Beveiliging

kape · 15 januari 2010

Probeer nu - na dat systeemherstel - eens of je Combofix kan laten scannen, maar nu zonder de naam van dat bestand te wijzigen naar scan.exe

amosa · 15 januari 2010

dat is gelukt met combofix::::::::::

ComboFix 10-01-15.01 - Paula 15/01/2010 19:46:22.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.502.130 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Paula\Bureaublad\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\Autorun.inf

.

---- Voorgaande Run -------

.

c:\documents and settings\Paula\Mijn documenten\ZbThumbnail.info

c:\windows\system32\Thumbs.db

D:\Autorun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-15 to 2010-01-15 ))))))))))))))))))))))))))))))

.

2010-01-15 13:27 . 2010-01-15 13:27 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-15 13:26 . 2010-01-15 13:26 -------- d-----w- c:\program files\CCleaner

2010-01-15 13:24 . 2010-01-15 13:24 -------- d-----w- c:\documents and settings\Paula\Mijn afbeeldingen

2010-01-15 13:24 . 2010-01-15 13:26 -------- d--h--r- c:\documents and settings\Paula\Onlangs geopend

2010-01-14 17:45 . 2010-01-15 15:16 -------- d-----w- c:\program files\FindyKill

2010-01-13 19:03 . 2010-01-15 13:26 -------- d-----w- C:\scan

2010-01-13 15:21 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-12 21:36 . 2010-01-12 21:36 388096 ----a-r- c:\documents and settings\Paula\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-01-10 18:58 . 2010-01-15 13:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-10 18:39 . 2010-01-10 18:39 -------- d-----w- c:\program files\TrendMicro

2009-12-26 21:39 . 2009-12-26 21:39 -------- d-----w- c:\documents and settings\Paula\Application Data\Malwarebytes

2009-12-26 21:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-26 21:38 . 2009-12-26 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-26 21:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-23 23:25 . 2009-12-23 23:25 -------- d-----w- c:\program files\Trend Micro

2009-12-22 20:14 . 2009-12-22 20:25 -------- d-----w- c:\program files\Registry Winner

2009-12-20 16:37 . 2009-05-07 10:03 307200 ----a-w- c:\windows\system32\AscSQLite.dll

2009-12-20 16:37 . 2008-11-06 15:04 36864 ----a-w- c:\windows\system32\ascbalon.dll

2009-12-20 16:37 . 2009-04-15 17:50 217088 ----a-w- c:\windows\system32\AscConTest.dll

2009-12-20 16:36 . 2009-12-23 11:52 -------- d-----w- c:\program files\Ascentive

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-15 13:24 . 2009-11-18 14:44 -------- d-----w- c:\program files\LimeWire

2010-01-15 13:24 . 2008-02-22 13:09 -------- d-----w- c:\program files\Google

2010-01-15 12:21 . 2006-03-02 12:00 542400 ----a-w- c:\windows\system32\perfh013.dat

2010-01-15 12:21 . 2006-03-02 12:00 103678 ----a-w- c:\windows\system32\perfc013.dat

2010-01-03 11:53 . 2009-07-29 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM

2010-01-01 14:38 . 2008-03-08 20:54 -------- d-----w- c:\documents and settings\Paula\Application Data\LimeWire

2010-01-01 12:50 . 2008-04-13 14:52 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-23 11:52 . 2008-01-15 20:19 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-22 20:05 . 2008-03-27 19:47 -------- d-----w- c:\documents and settings\Paula\Application Data\Uniblue

2009-12-20 16:45 . 2008-01-15 20:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-20 15:29 . 2009-03-19 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-12-16 06:28 . 2009-03-19 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-12-15 20:44 . 2008-01-21 18:22 -------- d-----w- c:\program files\Common Files\Adobe

2009-12-14 18:42 . 2009-12-14 18:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan

2009-12-14 18:42 . 2008-10-31 16:34 -------- d-----w- c:\documents and settings\Paula\Application Data\Canon

2009-12-12 18:07 . 2009-04-17 14:38 -------- d-----w- c:\program files\ZooEasy v8

2009-12-01 21:16 . 2008-10-24 16:37 -------- d-----w- c:\documents and settings\Paula\Application Data\U3

2009-11-25 22:05 . 2009-11-25 22:05 -------- d-----w- c:\program files\Fast Image Resizer

2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-19 17:44 . 2008-03-08 20:53 -------- d-----w- c:\program files\Java

2009-11-19 17:40 . 2009-11-19 17:40 152576 ----a-w- c:\documents and settings\Paula\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-19 17:37 . 2009-11-19 17:37 79488 ----a-w- c:\documents and settings\Paula\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-11 15:40 . 2009-11-11 15:40 14290 ----a-w- c:\program files\settings.dat

2009-11-11 15:40 . 2009-11-11 15:40 128 ----a-w- c:\documents and settings\Paula\Local Settings\Application Data\fusioncache.dat

2009-11-02 19:42 . 2009-10-07 14:37 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 07:46 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-10-23 17:32 . 2008-01-15 20:29 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]

"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-19 198160]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys --> c:\windows\system32\drivers\ctredrv.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/10/2009 21:27 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 20:27]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 20:27]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/webhp?rls=ig

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html

Trusted Zone: dexia.be\directnet

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB

DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://nl.pixum.be/apps/EasyUploadX.cab

DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxps://asp.photoprintit.de/microsite/1386/defaults/activex/ImageUploader3.cab

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-01-15 19:51

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2010-01-15 19:54:18

ComboFix-quarantined-files.txt 2010-01-15 18:54

Pre-Run: 17.585.098.752 bytes beschikbaar

Post-Run: 17.579.184.128 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E4F167BD77CB1734E20D1C12A9230412

kape · 16 januari 2010

Verwijder volgende vetgedrukte mappen :

c:\program files\FindyKill

C:\scan

c:\program files\Registry Winner

en laat dan eens weten hoe het momenteel met de problemen staat ?

Inloggen

Beveiliging

Aanbevolen berichten

kape

Link naar reactie

Delen op andere sites

amosa

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie