Mededeling

Collapse
No announcement yet.

Ook Search daily

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Ook Search daily

    Hallo allemaal,

    Ik heb sinds vorige week ook het search daily virus op de pc staan.
    Zal het logje van combofix plaatsen.
    Labels: Geen
    • Citaat
  • #2
    ComboFix 08-01-06.3 - [email protected] 2008-01-05 20:22:52.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.561 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\[email protected]\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
    .

    2008-01-05 20:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-05 00:04 . 2008-01-05 00:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-05 00:04 . 2008-01-05 00:04 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-04 16:00 . 2008-01-04 16:01 <DIR> d-------- C:\Program Files\MagicDisc
    2008-01-04 16:00 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
    2008-01-04 15:48 . 2008-01-04 15:48 <DIR> d-------- C:\Program Files\VirtualDubMod
    2008-01-04 15:16 . 2008-01-05 20:18 <DIR> dr-h----- C:\Documents and Settings\[email protected]\Onlangs geopend
    2008-01-04 11:25 . 2008-01-04 11:25 <DIR> d-------- C:\Program Files\EasyCleaner
    2008-01-04 11:24 . 2008-01-04 11:26 <DIR> d-------- C:\Program Files\Adobe_Premiere_7.0
    2008-01-04 11:03 . 2008-01-04 11:03 <DIR> d-------- C:\WINDOWS\Cache
    2008-01-04 11:03 . 2008-01-04 11:03 <DIR> d-------- C:\Program Files\Your Company Name
    2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\User Documentation
    2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Training
    2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Third Party Products
    2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Registration
    2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Premiere Pro
    2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Customer Support
    2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\AutoPlay
    2008-01-04 10:59 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Andere Software
    2008-01-04 10:39 . 2008-01-04 16:34 <DIR> d-------- C:\Program Files\Adobe.Photoshop.CS3
    2008-01-04 10:23 . 2008-01-04 11:24 <DIR> d-------- C:\Program Files\MagicISO
    2008-01-04 10:02 . 2008-01-04 16:45 <DIR> d-------- C:\Program Files\Adobe_Premiere_Pro_CS3
    2008-01-04 01:39 . 2008-01-04 01:39 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-01-04 01:31 . 2008-01-04 01:31 <DIR> d-------- C:\Program Files\avg anti root
    2008-01-04 01:17 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
    2008-01-02 13:43 . 2008-01-02 13:43 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-01-01 22:42 . 2008-01-01 22:42 0 --a------ C:\WINDOWS\nsreg.dat
    2008-01-01 22:41 . 2008-01-01 22:42 <DIR> d-------- C:\Program Files\firefox
    2008-01-01 13:08 . 2008-01-01 13:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-01-01 13:08 . 2008-01-01 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-31 14:01 . 2007-12-31 14:01 1,484,544 --a------ C:\Program Files\ComboFix.exe
    2007-12-31 02:13 . 2007-12-31 02:13 <DIR> d-------- C:\Program Files\Trend Micro
    2007-12-31 02:12 . 2007-12-31 02:12 <DIR> d-------- C:\Program Files\HJTInstall
    2007-12-30 18:31 . 2007-12-30 18:31 <DIR> d-------- C:\Program Files\Lavasoft
    2007-12-30 18:31 . 2007-12-30 18:31 2,855,080 --a------ C:\Program Files\aawsepersonal.exe
    2007-12-30 01:35 . 2007-12-30 01:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-30 01:35 . 2008-01-01 21:52 <DIR> d-------- C:\Documents and Settings\[email protected]\Application Data\AVG7
    2007-12-30 01:34 . 2007-12-30 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-29 22:23 . 2007-12-29 22:23 <DIR> d-------- C:\Documents and Settings\[email protected]\Application Data\Grisoft
    2007-12-29 22:23 . 2007-12-30 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-29 22:23 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-28 21:39 . 2007-12-28 21:39 <DIR> d-------- C:\Program Files\ToniArts
    2007-12-28 13:16 . 19,584 C:\WINDOWS\system32\drivers\wixonxsv.dat
    2007-12-28 13:14 . 2005-07-26 05:36 84,992 --a------ C:\WINDOWS\system32\catsrvutr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-04 21:09 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\uTorrent
    2008-01-04 12:09 --------- d-----w C:\Program Files\Paint Shop Pro 7.0 - Full
    2008-01-03 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-01 11:54 388 ----a-w C:\Program Files\cfscript.txt
    2007-12-30 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-30 17:32 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\Lavasoft
    2007-12-30 00:06 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-12-29 23:03 --------- d-----w C:\Program Files\Jasc Software Inc
    2007-12-28 21:07 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\Azureus
    2007-12-28 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-04 17:45 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\dvdcss
    2007-11-28 22:23 --------- d-----w C:\Program Files\Mediafour
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-04 19:46 921,632 ----a-w C:\PA7311.DAT
    2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-08-12 08:20 6,274,206 -c--a-w C:\Program Files\BitTorrent-5.0.8.exe
    2007-08-11 16:41 9,679,815 -c--a-w C:\Program Files\vlc-0.8.6c-win32.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2700E4F-1A3A-4FDA-ACE4-86E35213ABC4}]
    2005-07-26 05:36 84992 --a------ C:\WINDOWS\system32\catsrvutr.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:47 65536]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 14:21 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 16:32 761945]
    "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 21:13 1589248]
    "TPSMain"="TPSMain.exe" [2005-08-03 15:49 266240 C:\WINDOWS\system32\TPSMain.exe]
    "NDSTray.exe"="NDSTray.exe"
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 13:28 118784]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2006-02-09 10:50 1077329]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 22:40 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
    "DXDllRegExe"="dxdllreg.exe"
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 01:34 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 01:34 219136]

