Ga naar inhoud

Trage PC


Riban

Aanbevolen berichten

Verwijder eerst de huidige versie van Combofix via Start -> Uitvoeren -> typ combofix /u Download opnieuw Combofix naar het bureaublad, maar wijzig bij het downloaden de naam van Combofix naar bvb Combo-Fix ... en probeer dan eens of scannen dan wel lukt ?

Link naar reactie
Delen op andere sites

  • Reacties 24
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

na lang suggelen is het het toch gelukt :) hier de log

ComboFix 09-04-29.07 - Robin 30/04/2009 17:19.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.415 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Robin\Mijn documenten\Combo--Fix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

AV: F-Secure Anti-Virus 5.44 *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Robin\Application Data\inst.exe

c:\program files\ThunMail

c:\program files\ThunMail\testabd.dll

c:\program files\ThunMail\testabd.exe

c:\windows\system32\abimapid.ini

c:\windows\system32\amesames.ini

c:\windows\system32\asitelig.ini

c:\windows\system32\comsa32.sys

c:\windows\system32\dpcxool64.sys

c:\windows\system32\efekolis.ini

c:\windows\system32\ejudobuv.ini

c:\windows\system32\enuzewev.ini

c:\windows\system32\ezozevub.ini

c:\windows\system32\i***ajuf.ini

c:\windows\system32\ikovoyeh.ini

c:\windows\system32\ilalelof.ini

c:\windows\system32\ilunigif.ini

c:\windows\system32\iwuwopay.ini

c:\windows\system32\omasegih.ini

c:\windows\system32\ovupoyos.ini

c:\windows\system32\sopidkc.exe

c:\windows\system32\ujifutov.ini

c:\windows\system32\utuhekeb.ini

c:\windows\system32\uzupekil.ini

c:\windows\system32\userinit.exe . . . est infectee!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_protect

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-4-30 ))))))))))))))))))))))))))))))

.

2009-04-29 18:25 . 2009-04-29 18:25 -------- d-----w c:\program files\iPod

2009-04-29 18:25 . 2009-04-29 18:26 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-29 18:25 . 2009-04-29 18:26 -------- d-----w c:\program files\iTunes

2009-04-29 18:22 . 2009-04-29 18:22 -------- d-----w c:\program files\Bonjour

2009-04-29 11:05 . 2009-04-29 19:28 -------- d--h--r c:\documents and settings\Robin\Onlangs geopend

2009-04-29 05:47 . 2009-04-28 23:34 246272 ----a-w c:\windows\system32\tpsaxyd.exe

2009-04-28 19:46 . 2009-04-28 19:46 -------- d-----w c:\program files\AskBardis

2009-04-28 16:33 . 2009-04-28 16:33 -------- d-----w c:\documents and settings\Robin\Application Data\Malwarebytes

2009-04-28 16:33 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-28 16:33 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-28 16:33 . 2009-04-28 16:33 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-28 16:32 . 2009-04-28 16:33 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-28 16:18 . 2009-04-28 16:18 -------- d-----w c:\program files\Any Password

2009-04-28 16:00 . 2009-04-28 16:00 -------- d-----w c:\program files\Toddler Keys

2009-04-28 15:37 . 2009-04-28 15:38 -------- d-----w C:\pebuilder3110a

2009-04-27 19:42 . 2009-04-27 19:42 -------- d-----w c:\program files\Trend Micro

2009-04-27 17:21 . 2009-04-27 17:21 -------- d-----w c:\program files\DIFX

2009-04-27 17:17 . 2009-04-27 17:19 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-04-27 15:32 . 2009-04-27 17:43 -------- d-----w c:\documents and settings\Robin\Application Data\BitTorrent

2009-04-27 15:31 . 2009-04-27 15:31 -------- d-----w c:\documents and settings\Robin\Local Settings\Application Data\DNA

2009-04-27 15:31 . 2009-04-30 15:25 -------- d-----w c:\program files\DNA

2009-04-27 15:31 . 2009-04-30 15:25 -------- d-----w c:\documents and settings\Robin\Application Data\DNA

2009-04-27 15:31 . 2009-04-27 15:32 -------- d-----w c:\program files\BitTorrent

2009-04-27 05:51 . 2009-04-27 05:51 -------- d-----r c:\documents and settings\LocalService\Favorieten

2009-04-27 05:49 . 2009-04-28 16:47 -------- d-----w c:\windows\system32\3361

2009-04-27 05:49 . 2009-04-28 16:47 -------- d-----w c:\windows\dhcp

2009-04-25 12:22 . 2009-04-25 12:22 74620 ---ha-w c:\windows\system32\mlfcache.dat

2009-04-23 19:19 . 2009-04-23 19:19 -------- d-----w c:\documents and settings\Robin\Application Data\National Instruments

2009-04-23 17:37 . 2009-04-23 17:41 -------- d-----w c:\documents and settings\All Users\Application Data\National Instruments

2009-04-23 17:37 . 2009-04-23 17:37 -------- d-----w c:\windows\system32\cvirte

2009-04-23 17:37 . 2009-04-23 17:40 -------- d-----w c:\program files\Common Files\Merge Modules

2009-04-23 17:36 . 2009-04-23 17:42 -------- d-----w c:\program files\National Instruments

2009-04-20 15:07 . 2009-04-20 15:18 -------- d-----w c:\documents and settings\Robin\Application Data\Xilisoft Corporation

2009-04-20 14:58 . 2009-04-20 15:16 -------- d-----w c:\program files\Xilisoft

2009-04-17 10:51 . 2009-04-17 10:51 1 ----a-w c:\windows\system32\SysDVDtoavi.dat

2009-04-17 10:35 . 2009-04-17 10:35 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2009-04-17 10:35 . 2009-04-26 15:36 47360 ----a-w c:\documents and settings\Robin\Application Data\pcouffin.sys

2009-04-17 10:35 . 2009-04-26 15:36 -------- d-----w c:\documents and settings\Robin\Application Data\Vso

2009-04-12 18:13 . 2009-04-26 15:34 -------- d-----w c:\documents and settings\Robin\Application Data\Any Video Converter

2009-04-12 17:39 . 2009-04-12 17:39 -------- d-----w c:\program files\Red Kawa

2009-04-05 12:12 . 2009-04-05 12:12 -------- d-----w c:\program files\AVSMedia

2009-04-05 11:07 . 2009-04-05 11:07 -------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-30 14:42 . 2009-04-30 14:42 61440 ----a-w c:\windows\system32\F.tmp

2009-04-30 14:42 . 2009-04-30 14:42 0 ----a-w c:\windows\system32\B.tmp

2009-04-30 14:42 . 2009-04-30 14:42 0 ----a-w c:\windows\system32\7.tmp

2009-04-30 14:42 . 2009-04-30 14:42 176 ----a-w c:\windows\system32\5.tmp

2009-04-30 05:47 . 2009-04-30 05:47 61440 ----a-w c:\windows\system32\1F.tmp

2009-04-30 05:47 . 2009-04-30 05:47 0 ----a-w c:\windows\system32\1E.tmp

2009-04-30 05:47 . 2009-04-30 05:47 124 ----a-w c:\windows\system32\19.tmp

2009-04-29 18:25 . 2008-10-06 19:42 -------- d-----w c:\program files\Common Files\Apple

2009-04-29 17:09 . 2009-01-27 15:30 34 ----a-w c:\documents and settings\Robin\jagex_runescape_preferences.dat

2009-04-29 17:06 . 2009-04-29 17:06 61440 ----a-w c:\windows\system32\17.tmp

2009-04-29 17:06 . 2009-04-29 17:06 19420 ----a-w c:\windows\system32\16.tmp

2009-04-29 17:06 . 2009-04-29 17:05 124 ----a-w c:\windows\system32\14.tmp

2009-04-29 15:45 . 2009-03-29 14:46 93696 ----a-w c:\windows\ST6UNST.EXE

2009-04-29 13:43 . 2009-04-29 13:43 61440 ----a-w c:\windows\system32\A4.tmp

2009-04-29 13:43 . 2009-04-29 13:43 19420 ----a-w c:\windows\system32\91.tmp

2009-04-29 13:43 . 2009-04-29 13:42 124 ----a-w c:\windows\system32\32.tmp

2009-04-29 10:24 . 2009-04-29 10:24 61440 ----a-w c:\windows\system32\44.tmp

2009-04-29 10:24 . 2009-04-29 10:24 19420 ----a-w c:\windows\system32\43.tmp

2009-04-29 10:24 . 2009-04-29 10:24 124 ----a-w c:\windows\system32\40.tmp

2009-04-28 05:45 . 2009-02-23 20:01 -------- d-----w c:\program files\steam

2009-04-28 05:45 . 2009-04-28 05:45 61440 ----a-w c:\windows\system32\12.tmp

2009-04-28 05:44 . 2009-04-28 05:44 153088 ----a-w c:\windows\system32\10.tmp

2009-04-27 18:10 . 2009-04-27 18:10 0 ----a-w c:\windows\system32\F3.tmp

2009-04-27 18:09 . 2009-04-27 18:09 0 ----a-w c:\windows\system32\F1.tmp

2009-04-27 18:09 . 2009-04-27 18:09 124 ----a-w c:\windows\system32\EF.tmp

2009-04-27 17:22 . 2009-01-09 16:24 -------- d-----w c:\program files\Matrix Multimedia

2009-04-27 05:47 . 2009-04-27 05:47 61440 ----a-w c:\windows\system32\143.tmp

2009-04-27 05:47 . 2009-04-27 05:47 153088 ----a-w c:\windows\system32\141.tmp

2009-04-27 05:47 . 2009-04-27 05:47 124 ----a-w c:\windows\system32\140.tmp

2009-04-26 15:47 . 2008-10-20 18:12 -------- d-----w c:\program files\Sony Ericsson

2009-04-26 15:45 . 2008-09-16 19:01 -------- d-----w c:\program files\Common Files\Real

2009-04-26 15:42 . 2008-11-13 20:33 -------- d-----w c:\program files\MSN Messenger

2009-04-26 15:41 . 2008-09-16 19:20 -------- d-----w c:\program files\Common Files\DVDVideoSoft

2009-04-26 12:34 . 2009-04-26 12:34 0 ----a-w c:\windows\system32\2F1.tmp

2009-04-26 12:34 . 2009-04-26 12:34 61440 ----a-w c:\windows\system32\2F0.tmp

2009-04-26 12:34 . 2009-04-26 12:34 152064 ----a-w c:\windows\system32\2EB.tmp

2009-04-26 12:34 . 2009-04-26 12:34 124 ----a-w c:\windows\system32\2EA.tmp

2009-04-24 05:58 . 2008-11-23 14:31 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-04-18 10:40 . 2008-09-13 09:34 -------- d-----w c:\program files\Windows Live Safety Center

2009-04-02 12:01 . 2004-08-04 12:00 77862 ----a-w c:\windows\system32\perfc013.dat

2009-04-02 12:01 . 2004-08-04 12:00 458884 ----a-w c:\windows\system32\perfh013.dat

2009-03-26 12:04 . 2009-03-22 19:20 -------- d-----w c:\program files\AVS4YOU

2009-03-26 12:04 . 2008-09-24 16:41 -------- d-----w c:\program files\Common Files\AVSMedia

2009-03-24 15:20 . 2009-03-24 15:20 -------- d-----w c:\program files\Microsoft Silverlight

2009-03-19 17:00 . 2008-09-09 20:16 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-19 14:32 . 2008-11-20 16:48 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-18 20:00 . 2009-03-18 19:55 -------- d-----w c:\program files\QuickTime

2009-03-18 19:23 . 2009-03-18 19:21 -------- d-----w c:\program files\Safari

2009-02-22 10:44 . 2009-02-22 10:40 5068152 ----a-w c:\windows\system32\SpoonUninstall.exe

2009-02-06 20:26 . 2008-09-10 18:38 105160 ----a-w c:\documents and settings\Robin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-02-06 20:13 . 2009-02-06 20:13 -------- d-----w c:\windows\Fonts\Fonts

2009-02-06 20:10 . 2009-02-06 20:10 9464 ------w c:\windows\system32\drivers\cdralw2k.sys

2009-02-06 20:10 . 2009-02-06 20:10 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys

2009-02-06 20:10 . 2009-02-06 20:10 129784 ------w c:\windows\system32\pxafs.dll

2009-02-06 20:10 . 2009-02-06 20:10 43528 ------w c:\windows\system32\drivers\PxHelp20.sys

2009-02-06 20:10 . 2009-02-06 20:10 116472 ------w c:\windows\system32\pxcpyi64.exe

2009-02-06 20:10 . 2009-02-06 20:10 118520 ------w c:\windows\system32\pxinsi64.exe

2009-02-04 19:59 . 2009-02-04 19:59 603904 ----a-w c:\windows\system32\TUProgSt.exe

2009-02-04 19:58 . 2009-02-04 19:58 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe

2009-02-04 19:32 . 2009-01-08 18:25 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-02-04 19:32 . 2009-01-08 18:25 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-04 19:31 . 2009-01-08 18:25 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2007-02-08 08:48 . 2007-02-08 08:48 133920 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll

.

