Ga naar inhoud

foutmelding rundll


Patrice

Aanbevolen berichten

Dag,

ik heb een virus in mijn computer gehad en volgens mij ben ik daar nu vanaf, met behulp van een superanti spyware en anti-malware. Vervolgens kwam ik echter niet op internet, dat is dan weer opgelost door Combofix te installeren.

Daarvan heb ik het onderstaande log bestand. Mijn vraag is dan ook eigenlijk of ik nog meer moet doen om de computer weer tip top te hebben, want ik snap van dat log bestand helemaal niets?

ComboFix 10-08-27.03 - P. van der Helm 28-08-2010 14:19:09.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1012.623 [GMT 2:00]

Gestart vanuit: d:\films\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100827-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\P. van der Helm\Application Data\usernt.dat

c:\documents and settings\P. van der Helm\Local Settings\Application Data\tsaokdiny

c:\documents and settings\P. van der Helm\Local Settings\Application Data\tsaokdiny\amcqnfsshdw.exe

c:\documents and settings\P. van der Helm\Menu Start\Programma's\Opstarten\syscron.exe

c:\windows\system32\0.6354953343088865.exe

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://pdisp01.c-wss.com

Besmet exemplaar van c:\windows\system32\drivers\AGPCPQ.SYS werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DDNSFILTER

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-28 ))))))))))))))))))))))))))))))

.

2010-08-28 10:50 . 2009-03-19 12:38 303104 ----a-w- c:\windows\system32\CNC560L.dll

2010-08-28 10:50 . 2009-04-03 14:00 1310720 ----a-w- c:\windows\system32\CNC560C.dll

2010-08-28 10:50 . 2009-04-03 13:59 110592 ----a-w- c:\windows\system32\CNC560I.dll

2010-08-28 10:50 . 2009-04-03 13:57 106496 ----a-w- c:\windows\system32\CNC560U.dll

2010-08-28 10:50 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2010-08-28 10:50 . 2009-05-07 03:20 93696 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0c0a\CNMsrA0.dll

2010-08-28 10:50 . 2009-05-07 03:20 88064 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0816\CNMsrA0.dll

2010-08-28 10:50 . 2009-05-07 03:20 473088 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0c0a\CNMurA0.dll

2010-08-28 10:50 . 2009-05-07 03:20 451072 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0816\CNMurA0.dll

2010-08-28 10:50 . 2009-05-07 03:20 227840 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0c0a\CNMlrA0.dll

2010-08-28 10:50 . 2009-05-07 03:20 208896 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0816\CNMlrA0.dll

2010-08-28 10:47 . 2010-08-28 10:47 -------- d-----w- c:\program files\Common Files\CANON

2010-08-28 10:44 . 2010-08-28 10:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ

2010-08-28 10:44 . 2009-03-24 03:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA0.DLL

2010-08-28 10:44 . 2009-03-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA0.DLL

2010-08-28 10:44 . 2009-03-24 03:00 272384 ----a-w- c:\windows\system32\CNMLMA0.DLL

2010-08-28 10:44 . 2010-08-28 10:44 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2010-08-28 10:44 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIUA0.DLL

2010-08-28 10:43 . 2010-08-28 10:43 -------- d--h--w- c:\program files\CanonBJ

2010-08-28 10:43 . 2010-08-28 10:43 -------- d-----w- c:\windows\system32\STRING

2010-08-28 10:43 . 2010-08-28 10:43 -------- d-----w- c:\windows\system32\CHM

2010-08-28 10:43 . 2009-04-03 16:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL

2010-08-28 10:43 . 2009-04-03 16:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL

2010-08-28 10:41 . 2010-08-28 10:59 -------- d-----w- c:\program files\Canon

2010-08-28 09:57 . 2010-08-28 09:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-28 09:54 . 2010-08-28 09:54 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-28 09:53 . 2010-08-28 09:53 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-28 09:53 . 2010-08-28 09:53 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-28 09:53 . 2010-08-28 09:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-08-28 08:27 . 2010-08-28 08:27 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-21 11:41 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2010-08-21 11:27 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-21 11:27 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-21 11:27 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-21 11:27 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-21 11:27 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-08-21 11:27 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-08-21 11:27 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-21 11:27 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-21 11:27 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-21 09:31 . 2010-08-21 09:31 -------- d-----w- c:\documents and settings\P. van der Helm\Application Data\Malwarebytes

2010-08-21 09:31 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-21 09:31 . 2010-08-21 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-21 09:31 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-21 09:31 . 2010-08-21 09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-21 09:01 . 2010-08-21 09:01 63488 ----a-w- c:\documents and settings\P. van der Helm\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-21 09:01 . 2010-08-21 09:01 52224 ----a-w- c:\documents and settings\P. van der Helm\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-21 09:01 . 2010-08-21 09:01 117760 ----a-w- c:\documents and settings\P. van der Helm\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-21 09:00 . 2010-08-21 09:00 -------- d-----w- c:\documents and settings\P. van der Helm\Application Data\SUPERAntiSpyware.com