    C:\Documents and Settings\[email protected]\Menu Start\Programma's\Opstarten\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-04 16:00:31]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24]

    R0 mumnzgbo;mumnzgbo;C:\WINDOWS\system32\drivers\wixonxsv.dat
    R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 21:42]
    R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]
    R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
    S3 PAC7311;Trust Webcam 14839;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 10:48]

    *Newly Created Service* - PROCEXP90
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-06 20:27:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-06 20:28:03
    .
    2007-12-12 22:06:35 --- E O F ---


    Als ik het goed heb nu het cfscript over combofix.exe slepen en weer het logje plaatsen ?
    • Citaat

    Comment

    • #3
      Overigens: AVG geeft bij het openen van verkenner en bijv. hotmail (via internet explorer) het volgende aan:
      Trojan horse Generic9.AKAV. Geïnfecteerde bestand is windows\system32\catsrvutr.dll

      Ik krijg hier continu een melding van maar krijg het niet weg....

      Nu ik firefox gebruik heb ik geen last meer van bijv. de search-daily site.
      • Citaat

      Comment

      • #4
        Download de bijlage: CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.
        Bijgevoegde Bestanden
        • Citaat

        Comment

        • #5
          ComboFix 08-01-06.3 - [email protected] 2008-01-06 20:47:00.2 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.571 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\[email protected]\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\[email protected]\Bureaublad\cfscript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          C:\WINDOWS\system32\atmf.dll
          C:\WINDOWS\system32\drivers\ohdrrymx.dat
          C:\WINDOWS\system32\elsjedsbqhgbep.bmp
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
          .

