Ga naar inhoud

alle nieuwe data verdwijnt.

acer73

Door acer73
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\inpirbui.sys

c:\windows\system32\drivers\njud.sys

c:\windows\system32\ConduitEngine.tmp

Driver::

zysfmrom

inpirbui

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
  • Reacties 38
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

acer73 Leerling

acer73

Geplaatst:
  • Auteur
Geplaatst:

hoop dat ik alles goed doe zo!

dit is het log wat eruit kwam..

ComboFix 11-07-12.04 - Rob 19-07-2011 13:57:51.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.452 [GMT 2:00]

Running from: c:\documents and settings\TEMP.ROBBERT\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\TEMP.ROBBERT\Desktop\CFScript.txt..txt

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

- REDUCED FUNCTIONALITY MODE -

.

FILE ::

"c:\windows\system32\ConduitEngine.tmp"

"c:\windows\system32\drivers\inpirbui.sys"

"c:\windows\system32\drivers\njud.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\ConduitEngine.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))

.

.

2011-07-19 11:20 . 2011-07-19 11:20 -------- d-----w- c:\program files\Reviversoft

2011-07-19 11:20 . 2011-05-17 12:51 16704 ----a-w- c:\windows\system32\roboot.exe

2011-07-19 06:29 . 2011-07-19 06:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys

2011-07-18 19:47 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\mpengine.dll

2011-07-18 18:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-18 18:51 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-18 18:51 . 2011-07-18 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- c:\program files\Trend Micro

2011-07-15 13:25 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-14 20:16 . 2011-07-14 20:16 1409 ----a-w- c:\windows\QTFont.for

2011-07-14 09:26 . 2011-07-14 09:27 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-14 09:03 . 2011-07-14 09:04 -------- d-----w- c:\documents and settings\TEMP

2011-07-14 08:57 . 2011-07-14 09:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-14 08:57 . 2011-07-14 09:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-14 08:57 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-07-14 08:57 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\program files\Avira

2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-07-14 07:57 . 2011-07-14 07:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

2011-07-14 07:53 . 2011-07-14 07:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2011-07-12 07:50 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-07-12 07:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

2011-07-12 07:41 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2011-07-12 07:31 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC3D1FB0-CBE7-4022-9A02-F2B82BEF5E44}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-07 15:55 . 2009-05-14 18:11 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2007-12-18 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856]

"Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [2011-05-17 1736000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]

"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]

"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-02 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720]

"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-01-01 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"gusvc"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"anbmService"=2 (0x2)

"VSS"=3 (0x3)

"ImapiService"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:TCP Port 135

"5000:TCP"= 5000:TCP:TCP Port 5000

"5001:TCP"= 5001:TCP:TCP Port 5001

"5002:TCP"= 5002:TCP:TCP Port 5002

"5003:TCP"= 5003:TCP:TCP Port 5003

"5004:TCP"= 5004:TCP:TCP Port 5004

"5005:TCP"= 5005:TCP:TCP Port 5005

"5006:TCP"= 5006:TCP:TCP Port 5006

"5007:TCP"= 5007:TCP:TCP Port 5007

"5008:TCP"= 5008:TCP:TCP Port 5008

"5009:TCP"= 5009:TCP:TCP Port 5009

"5010:TCP"= 5010:TCP:TCP Port 5010

"5011:TCP"= 5011:TCP:TCP Port 5011

"5012:TCP"= 5012:TCP:TCP Port 5012

"5013:TCP"= 5013:TCP:TCP Port 5013

"5014:TCP"= 5014:TCP:TCP Port 5014

"5015:TCP"= 5015:TCP:TCP Port 5015

"5016:TCP"= 5016:TCP:TCP Port 5016

"5017:TCP"= 5017:TCP:TCP Port 5017

"5018:TCP"= 5018:TCP:TCP Port 5018

"5019:TCP"= 5019:TCP:TCP Port 5019

"5020:TCP"= 5020:TCP:TCP Port 5020

.

R1 MpKsle511d34b;MpKsle511d34b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys [19-7-2011 8:29 28752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14-7-2011 10:57 136360]

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-7-2011 20:51 366640]

R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [4-11-2004 19:29 140288]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-7-2011 20:51 22712]

S0 zysfmrom;zysfmrom;c:\windows\system32\drivers\njud.sys --> c:\windows\system32\drivers\njud.sys [?]

S1 inpirbui;inpirbui;\??\c:\windows\system32\drivers\inpirbui.sys --> c:\windows\system32\drivers\inpirbui.sys [?]

S1 MpKsl391eed21;MpKsl391eed21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664]

S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14-3-2007 11:57 449024]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPFILTERDRIVER

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MBAMSERVICE

*NewlyCreated* - MPKSLE511D34B

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc21ea7d9468a6.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 13:40]

.

2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc21c077c16c.job

- c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 10:01]

.

2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc40e769f38cb6.job

- c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4200a05de7e6.job

- c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4228f5d67760.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc426b7f8f5cdc.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc44b5a04fb790.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4550b5511c56.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc45dec386b6c6.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-19 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-19 13:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-07-19 14:03:32

ComboFix-quarantined-files.txt 2011-07-19 12:03

ComboFix2.txt 2011-07-19 11:49

ComboFix3.txt 2011-07-19 09:18

.

Pre-Run: 9.001.283.584 bytes free

Post-Run: 8.986.345.472 bytes free

.

- - End Of File - - C12AC9BE1B54083AF21571DEC4DAD063

Link naar reactie
Delen op andere sites
acer73 Leerling

acer73

Geplaatst:
  • Auteur
Geplaatst:

Kape, is dit een uitzonderlijk probleem?

weet even niet wat ik moet doen.

hoop dat je me kan genezen!

ben me ervan bewust dat we nu best lang bezig zijn al.

ben vast niet de enige met problemen.

---------- Post toegevoegd om 16:44 ---------- Vorige post was om 16:39 ----------

zo ziet hijack er nu uit.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:44:25, on 19-7-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\PixArt\PAC7311\Monitor.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\acer\Wireless\Utility\WlanUtil.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\CTFMON.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--

End of file - 9358 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Combofix heeft niet helemaal correct gewerkt :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\inpirbui.sys

c:\windows\system32\drivers\njud.sys

Driver::

zysfmrom

inpirbui

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

P.S. : Let op dat je het bestand de correcte naam geeft CFScript.txt en niet CFScript.txt..txt (zoals je in je vorige scriptje hebt gedaan).

Link naar reactie
Delen op andere sites
acer73 Leerling

acer73

Geplaatst:
  • Auteur
Geplaatst:

uitkomst:

ComboFix 11-07-12.04 - Rob 19-07-2011 22:10:01.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.462 [GMT 2:00]

Running from: c:\documents and settings\TEMP.ROBBERT\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\TEMP.ROBBERT\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

- REDUCED FUNCTIONALITY MODE -

.

FILE ::

"c:\windows\system32\drivers\inpirbui.sys"

"c:\windows\system32\drivers\njud.sys"

.

.

((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))

.

.

2011-07-19 16:15 . 2011-07-19 16:15 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\MpKslf4020c74.sys

2011-07-19 16:14 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\mpengine.dll

2011-07-19 11:20 . 2011-07-19 11:20 -------- d-----w- c:\program files\Reviversoft

2011-07-19 11:20 . 2011-05-17 12:51 16704 ----a-w- c:\windows\system32\roboot.exe

2011-07-18 18:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-18 18:51 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-18 18:51 . 2011-07-18 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- c:\program files\Trend Micro

2011-07-15 13:25 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-14 20:16 . 2011-07-14 20:16 1409 ----a-w- c:\windows\QTFont.for

2011-07-14 09:26 . 2011-07-14 09:27 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-14 09:03 . 2011-07-14 09:04 -------- d-----w- c:\documents and settings\TEMP

2011-07-14 08:57 . 2011-07-14 09:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-14 08:57 . 2011-07-14 09:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-14 08:57 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-07-14 08:57 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\program files\Avira

2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-07-14 07:57 . 2011-07-14 07:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

2011-07-14 07:53 . 2011-07-14 07:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2011-07-12 07:50 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-07-12 07:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

2011-07-12 07:41 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2011-07-12 07:31 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC3D1FB0-CBE7-4022-9A02-F2B82BEF5E44}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-07 15:55 . 2009-05-14 18:11 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2007-12-18 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]

"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]

"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-02 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720]

"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-01-01 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"gusvc"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"anbmService"=2 (0x2)

"VSS"=3 (0x3)

"ImapiService"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:TCP Port 135

"5000:TCP"= 5000:TCP:TCP Port 5000

"5001:TCP"= 5001:TCP:TCP Port 5001

"5002:TCP"= 5002:TCP:TCP Port 5002

"5003:TCP"= 5003:TCP:TCP Port 5003

"5004:TCP"= 5004:TCP:TCP Port 5004

"5005:TCP"= 5005:TCP:TCP Port 5005

"5006:TCP"= 5006:TCP:TCP Port 5006

"5007:TCP"= 5007:TCP:TCP Port 5007

"5008:TCP"= 5008:TCP:TCP Port 5008

"5009:TCP"= 5009:TCP:TCP Port 5009

"5010:TCP"= 5010:TCP:TCP Port 5010

"5011:TCP"= 5011:TCP:TCP Port 5011

"5012:TCP"= 5012:TCP:TCP Port 5012

"5013:TCP"= 5013:TCP:TCP Port 5013

"5014:TCP"= 5014:TCP:TCP Port 5014

"5015:TCP"= 5015:TCP:TCP Port 5015

"5016:TCP"= 5016:TCP:TCP Port 5016

"5017:TCP"= 5017:TCP:TCP Port 5017

"5018:TCP"= 5018:TCP:TCP Port 5018

"5019:TCP"= 5019:TCP:TCP Port 5019

"5020:TCP"= 5020:TCP:TCP Port 5020

.

R1 MpKslf4020c74;MpKslf4020c74;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\MpKslf4020c74.sys [19-7-2011 18:15 28752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14-7-2011 10:57 136360]

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-7-2011 20:51 366640]

R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [4-11-2004 19:29 140288]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-7-2011 20:51 22712]

S0 zysfmrom;zysfmrom;c:\windows\system32\drivers\njud.sys --> c:\windows\system32\drivers\njud.sys [?]

S1 inpirbui;inpirbui;\??\c:\windows\system32\drivers\inpirbui.sys --> c:\windows\system32\drivers\inpirbui.sys [?]

S1 MpKsl391eed21;MpKsl391eed21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664]

S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14-3-2007 11:57 449024]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLF4020C74

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc21ea7d9468a6.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 13:40]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc21c077c16c.job

- c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 10:01]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc40e769f38cb6.job

- c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4200a05de7e6.job

- c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4228f5d67760.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc426b7f8f5cdc.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc44b5a04fb790.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4550b5511c56.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc45dec386b6c6.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003UA.job

- c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-19 22:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2744)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-07-19 22:18:25

ComboFix-quarantined-files.txt 2011-07-19 20:18

ComboFix2.txt 2011-07-19 12:03

ComboFix3.txt 2011-07-19 11:49

ComboFix4.txt 2011-07-19 09:18

.

Pre-Run: 9.578.541.056 bytes free

Post-Run: 9.569.624.064 bytes free

.

- - End Of File - - F031576398A239DA71FE15364462D20B

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download The Avenger en plaats het op je bureaublad.

Unzip het.

Start het programma door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Files to delete:

c:\windows\system32\drivers\inpirbui.sys

c:\windows\system32\drivers\njud.sys

Drivers to delete:

zysfmrom

inpirbui

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt). Post de inhoud van de logfile.

Link naar reactie
Delen op andere sites
acer73 Leerling

acer73

Geplaatst:
  • Auteur
Geplaatst:

Dit is het log van evenger, na het heropstarten van mn computer waren wederom een aantal zaken vd desktop verdwenen. :(

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "c:\windows\system32\drivers\inpirbui.sys" not found!

Deletion of file "c:\windows\system32\drivers\inpirbui.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\drivers\njud.sys" not found!

Deletion of file "c:\windows\system32\drivers\njud.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Driver "zysfmrom" deleted successfully.

Driver "inpirbui" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Link naar reactie
Delen op andere sites
acer73 Leerling

acer73

Geplaatst:
  • Auteur
Geplaatst:

deze blijft maar opkomen bij ccleaner.

Unused file extension {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79

Registry key HKCR/80b8c23c etc etc..

heb deze handmatig moeten overnemen hierboven copy c en copy v werkte niet.

heb combofix niet kunnen vinden.. op desktop was die al weer weggevaagd..

toen ik Qoobox intoetste kwamen daar ook files van combofix, die heb ik handmatig verwijderd. en vanuit de recyclebin ook verwijderd..

bij het opstarten vd computer verdwijnt googlechrome nog steeds en andere..???

pppfff :) tjesusnogantoe! :)

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.