04-23 00:29 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-04-22 18:36 86,368 -ra—— C:\WINDOWS\system32\drivers\K320obex.sys
    2008-04-22 14:58 <DIR> d——– C:\Program Files\Common Files\Authentium
    2008-04-20 15:45 97,056 -ra—— C:\WINDOWS\system32\drivers\K320mdm.sys
    2008-04-20 15:45 9,328 -ra—— C:\WINDOWS\system32\drivers\K320mdfl.sys
    2008-04-20 15:45 61,504 -ra—— C:\WINDOWS\system32\drivers\K320bus.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cmnt.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cm.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320whnt.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320wh.sys
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Teleca
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson
    2008-04-20 15:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Documents
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Sony Ericsson
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    2008-04-10 14:53 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Leadertech
    2008-04-02 17:50 <DIR> d——– C:\Program Files\VideoLAN


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-05-02 10:00:50 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Xfire
    2008-05-02 09:35:02 ——– d—–w C:\Program Files\@Home veiligheid
    2008-05-01 16:15:30 ——– d—–w C:\Program Files\SUPERAntiSpyware
    2008-05-01 09:45:09 ——– d—–w C:\Program Files\Hitman Pro
    2008-04-30 21:32:26 ——– d—–w C:\Program Files\Windows Media Connect 2
    2008-04-30 17:57:13 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Bioshock
    2008-04-29 12:14:35 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Azureus
    2008-04-26 12:43:49 ——– d—–w C:\Program Files\Winamp Remote
    2008-04-21 11:16:30 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:39:27 ——– d—–w C:\Program Files\Azureus
    2008-04-14 13:45:19 ——– d—–w C:\Program Files\DivX
    2008-04-12 16:34:50 83,854 —-a-w C:\WINDOWS\system32\perfc013.dat
    2008-04-12 16:34:50 472,888 —-a-w C:\WINDOWS\system32\perfh013.dat
    2008-04-10 09:35:32 409,600 —-a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-04-10 09:35:32 114,688 —-a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-04-02 15:52:55 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\vlc
    2008-03-31 21:25:52 161,096 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25:46 831,488 —-a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25:46 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25:46 682,496 —-a-w C:\WINDOWS\system32\DivX.dll
    2008-03-21 20:30:12 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30:08 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30:00 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30:00 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28:52 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28:50 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28:50 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28:50 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28:20 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:10:47 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-02-21 02:05:38 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05:38 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05:38 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 06:51:59 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39:05 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
    "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    "NoDispCPL"=0 (0x0)
    "DisableCMD"=0 (0x0)
    "DisableLockWorkstation"=0 (0x0)
    "DisableChangePassword"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)
    "NoLogOff"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskBar"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoSMHelp"=0 (0x0)
    "NoNetworkConnections"=0 (0x0)
    "NoSMMyDocs"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoSaveSettings"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoNetConnectDisconnect"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)
    "NoViewContextMenu"=0 (0x0)
    "NoWinKeys"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk]
    path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk
    backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\tcntrkdm.exe DWram

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Spellen\Counterstrike Source\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-02 12:09:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-05-02 12:12:32
    C:\ComboFix-quarantined-files.txt … 2008-05-02 12:12
    C:\ComboFix2.txt … 2008-05-02 11:12
    C:\ComboFix3.txt … 2008-05-01 17:05

    — E O F —


    En hier het Hijackthis logje;

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:13:34, on 2-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\FILMS\FRAPS\FRAPS.EXE
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Diversen\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\RunServices: [WatchDog] C:\Program Files\WatchDog\watchdog.exe /.
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Fraps] C:\FILMS\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Xfire.lnk = C:\Spellen\Xfire\Xfire.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Xfire.lnk = C:\Spellen\Xfire\Xfire.exe (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Spellen\Xfire\Xfire.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6C97E62-F9EC-4C2D-A05B-CE1040177F03}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS3\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O17 - HKLM\System\CS4\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.129.37
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 9531 bytes
  • Dit ziet er al beter uit.