------- Sigcheck -------

[-] 2004-08-04 12:00 14336 2311BA2AB63FCF5DC89D464246527FBB c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 17:03 14336 C0CCDA36C3AF54121BA75C9CE2F5F377 c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2008-04-14 17:03 34816 E4B4F774CA2A161C5F182E3FA2531572 c:\windows\system32\svchost.exe

[-] 2008-04-14 17:02 1057792 6366B4EE138FDEC718FBD3A611CF874B c:\windows\explorer.exe

[-] 2004-08-04 12:00 1035776 9D80DD3378805A1B6433D51674F15EE6 c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 17:02 1037312 F9C48F9214BB971C5B5A0EBF3DB3576F c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-04 12:00 15360 A0F3C54BDAD0B1E74C974626C28670B1 c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 17:02 15360 6A68103E38B1E9E26392672DA58155AD c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 17:02 35840 12519C2FEF4BF58DE7E5BCCA64E2D7F2 c:\windows\system32\ctfmon.exe

[-] 2004-08-04 12:00 57856 E4AE7B324B02152F17B406129B09BAE4 c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 17:03 57856 E33821136A2CB296445563F315036764 c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2008-04-14 17:03 78336 1BFD68BDD1E272A4254375662C7861CC c:\windows\system32\spoolsv.exe

[-] 2004-08-04 12:00 45056 6F1D66C8B08D0CF65870DC02F512E719 c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 17:03 46592 160A8AAEA851FF0C43F878BE069E2287 c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2008-04-14 17:03 46592 D6440F16CFAF74773C11BD4D0C76012E c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 35840]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-27 321344]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-09-19 127051]

"PRISMSVR.EXE"="c:\program files\philips\Philips 54Mbps Wireless USB Adapter Utility\PRISMSVR.EXE" [2004-04-26 315481]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 434176]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2008-09-10 598016]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1642496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 35840]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1765376]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Philips Wireless USB Adapter 11g.lnk - c:\program files\philips\Philips 54Mbps Wireless USB Adapter Utility\PHUSB11GMonitor.exe [2004-8-9 364544]

SMC2802W 54Mbps WLAN Monitor.lnk - c:\program files\SMC\SMC2802W V.2 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe [2003-11-25 884835]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-04 19:32 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Robin^Menu Start^Programma's^Opstarten^CCleaner.lnk]

path=c:\documents and settings\Robin\Menu Start\Programma's\Opstarten\CCleaner.lnk

backup=c:\windows\pss\CCleaner.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Robin^Menu Start^Programma's^Opstarten^Internet.lnk]

path=c:\documents and settings\Robin\Menu Start\Programma's\Opstarten\Internet.lnk

backup=c:\windows\pss\Internet.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Robin^Menu Start^Programma's^Opstarten^Xilisoft Video Converter Ultimate.lnk]

path=c:\documents and settings\Robin\Menu Start\Programma's\Opstarten\Xilisoft Video Converter Ultimate.lnk

backup=c:\windows\pss\Xilisoft Video Converter Ultimate.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8589:TCP"= 8589:TCP:BitComet 8589 TCP

"8589:UDP"= 8589:UDP:BitComet 8589 UDP

R1 eroa995;eroa995; [x]

R1 ethojwqy;ethojwqy; [x]

R1 mjhb0bb;mjhb0bb; [x]

R1 omjcdc3;omjcdc3; [x]

R2 BackWeb Client - 7681197;F-Secure BackWeb; [x]

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2008-05-06 16512]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-12-16 10976]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]

R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]

R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]

R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-04 325128]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-04 107272]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 184320]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-04 903960]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]

S2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 48720]

S2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-09-23 48256]

S2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 16048]

