Pagina 2 van 2 EersteEerste 12
Weergegeven resultaten: 11 t/m 12 van 12

Discussie: 100%

  1. 18 December 2008, 14:42 #11
    Keno
    Keno is offline
    Up-to-date  
    Geregistreerd
    5 December 2008
    Berichten
    17
    Bedankjes
    2
    Bedankt
    0 keer in 0 posts
    Hey

    Ik heb het eens laten lopen en nu deed hij precies iets anders
    Ik heb ook een logfile gemaakt

    ComboFix 08-12-11.04 - Koen 2008-12-18 13:18:56.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.1.1252.31.1043.18.268 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Koen\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Koen\Bureaublad\CFScript.txt

    FILE ::
    c:\windows\SYSTEM32\whkonck.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\SYSTEM32\whkonck.dll . . . . konden niet verwijderd worden

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-11-18 to 2008-12-18 ))))))))))))))))))))))))))))))
    .

    2008-12-10 13:39 . 2007-02-12 12:41 2,732,032 --a------ c:\windows\system32\Netw2r32.dll
    2008-12-10 13:39 . 2007-07-25 17:44 2,210,048 --a------ c:\windows\system32\drivers\w29n51.sys
    2008-12-10 13:39 . 2007-02-12 12:40 557,056 --a------ c:\windows\system32\Netw2c32.dll
    2008-12-08 21:27 . 2008-12-08 21:27 <DIR> d-------- c:\documents and settings\Koen\Application Data\Malwarebytes
    2008-12-08 21:26 . 2008-12-08 21:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-08 21:26 . 2008-12-08 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-08 21:26 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-08 21:26 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-05 23:46 . 2003-12-29 15:00 153,088 -ra------ c:\windows\system32\drivers\e100b325.sys
    2008-12-05 23:46 . 2003-12-29 15:00 153,088 --a--c--- c:\windows\system32\dllcache\e100b325.sys
    2008-12-05 23:46 . 2003-03-03 14:26 118,784 -ra------ c:\windows\system32\Prounstl.exe
    2008-12-05 23:46 . 2003-07-28 04:55 24,064 -ra------ c:\windows\system32\IntelNic.dll
    2008-12-05 23:46 . 2003-02-03 04:26 12,288 -ra------ c:\windows\system32\e100bmsg.dll
    2008-12-05 23:46 . 2002-06-27 04:53 5,110 -ra------ c:\windows\system32\e100b325.din
    2008-12-05 23:45 . 2004-01-02 01:52 1,646,720 -ra------ c:\windows\system32\drivers\w22n51.sys
    2008-12-05 15:48 . 2008-12-05 15:48 <DIR> d-------- c:\program files\Trend Micro
    2008-12-05 10:51 . 2008-12-05 10:51 <DIR> d-------- c:\windows\A6W_DATA
    2008-12-05 10:51 . 2008-12-05 10:51 11,613 --a------ c:\windows\Run32A60.mch
    2008-12-05 10:51 . 2008-12-05 10:51 87 --a------ c:\windows\Production and Operations Analysis.mh
    2008-12-05 10:51 . 2008-12-05 10:51 35 --a------ c:\windows\A6W.INI
    2008-11-30 15:40 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
    2008-11-29 17:43 . 2008-11-29 17:45 <DIR> d-------- c:\documents and settings\Koen\Application Data\RegTool
    2008-11-29 16:57 . 2003-11-16 08:33 344,064 --a------ c:\windows\system32\w22NCPA.dll
    2008-11-28 23:00 . 2008-12-18 13:16 <DIR> dr-h----- c:\documents and settings\Koen\Onlangs geopend

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2008-12-12 12:29 14,037 ----a-w c:\windows\system32\drivers\mdc8021x.sys
    2008-11-30 14:48 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-14 19:37 65,536 ----a-w c:\windows\DUMP27dc.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377B8674-8B07-4731-929F-C388B0166C6A}]
    2003-04-08 12:00 105472 --a------ c:\windows\system32\whkonck.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC7D59E2-08A5-49E1-A7AE-4D913330C6D1}]
    c:\docume~1\Koen\LOCALS~1\Temp\dmE.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2003-04-08 13312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
    "00THotkey"="c:\windows\System32\00THotkey.exe" [2004-03-29 10:36 253952]
    "SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe" [2003-08-03 86073]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
    "PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe " [2003-12-10 86016]
    "000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 c:\windows\system32\000StTHK.exe]
    "TPSMain"="TPSMain.exe" [2004-04-01 c:\windows\system32\TPSMain.exe]
    "TFncKy"="TFncKy.exe" [BU]
    "TFNF5"="TFNF5.exe" [2003-12-02 c:\windows\system32\TFNF5.exe]
    "NDSTray.exe"="NDSTray.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-08 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    2003-12-16 16:49 110592 c:\windows\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vklcjrfi]
    2003-04-08 12:00 105472 c:\windows\system32\whkonck.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    --a------ 2003-10-30 15:46 192512 c:\program files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2003-04-08 12:00 13312 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ---h----- 2002-08-20 14:08 1511453 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
    --a------ 2004-02-12 10:42 1019904 c:\program files\Toshiba\PadTouch\PadExe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    --a------ 2004-03-30 12:13 118784 c:\program files\Toshiba\TOSHIBA-zoomutility\SmoothView.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-10-12 02:10 49263 c:\program files\Java\jre1.5.0_09\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    --a------ 2003-09-15 16:13 65536 c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
    --a------ 2003-03-11 12:55 122880 c:\program files\Toshiba\TouchED\TouchED.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "WebClient"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "TapiSrv"=3 (0x3)
    "Schedule"=2 (0x2)
    "SCardDrv"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "Messenger"=2 (0x2)
    "helpsvc"=2 (0x2)
    "CCALib8"=2 (0x2)
    "BITS"=2 (0x2)
    "Autodesk Licensing Service"=3 (0x3)
    "aawservice"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    R0 mvqttwxg;mvqttwxg;c:\windows\System32\drivers\mvqt twxg.sys [2004-04-20 23424]
    S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2005-04-17 124608]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    bpjwpzni

    *Newly Created Service* - CATCHME
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = about:blank
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\program files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe

    c:\windows\Downloaded Program Files\CONFLICT.1\AgentInstaller.dll - O16 -: {89869334-AA13-489A-9A07-2BA062714A29}
    hxxp://img.lnm.eu/be.lnm.eu/client/en/MessengerInstaller.cab

    c:\windows\Downloaded Program Files\AgentInstaller.dll - O16 -: {C9A703E2-3145-11D8-813C-005022E14DE2}
    hxxp://img.lnm.eu/be.lnm.eu/client/LNMClientInstaller.cab
    FF - ProfilePath - c:\documents and settings\Koen\Application Data\Mozilla\Firefox\Profiles\xlgx64m3.default\
    FF - prefs.js: browser.startup.homepage - hxxps://cas.kuleuven.be/cas/login?service=https%3A%2F%2Fidp.kuleuven.be%2Fshib boleth-idp%2FSSO%3Bjsessionid%3D5461CB888E4C4FFD4104C4808 FB4CA5E%3Fshire%3Dhttps%253A%252F%252Fcygnus.cc.ku leuven.be%252FShibboleth.sso%252FSAML%252FArtifact %26time%3D1225970665%26target%3Dcookie%26providerI d%3Dhttps%253A%252F%252Fcygnus.cc.kuleuven.be
    FF - plugin: c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
    FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
    .

    ************************************************** ************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-18 13:25:21
    Windows 5.1.2600 Service Pack 1 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    ************************************************** ************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(624)
    c:\windows\System32\ODBC32.dll
    c:\windows\System32\LgNotify.dll

    - - - - - - - > 'lsass.exe'(680)
    c:\windows\System32\dssenh.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\S24EvMon.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\windows\system32\ZCfgSvc.exe
    c:\windows\system32\1XConfig.exe
    c:\program files\Toshiba\ConfigFree\CFSvcs.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\flexnet\i486_nt\obj\lmgrd.exe
    c:\program files\flexnet\i486_nt\obj\lmgrd.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\RegSrvc.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\flexnet\i486_nt\obj\ptc_d.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
    c:\windows\system32\TPSBattM.exe
    c:\program files\Toshiba\ConfigFree\NDSTray.exe
    c:\program files\Apoint2K\ApntEx.exe
    .
    ************************************************** ************************
    .
    Voltooingstijd: 2008-12-18 13:34:32 - machine werd herstart
    ComboFix-quarantined-files.txt 2008-12-18 12:34:28
    ComboFix2.txt 2008-12-16 12:27:22
    ComboFix3.txt 2008-12-12 10:31:20

    Pre-Run: 19.371.077.632 bytes beschikbaar
    Post-Run: 19,361,017,856 bytes beschikbaar

    187

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:37:22, on 18/12/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
    C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\flexnet\i486_nt\obj\ptc_d.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    C:\WINDOWS\System32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\TPSBattM.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {377B8674-8B07-4731-929F-C388B0166C6A} - c:\windows\system32\whkonck.dll
    O2 - BHO: (no name) - {BC7D59E2-08A5-49E1-A7AE-4D913330C6D1} - C:\DOCUME~1\Koen\LOCALS~1\Temp\dmE.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
    O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1217940603837
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1217942351860
    O16 - DPF: {89869334-AA13-489A-9A07-2BA062714A29} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/e...rInstaller.cab
    O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/L...tInstaller.cab
    O20 - Winlogon Notify: vklcjrfi - C:\WINDOWS\SYSTEM32\whkonck.dll
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 6392 bytes

    Groetjes
  2. 20 December 2008, 09:46 #12
    Rosty
    Rosty is offline
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.207
    Bedankt
    2.706 keer in 1.759 posts
    Hoi,

    open HijackThis, klik op do a scan only en vink volgende regels aan:

    O2 - BHO: (no name) - {377B8674-8B07-4731-929F-C388B0166C6A} - c:\windows\system32\whkonck.dll
    O2 - BHO: (no name) - {BC7D59E2-08A5-49E1-A7AE-4D913330C6D1} - C:\DOCUME~1\Koen\LOCALS~1\Temp\dmE.dll (file missing)
    O20 - Winlogon Notify: vklcjrfi - C:\WINDOWS\SYSTEM32\whkonck.dll

    Sluit alle open vensters, behalve Hijackthis, en klik op Fix Checked. Sluit HijackThis.

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


    • File::
      c:\windows\system32\whkonck.dll

      Folder::
      c:\docume~1\Koen\LOCALS~1\Temp\dmE.dll

      Registry::
      [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377B8674-8B07-4731-929F-C388B0166C6A}]
      [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC7D59E2-08A5-49E1-A7AE-4D913330C6D1}]
      [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vklcjrfi]

    Sla dit op op je Bureaublad als CFScript .

    Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :




    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de Combofix.txt in je volgende antwoord.
« Vorige discussie | Volgende discussie »

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •  

Forumregels