    Open een kladblokbestand.
    Kopieer de ondestaande code, en plak deze in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt
    [code:1:2af3a00263]
    Folderlook::
    C:\DOCUME~1\Admin\!
    C:\WINDOWS\system32\pnVes05
    C:\WINDOWS\system32\jp7
    C:\WINDOWS\system32\dn4

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    [/code:1:2af3a00263]
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
    [img:2af3a00263]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:2af3a00263]
    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
  • Hierbij het nieuwe logje;

    "Admin" - 2008-05-02 12:23:48 Service Pack 2
    ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\"
    Command switches used :: ""C:\Documents and Settings\Admin\Bureaublad\CFScript.txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))


    2008-05-01 20:15 <DIR> d——– C:\Avenger
    2008-05-01 20:09 0 –a—— C:\WINDOWS\nsreg.dat
    2008-05-01 11:42 <DIR> d——– C:\DOCUME~1\NETWOR~1\Mijn documenten
    2008-05-01 11:26 88,560 -ra—— C:\WINDOWS\system32\drivers\K320mgmt.sys
    2008-04-30 23:44 0 –a—— C:\WINDOWS\system32\taskkill.exe
    2008-04-30 23:44 <DIR> d–hs—- C:\DOCUME~1\Admin\!
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\pnVes05
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\jp7
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\dn4
    2008-04-30 23:41 <DIR> d——– C:\Temp
    2008-04-23 00:29 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-04-22 18:36 86,368 -ra—— C:\WINDOWS\system32\drivers\K320obex.sys
    2008-04-22 14:58 <DIR> d——– C:\Program Files\Common Files\Authentium
    2008-04-20 15:45 97,056 -ra—— C:\WINDOWS\system32\drivers\K320mdm.sys
    2008-04-20 15:45 9,328 -ra—— C:\WINDOWS\system32\drivers\K320mdfl.sys
    2008-04-20 15:45 61,504 -ra—— C:\WINDOWS\system32\drivers\K320bus.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cmnt.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cm.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320whnt.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320wh.sys
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Teleca
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson
    2008-04-20 15:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Documents
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Sony Ericsson
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    2008-04-10 14:53 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Leadertech
    2008-04-02 17:50 <DIR> d——– C:\Program Files\VideoLAN


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-05-02 10:00:50 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Xfire
    2008-05-02 09:35:02 ——– d—–w C:\Program Files\@Home veiligheid
    2008-05-01 16:15:30 ——– d—–w C:\Program Files\SUPERAntiSpyware
    2008-05-01 09:45:09 ——– d—–w C:\Program Files\Hitman Pro
    2008-04-30 21:32:26 ——– d—–w C:\Program Files\Windows Media Connect 2
    2008-04-30 17:57:13 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Bioshock
    2008-04-29 12:14:35 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Azureus
    2008-04-26 12:43:49 ——– d—–w C:\Program Files\Winamp Remote
    2008-04-21 11:16:30 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:39:27 ——– d—–w C:\Program Files\Azureus
    2008-04-14 13:45:19 ——– d—–w C:\Program Files\DivX
    2008-04-12 16:34:50 83,854 —-a-w C:\WINDOWS\system32\perfc013.dat
    2008-04-12 16:34:50 472,888 —-a-w C:\WINDOWS\system32\perfh013.dat
    2008-04-10 09:35:32 409,600 —-a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-04-10 09:35:32 114,688 —-a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-04-02 15:52:55 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\vlc
    2008-03-31 21:25:52 161,096 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25:46 831,488 —-a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25:46 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25:46 682,496 —-a-w C:\WINDOWS\system32\DivX.dll
    2008-03-21 20:30:12 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30:08 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30:00 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30:00 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28:52 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28:50 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28:50 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28:50 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28:20 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:10:47 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-02-21 02:05:38 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05:38 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05:38 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 06:51:59 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39:05 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
    "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    "NoDispCPL"=0 (0x0)
    "DisableCMD"=0 (0x0)
    "DisableLockWorkstation"=0 (0x0)
    "DisableChangePassword"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)
    "NoLogOff"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskBar"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoSMHelp"=0 (0x0)
    "NoNetworkConnections"=0 (0x0)
    "NoSMMyDocs"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoSaveSettings"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoNetConnectDisconnect"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)
    "NoViewContextMenu"=0 (0x0)
    "NoWinKeys"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk]
    path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk
    backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\tcntrkdm.exe DWram