          2008-01-05 20:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-05 00:04 . 2008-01-05 00:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2008-01-05 00:04 . 2008-01-05 00:04 1,409 --a------ C:\WINDOWS\QTFont.for
          2008-01-04 16:00 . 2008-01-04 16:01 <DIR> d-------- C:\Program Files\MagicDisc
          2008-01-04 16:00 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
          2008-01-04 15:48 . 2008-01-04 15:48 <DIR> d-------- C:\Program Files\VirtualDubMod
          2008-01-04 15:16 . 2008-01-06 20:33 <DIR> dr-h----- C:\Documents and Settings\[email protected]\Onlangs geopend
          2008-01-04 11:25 . 2008-01-04 11:25 <DIR> d-------- C:\Program Files\EasyCleaner
          2008-01-04 11:24 . 2008-01-04 11:26 <DIR> d-------- C:\Program Files\Adobe_Premiere_7.0
          2008-01-04 11:03 . 2008-01-04 11:03 <DIR> d-------- C:\WINDOWS\Cache
          2008-01-04 11:03 . 2008-01-04 11:03 <DIR> d-------- C:\Program Files\Your Company Name
          2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\User Documentation
          2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Training
          2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Third Party Products
          2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Registration
          2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Premiere Pro
          2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Customer Support
          2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\AutoPlay
          2008-01-04 10:59 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Andere Software
          2008-01-04 10:39 . 2008-01-04 16:34 <DIR> d-------- C:\Program Files\Adobe.Photoshop.CS3
          2008-01-04 10:23 . 2008-01-04 11:24 <DIR> d-------- C:\Program Files\MagicISO
          2008-01-04 10:02 . 2008-01-04 16:45 <DIR> d-------- C:\Program Files\Adobe_Premiere_Pro_CS3
          2008-01-04 01:39 . 2008-01-04 01:39 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
          2008-01-04 01:31 . 2008-01-04 01:31 <DIR> d-------- C:\Program Files\avg anti root
          2008-01-04 01:17 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
          2008-01-02 13:43 . 2008-01-02 13:43 1,158 --a------ C:\WINDOWS\mozver.dat
          2008-01-01 22:42 . 2008-01-01 22:42 0 --a------ C:\WINDOWS\nsreg.dat
          2008-01-01 22:41 . 2008-01-01 22:42 <DIR> d-------- C:\Program Files\firefox
          2008-01-01 13:08 . 2008-01-01 13:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
          2008-01-01 13:08 . 2008-01-01 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
          2007-12-31 14:01 . 2007-12-31 14:01 1,484,544 --a------ C:\Program Files\ComboFix.exe
          2007-12-31 02:13 . 2007-12-31 02:13 <DIR> d-------- C:\Program Files\Trend Micro
          2007-12-31 02:12 . 2007-12-31 02:12 <DIR> d-------- C:\Program Files\HJTInstall
          2007-12-30 18:31 . 2007-12-30 18:31 <DIR> d-------- C:\Program Files\Lavasoft
          2007-12-30 18:31 . 2007-12-30 18:31 2,855,080 --a------ C:\Program Files\aawsepersonal.exe
          2007-12-30 01:35 . 2007-12-30 01:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
          2007-12-30 01:35 . 2008-01-01 21:52 <DIR> d-------- C:\Documents and Settings\[email protected]\Application Data\AVG7
          2007-12-30 01:34 . 2007-12-30 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
          2007-12-29 22:23 . 2007-12-29 22:23 <DIR> d-------- C:\Documents and Settings\[email protected]\Application Data\Grisoft
          2007-12-29 22:23 . 2007-12-30 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2007-12-29 22:23 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
          2007-12-28 21:39 . 2007-12-28 21:39 <DIR> d-------- C:\Program Files\ToniArts
          2007-12-28 13:16 . 19,584 C:\WINDOWS\system32\drivers\wixonxsv.dat
          2007-12-28 13:14 . 2005-07-26 05:36 84,992 --a------ C:\WINDOWS\system32\catsrvutr.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-04 21:09 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\uTorrent
          2008-01-04 12:09 --------- d-----w C:\Program Files\Paint Shop Pro 7.0 - Full
          2008-01-03 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2008-01-01 11:54 388 ----a-w C:\Program Files\cfscript.txt
          2007-12-30 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-30 17:32 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\Lavasoft
          2007-12-30 00:06 --------- d-----w C:\Program Files\Windows Media Connect 2
          2007-12-29 23:03 --------- d-----w C:\Program Files\Jasc Software Inc
          2007-12-28 21:07 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\Azureus
          2007-12-28 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-04 17:45 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\dvdcss
          2007-11-28 22:23 --------- d-----w C:\Program Files\Mediafour
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-04 19:46 921,632 ----a-w C:\PA7311.DAT
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-08-12 08:20 6,274,206 -c--a-w C:\Program Files\BitTorrent-5.0.8.exe
          2007-08-11 16:41 9,679,815 -c--a-w C:\Program Files\vlc-0.8.6c-win32.exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2700E4F-1A3A-4FDA-ACE4-86E35213ABC4}]
          2005-07-26 05:36 84992 --a------ C:\WINDOWS\system32\catsrvutr.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
          "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:47 65536]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
          "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
          "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
          "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 14:21 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
          "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 16:32 761945]
          "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 21:13 1589248]
          "TPSMain"="TPSMain.exe" [2005-08-03 15:49 266240 C:\WINDOWS\system32\TPSMain.exe]
          "NDSTray.exe"="NDSTray.exe"
          "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 13:28 118784]
          "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2006-02-09 10:50 1077329]
          "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
          "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
          "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
          "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 22:40 155648]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
          "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
          "DXDllRegExe"="dxdllreg.exe"
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 01:34 579072]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 01:34 219136]