S2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSPM.SYS [2005-09-19 65328]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-04 603904]

S3 CPWUA2F;Wireless USB Adapter 11g;c:\windows\system32\DRIVERS\CPWUA2F.sys [2004-07-19 380160]

S3 w3304an5;WN3X0X Wireless Adapter;c:\progra~1\SMC\SMC280~1.4GH\INSTAL~1\WINXP\w3304an5.SYS [2002-10-07 15104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{970fbaee-8424-11dd-8313-000a940292ea}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-04-30 c:\windows\Tasks\1-klik Onderhoud.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:12]

2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-04-30 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-11 11:55]

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

HKLM-Run-Cmaudio - cmicnfg.cpl

HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Robin\Application Data\Mozilla\Firefox\Profiles\pf1jqodj.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - component: c:\documents and settings\Robin\Application Data\Mozilla\Firefox\Profiles\pf1jqodj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-30 17:30

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-2000478354-725345543-1004\Software\SecuROM\License information*]

"datasecu"=hex:83,de,24,c2,13,a6,18,94,f4,00,96,37,00,d4,bd,f2,b2,45,d6,05,25,

a4,40,27,fb,f0,4a,0a,ce,65,b5,c1,32,2f,14,2b,82,fa,9a,2d,0a,98,7c,1c,b4,58,\

"rkeysecu"=hex:06,e9,5d,d9,50,d6,72,46,43,8f,d5,b7,64,11,dd,35

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,1c,50,db,4f,3b,

73,33,0c,c8,28,51,af,b0,29,a3,98,7a,8b,e2,24,c9,ec,b5,ad,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,3c,13,49,7f,78,

94,b6,36,71,3b,04,66,8b,46,0d,96,e2,18,45,28,a5,57,5e,a7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c0,a0,94,ec,9d,

ba,88,23,25,da,ec,7e,55,20,c9,26,c1,7f,a4,47,1e,0b,69,c6,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,02,22,4c,1e,20,

c3,53,b1,3e,1e,9e,e0,57,5a,93,61,b2,3c,3d,19,0a,c2,bc,d1,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,87,91,e1,fc,b6,

b3,d4,73,cd,44,cd,b9,a6,33,6c,cd,4d,09,ed,d4,de,26,2e,a4,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,97,9f,08,01,a3,

f7,07,5d,b0,18,ed,a7,3f,8d,37,a4,d3,90,71,18,ce,31,25,d9,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,e5,9e,69,d3,30,

7c,76,fa,31,77,e1,ba,b1,f8,68,02,a3,20,3e,f8,d4,66,16,c3,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,5f,df,25,76,66,

95,31,bc,83,6c,56,8b,a0,85,96,ab,d2,9e,2f,85,82,ac,dd,d5,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,e1,7c,d7,52,5b,

8a,f4,bc,51,fa,6e,91,28,9e,14,cc,9e,37,ea,b6,dd,8e,07,7d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E9204BC4-9B67-A3A7-9418040E7EC7E28B}\{1ACE6D24-C4A9-397B-64EF395CC2F330B1}\{685A2618-4C9F-7737-7DE531E9434892E2}*]

"GEU3J4UUHJGEE1XB3LIJ4XZTSF1"=hex:01,00,01,00,00,00,00,00,c4,5b,ae,fa,46,f4,3b,

9f,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d3,e2,01,c3,94,

06,d9,20,b1,cd,45,5a,a8,c4,f8,b9,63,49,4e,b3,fa,0d,e7,d9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,27,b9,63,65,25,

1b,d8,1c,e3,0e,66,d5,eb,bc,2f,6b,1c,4b,3a,25,9f,36,88,66,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,28,1d,ca,b9,eb,

90,18,93,fa,ea,66,7f,d4,3b,6b,70,04,6c,2b,d9,34,10,a4,69,6c,43,2d,1e,aa,22,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(884)

c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(4020)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSNL.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lkcitdl.exe

c:\windows\system32\lkads.exe

c:\windows\system32\lktsrv.exe

c:\program files\National Instruments\Shared\Security\nidmsrv.exe

c:\windows\system32\nisvcloc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

.

**************************************************************************

.

Voltooingstijd: 2009-04-30 17:34 - machine werd herstart

ComboFix-quarantined-files.txt 2009-04-30 15:34

Pre-Run: 40.283.598.848 bytes beschikbaar

Post-Run: 40.412.282.880 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

431 --- E O F --- 2008-12-11 21:12

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\tpsaxyd.exe

c:\windows\system32\F.tmp

c:\windows\system32\B.tmp

c:\windows\system32\7.tmp

c:\windows\system32\5.tmp

c:\windows\system32\1F.tmp

c:\windows\system32\1E.tmp

c:\windows\system32\19.tmp

c:\windows\system32\17.tmp

c:\windows\system32\16.tmp

c:\windows\system32\14.tmp

c:\windows\system32\A4.tmp

c:\windows\system32\91.tmp

c:\windows\system32\32.tmp

c:\windows\system32\44.tmp

c:\windows\system32\43.tmp

c:\windows\system32\40.tmp

c:\windows\system32\12.tmp

c:\windows\system32\10.tmp

c:\windows\system32\F3.tmp

c:\windows\system32\F1.tmp

c:\windows\system32\EF.tmp

c:\windows\system32\143.tmp

c:\windows\system32\141.tmp

c:\windows\system32\140.tmp

c:\windows\system32\2F1.tmp

c:\windows\system32\2F0.tmp

c:\windows\system32\2EB.tmp

c:\windows\system32\2EA.tmp

Folder::

c:\program files\AskBardis

Driver::

eroa995

ethojwqy

mjhb0bb

omjcdc3

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

Verwijder alle bestanden en mappen (onder "file" en "folder") manueel met Windows Verkenner. En zoek dan even via een zoekopdracht of je de namen onder "driver" nog ergens op je PC aantreft. Geef dan even in je volgend bericht de exacte locatie van deze items.

Verwijder ondertussen ook Combofix via Start -> Uitvoeren -> typ combofix /u

Link naar reactie
Delen op andere sites

Verwijder alle bestanden en mappen (onder "file" en "folder") manueel met Windows Verkenner. En zoek dan even via een zoekopdracht of je de namen onder "driver" nog ergens op je PC aantreft. Geef dan even in je volgend bericht de exacte locatie van deze items.

Verwijder ondertussen ook Combofix via Start -> Uitvoeren -> typ combofix /u

kan je dat verwijderen iets gedetaieerder uitleggen? :s zoals ik het begrijp moet ik al mijn bestanden verwijderen?:stupid:

alvast merci

Link naar reactie
Delen op andere sites

Neen, dat heb je slecht begrepen dan : enkel de bestanden uit bericht 13 moesten verwijderd worden, niet alle bestanden :-)

Om zeker geen misverstanden te laten ontstaan : deze bestanden

c:\windows\system32\tpsaxyd.exe

c:\windows\system32\F.tmp

c:\windows\system32\B.tmp

c:\windows\system32\7.tmp

c:\windows\system32\5.tmp

c:\windows\system32\1F.tmp

c:\windows\system32\1E.tmp

c:\windows\system32\19.tmp

c:\windows\system32\17.tmp

c:\windows\system32\16.tmp

c:\windows\system32\14.tmp

c:\windows\system32\A4.tmp

c:\windows\system32\91.tmp

c:\windows\system32\32.tmp

c:\windows\system32\44.tmp

c:\windows\system32\43.tmp

c:\windows\system32\40.tmp

c:\windows\system32\12.tmp

c:\windows\system32\10.tmp

c:\windows\system32\F3.tmp

c:\windows\system32\F1.tmp

c:\windows\system32\EF.tmp

c:\windows\system32\143.tmp

c:\windows\system32\141.tmp

c:\windows\system32\140.tmp

c:\windows\system32\2F1.tmp

c:\windows\system32\2F0.tmp

c:\windows\system32\2EB.tmp

c:\windows\system32\2EA.tmp

en deze map :

c:\program files\AskBardis

Link naar reactie
Delen op andere sites

Download Combofix.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Driver::

eroa995

ethojwqy

mjhb0bb

omjcdc3

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

kijk wat voor een error ik dan krijg

!! ALERT !! IT is NOT SAFE to continue!

The contents of the ComboFIx package has been compromised.

Please download a fresh copy from:

http:/www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus (Virut)

dan kan ik op OK klikken of sluiten maar bij bijde verwijdert ComboFix automatisch van mijn pc

wat doen?

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.