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Spellen\Counterstrike Source\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-02 12:25:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-05-02 12:28:40
    C:\ComboFix-quarantined-files.txt … 2008-05-02 12:28
    C:\ComboFix2.txt … 2008-05-02 12:12
    C:\ComboFix3.txt … 2008-05-02 11:12

    — E O F —
  • Niek,

    Herhaal de procedure even, er zat een foutje in het script dat ik je gaf.
    Ik heb het script aangepast, dus even opnieuw aanmaken aub.

    Zijn er nog problemen momenteel?
  • Alsnog het logje;

    "Admin" - 2008-05-02 12:47:05 Service Pack 2
    ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Admin\"
    Command switches used :: ""C:\Documents and Settings\Admin\Bureaublad\CFScript.txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))


    2008-05-01 20:15 <DIR> d——– C:\Avenger
    2008-05-01 20:09 0 –a—— C:\WINDOWS\nsreg.dat
    2008-05-01 11:42 <DIR> d——– C:\DOCUME~1\NETWOR~1\Mijn documenten
    2008-05-01 11:26 88,560 -ra—— C:\WINDOWS\system32\drivers\K320mgmt.sys
    2008-04-30 23:44 0 –a—— C:\WINDOWS\system32\taskkill.exe
    2008-04-30 23:44 <DIR> d–hs—- C:\DOCUME~1\Admin\!
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\pnVes05
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\jp7
    2008-04-30 23:41 <DIR> d——– C:\WINDOWS\system32\dn4
    2008-04-30 23:41 <DIR> d——– C:\Temp
    2008-04-23 00:29 41,296 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-04-22 18:36 86,368 -ra—— C:\WINDOWS\system32\drivers\K320obex.sys
    2008-04-22 14:58 <DIR> d——– C:\Program Files\Common Files\Authentium
    2008-04-20 15:45 97,056 -ra—— C:\WINDOWS\system32\drivers\K320mdm.sys
    2008-04-20 15:45 9,328 -ra—— C:\WINDOWS\system32\drivers\K320mdfl.sys
    2008-04-20 15:45 61,504 -ra—— C:\WINDOWS\system32\drivers\K320bus.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cmnt.sys
    2008-04-20 15:45 6,208 -ra—— C:\WINDOWS\system32\drivers\K320cm.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320whnt.sys
    2008-04-20 15:45 5,840 -ra—— C:\WINDOWS\system32\drivers\K320wh.sys
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Teleca
    2008-04-20 15:44 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson
    2008-04-20 15:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Documents
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Sony Ericsson
    2008-04-20 15:39 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    2008-04-20 15:39 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    2008-04-10 14:53 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\Leadertech
    2008-04-02 17:50 <DIR> d——– C:\Program Files\VideoLAN