          C:\Documents and Settings\[email protected]\Menu Start\Programma's\Opstarten\
          MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-04 16:00:31]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24]

          R0 mumnzgbo;mumnzgbo;C:\WINDOWS\system32\drivers\wixonxsv.dat
          R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 21:42]
          R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]
          R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
          S3 PAC7311;Trust Webcam 14839;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 10:48]

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-06 20:50:10
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          HKCU\Software\Microsoft\Windows\CurrentVersion\Run
          MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-06 20:51:02
          ComboFix2.txt 2008-01-06 19:28:04
          .
          2007-12-12 22:06:35 --- E O F ---
          • Citaat

          Comment

          • #6
            cfscript.txt‎ (206 Bytes, 0x gelezen)
            Je moet wel doen wat ik zeg, je hebt blijkbaar cfscript.txt van een ander topic gedownload en dat gaat natuurlijk niet werken

            Probeer het nog maar een keer met het bestandje uit mijn vorige post
            • Citaat

            Comment

            • #7
              Klopt, bij deze de juiste:

              ComboFix 08-01-06.3 - [email protected] 2008-01-07 0:32:35.3 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.469 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\[email protected]\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\[email protected]\Bureaublad\cfscript.txt
              * Nieuw herstelpunt werd aangemaakt

              FILE
              C:\WINDOWS\system32\catsrvutr.dll
              C:\WINDOWS\system32\drivers\wixonxsv.dat
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\WINDOWS\system32\catsrvutr.dll
              C:\WINDOWS\system32\drivers\wixonxsv.dat

              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

              .
              -------\LEGACY_MUMNZGBO
              -------\mumnzgbo


              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
              .

              2008-01-05 20:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
              2008-01-05 00:04 . 2008-01-05 00:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2008-01-05 00:04 . 2008-01-05 00:04 1,409 --a------ C:\WINDOWS\QTFont.for
              2008-01-04 16:00 . 2008-01-04 16:01 <DIR> d-------- C:\Program Files\MagicDisc
              2008-01-04 16:00 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
              2008-01-04 15:48 . 2008-01-04 15:48 <DIR> d-------- C:\Program Files\VirtualDubMod
              2008-01-04 15:16 . 2008-01-07 00:31 <DIR> dr-h----- C:\Documents and Settings\[email protected]\Onlangs geopend
              2008-01-04 11:25 . 2008-01-04 11:25 <DIR> d-------- C:\Program Files\EasyCleaner
              2008-01-04 11:24 . 2008-01-04 11:26 <DIR> d-------- C:\Program Files\Adobe_Premiere_7.0
              2008-01-04 11:03 . 2008-01-04 11:03 <DIR> d-------- C:\WINDOWS\Cache
              2008-01-04 11:03 . 2008-01-04 11:03 <DIR> d-------- C:\Program Files\Your Company Name
              2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\User Documentation
              2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Training
              2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Third Party Products
              2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Registration
              2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Premiere Pro
              2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Customer Support
              2008-01-04 11:00 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\AutoPlay
              2008-01-04 10:59 . 2008-01-04 11:00 <DIR> d-------- C:\Program Files\Andere Software
              2008-01-04 10:39 . 2008-01-04 16:34 <DIR> d-------- C:\Program Files\Adobe.Photoshop.CS3
              2008-01-04 10:23 . 2008-01-04 11:24 <DIR> d-------- C:\Program Files\MagicISO
              2008-01-04 10:02 . 2008-01-04 16:45 <DIR> d-------- C:\Program Files\Adobe_Premiere_Pro_CS3
              2008-01-04 01:39 . 2008-01-04 01:39 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
              2008-01-04 01:31 . 2008-01-04 01:31 <DIR> d-------- C:\Program Files\avg anti root
              2008-01-04 01:17 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
              2008-01-02 13:43 . 2008-01-02 13:43 1,158 --a------ C:\WINDOWS\mozver.dat
              2008-01-01 22:42 . 2008-01-01 22:42 0 --a------ C:\WINDOWS\nsreg.dat
              2008-01-01 22:41 . 2008-01-01 22:42 <DIR> d-------- C:\Program Files\firefox
              2008-01-01 13:08 . 2008-01-01 13:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
              2008-01-01 13:08 . 2008-01-01 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
              2007-12-31 14:01 . 2007-12-31 14:01 1,484,544 --a------ C:\Program Files\ComboFix.exe
              2007-12-31 02:13 . 2007-12-31 02:13 <DIR> d-------- C:\Program Files\Trend Micro
              2007-12-31 02:12 . 2007-12-31 02:12 <DIR> d-------- C:\Program Files\HJTInstall
              2007-12-30 18:31 . 2007-12-30 18:31 <DIR> d-------- C:\Program Files\Lavasoft
              2007-12-30 18:31 . 2007-12-30 18:31 2,855,080 --a------ C:\Program Files\aawsepersonal.exe
              2007-12-30 01:35 . 2007-12-30 01:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
              2007-12-30 01:35 . 2008-01-01 21:52 <DIR> d-------- C:\Documents and Settings\[email protected]\Application Data\AVG7
              2007-12-30 01:34 . 2007-12-30 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
              2007-12-29 22:23 . 2007-12-29 22:23 <DIR> d-------- C:\Documents and Settings\[email protected]\Application Data\Grisoft
              2007-12-29 22:23 . 2007-12-30 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2007-12-29 22:23 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
              2007-12-28 21:39 . 2007-12-28 21:39 <DIR> d-------- C:\Program Files\ToniArts