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-05-02 10:00:50 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Xfire
    2008-05-02 09:35:02 ——– d—–w C:\Program Files\@Home veiligheid
    2008-05-01 16:15:30 ——– d—–w C:\Program Files\SUPERAntiSpyware
    2008-05-01 09:45:09 ——– d—–w C:\Program Files\Hitman Pro
    2008-04-30 21:32:26 ——– d—–w C:\Program Files\Windows Media Connect 2
    2008-04-30 17:57:13 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Bioshock
    2008-04-29 12:14:35 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\Azureus
    2008-04-26 12:43:49 ——– d—–w C:\Program Files\Winamp Remote
    2008-04-21 11:16:30 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 19:39:27 ——– d—–w C:\Program Files\Azureus
    2008-04-14 13:45:19 ——– d—–w C:\Program Files\DivX
    2008-04-12 16:34:50 83,854 —-a-w C:\WINDOWS\system32\perfc013.dat
    2008-04-12 16:34:50 472,888 —-a-w C:\WINDOWS\system32\perfh013.dat
    2008-04-10 09:35:32 409,600 —-a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-04-10 09:35:32 114,688 —-a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-04-02 15:52:55 ——– d—–w C:\DOCUME~1\Admin\APPLIC~1\vlc
    2008-03-31 21:25:52 161,096 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25:48 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25:46 831,488 —-a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25:46 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25:46 682,496 —-a-w C:\WINDOWS\system32\DivX.dll
    2008-03-21 20:30:12 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30:08 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30:00 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30:00 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28:52 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28:50 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28:50 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28:50 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28:50 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28:20 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:10:47 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-02-21 02:05:38 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05:38 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05:38 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 06:51:59 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39:05 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
    "Preventon RealTime Antivirus"="C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe" [2008-03-18 11:41]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 17:43]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 20:25]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Fraps"="C:\FILMS\FRAPS\FRAPS.EXE" [2006-06-18 15:54]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WatchDog"=C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    "NoDispCPL"=0 (0x0)
    "DisableCMD"=0 (0x0)
    "DisableLockWorkstation"=0 (0x0)
    "DisableChangePassword"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)
    "NoLogOff"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskBar"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoSMHelp"=0 (0x0)
    "NoNetworkConnections"=0 (0x0)
    "NoSMMyDocs"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoSaveSettings"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoNetConnectDisconnect"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)
    "NoViewContextMenu"=0 (0x0)
    "NoWinKeys"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programma's^Opstarten^GameSpot Download Manager.lnk]
    path=C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\GameSpot Download Manager.lnk
    backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\tcntrkdm.exe DWram

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Spellen\Counterstrike Source\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\WatchDog\watchdog.exe /.

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"


    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-02 12:49:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-05-02 12:52:38
    C:\ComboFix-quarantined-files.txt … 2008-05-02 12:52
    C:\ComboFix2.txt … 2008-05-02 12:28
    C:\ComboFix3.txt … 2008-05-02 12:12

    — E O F —
  • Ik heb tot nu toe nog geen problemen ondervonden.

    Wel zou ik het handig vinden om de C:\documentsandsettings\admin\! kwijt te willen zijn, want dat is een map die ik zelf niet erop gezet heb, en niet kan vinden in mijn admin map.
  • Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
    [b:95a824d402]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting folders>>log.txt
    FOR %%I in (
    C:\DOCUME~1\Admin\!) DO (
    IF EXIST %%I (
    RD /S /Q %%I
    IF EXIST %%I (
    ECHO %%I not deleted>>log.txt
    ) ELSE (
    ECHO %%I deleted successfully>>log.txt)
    ) ELSE (
    ECHO %%I not found>>log.txt))
    START NOTEPAD.EXE log.txt
    [/b:95a824d402]
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.
  • hier het logje;

    Deleting folders
    C:\DOCUME~1\Admin\! deleted successfully
  • Die is ook weg.

    Ga naar Start - Uitvoeren en tik in: [b:f57a55849c]ComboFix /u[/b:f57a55849c]
    Druk op Enter.

    Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.

    Happy surfing again.
  • Ik krijg een bericht van windows dat windows ComboFix niet kan vinden, terwijl het op mijn bureaublad staat, is dit goed of gaat er iets fout.
  • Tik je het in met de spatie tussen ComboFix en /u?
  • Ja, ik heb het vetgedrukte deel gekopieerd.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.