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-06 23:35 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\uTorrent
              2008-01-04 12:09 --------- d-----w C:\Program Files\Paint Shop Pro 7.0 - Full
              2008-01-03 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
              2008-01-01 11:54 388 ----a-w C:\Program Files\cfscript.txt
              2007-12-30 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2007-12-30 17:32 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\Lavasoft
              2007-12-30 00:06 --------- d-----w C:\Program Files\Windows Media Connect 2
              2007-12-29 23:03 --------- d-----w C:\Program Files\Jasc Software Inc
              2007-12-28 21:07 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\Azureus
              2007-12-28 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2007-12-04 17:45 --------- d-----w C:\Documents and Settings\[email protected]\Application Data\dvdcss
              2007-11-28 22:23 --------- d-----w C:\Program Files\Mediafour
              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
              2007-11-04 19:46 921,632 ----a-w C:\PA7311.DAT
              2007-08-12 08:20 6,274,206 -c--a-w C:\Program Files\BitTorrent-5.0.8.exe
              2007-08-11 16:41 9,679,815 -c--a-w C:\Program Files\vlc-0.8.6c-win32.exe
              .

              ((((((((((((((((((((((((((((( [email protected]_20.27.21,71 )))))))))))))))))))))))))))))))))))))))))
              .
              + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
              "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:47 65536]
              "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
              "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
              "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
              "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 14:21 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
              "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 16:32 761945]
              "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 21:13 1589248]
              "TPSMain"="TPSMain.exe" [2005-08-03 15:49 266240 C:\WINDOWS\system32\TPSMain.exe]
              "NDSTray.exe"="NDSTray.exe"
              "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 13:28 118784]
              "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2006-02-09 10:50 1077329]
              "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
              "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
              "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
              "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
              "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 22:40 155648]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
              "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
              "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
              "DXDllRegExe"="dxdllreg.exe"
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 01:34 579072]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 01:34 219136]

              C:\Documents and Settings\[email protected]\Menu Start\Programma's\Opstarten\
              MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-04 16:00:31]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24]

              R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 21:42]
              R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]
              R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
              S3 PAC7311;Trust Webcam 14839;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 10:48]

              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-01-07 00:39:53
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              HKCU\Software\Microsoft\Windows\CurrentVersion\Run
              MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2008-01-07 0:42:29 - machine was rebooted
              ComboFix-quarantined-files.txt 2008-01-06 23:42:00
              ComboFix2.txt 2008-01-06 19:51:03
              ComboFix3.txt 2008-01-06 19:28:04
              .
              2007-12-12 22:06:35 --- E O F ---
              • Citaat

              Comment

              • #8
                Verwijder de volgende map:
                C:\Qoobox

                Maak dan je prullenbak leeg.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Zijn alle problemen nu voorbij?
                • Citaat

                Comment

                • #9
                  Ongelooflijk hij is weer clean
                  Super bedankt!!
                  • Citaat

                  Comment

                  • #10
                    Graag gedaan hoor
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X