2010-08-21 09:00 . 2010-08-21 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-21 09:00 . 2010-08-21 09:00 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-20 14:27 . 2010-08-21 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-20 13:18 . 2010-08-20 10:48 77824 ------w- c:\documents and settings\Administrator\Application Data\ohydy.exe

2010-08-20 10:49 . 2010-08-20 10:48 77824 --sh--r- c:\documents and settings\P. van der Helm\Application Data\ohydy.exe

2010-08-17 11:53 . 2010-08-17 11:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-07-30 08:04 . 2010-07-30 08:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-28 12:31 . 2008-07-16 11:19 70744 ----a-w- c:\windows\system32\perfc013.dat

2010-08-28 12:31 . 2008-07-16 11:19 444074 ----a-w- c:\windows\system32\perfh013.dat

2010-08-21 13:10 . 2009-06-21 12:43 -------- d-----w- c:\documents and settings\P. van der Helm\Application Data\BitTorrent

2010-08-20 15:20 . 2009-03-13 13:39 -------- d-----w- c:\program files\Alwil Software

2010-08-19 09:15 . 2009-01-13 19:18 -------- d-----w- c:\program files\Google

2010-06-30 12:33 . 2008-04-16 03:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:19 . 2008-04-16 03:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:19 . 2008-04-16 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:19 . 2008-04-16 03:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-06-24 09:02 . 2008-04-16 03:00 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 18:20 . 2010-06-23 18:20 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb8.tmp.exe

2010-06-21 15:27 . 2008-04-16 03:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2008-04-16 03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2008-04-16 03:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:43 . 2008-04-16 03:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

------- Sigcheck -------

[7] 2008-04-16 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is niet aanwezig !!

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"M3000Mnt"="M3000Rmv.dll " [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2009-01-19 53248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-16 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-16 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-16 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-16 455168]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-19 16862720]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-16 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21-8-2010 13:27 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10-5-2010 20:41 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21-8-2010 13:27 20560]

R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5-5-2008 9:01 254976]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2010 13:49 135664]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [30-12-2008 1:12 96856]

.

Inhoud van de 'Gedeelde Taken' map

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6b4566120e.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:49]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:49]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

BHO-{3099AF79-64E3-466D-9311-15EA64D097FA} - c:\windows\$NtUninstallMTF1011$\mmduch.dll

BHO-{58C175E5-1B36-4F91-ABAF-4E1A80BC4E66} - c:\windows\$NtUninstallMTF1011$\mmx.dll

WebBrowser-{2BAE58C2-79F9-45D1-A286-81F911301C3A} - (no file)

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe

HKCU-Run-mnmkynmy - c:\documents and settings\P. van der Helm\Local Settings\Application Data\tsaokdiny\amcqnfsshdw.exe

HKLM-Run-bipro - c:\windows\$NtUninstallMTF1011$\mmduch.dll

HKLM-Run-mnmkynmy - c:\documents and settings\P. van der Helm\Local Settings\Application Data\tsaokdiny\amcqnfsshdw.exe

AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-28 14:29

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]

@DACL=(02 0000)

@="Microsoft Disk Quota"

"NoMachinePolicy"=dword:00000000

"NoUserPolicy"=dword:00000001

"NoSlowLink"=dword:00000001

"NoBackgroundPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"PerUserLocalSettings"=dword:00000000

"RequiresSuccessfulRegistry"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000000

"DllName"=expand:"dskquota.dll"

"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]

@DACL=(02 0000)

@="Internet Explorer Zonemapping"

"DllName"=expand:"iedkcs32.dll"

"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"

"NoGPOListChanges"=dword:00000001

"RequiresSucessfulRegistry"=dword:00000001

"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]

@DACL=(02 0000)

"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"

"GenerateGroupPolicy"="SceGenerateGroupPolicy"

"ExtensionRsopPlanningDebugLevel"=dword:00000001

"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"

"ExtensionDebugLevel"=dword:00000001

"DllName"=expand:"scecli.dll"

@="Security"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

"MaxNoGPOListChangesInterval"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]

@DACL=(02 0000)

"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

"GenerateGroupPolicy"="GenerateGroupPolicy"

"ProcessGroupPolicy"="ProcessGroupPolicy"

"DllName"="iedkcs32.dll"

@="Internet Explorer Branding"

"NoSlowLink"=dword:00000001

"NoBackgroundPolicy"=dword:00000000

"NoGPOListChanges"=dword:00000001

"NoMachinePolicy"=dword:00000001

"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]

@DACL=(02 0000)

"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"

"DllName"=expand:"scecli.dll"

@="EFS recovery"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]

@DACL=(02 0000)

@="802.3 Group Policy"

"DisplayName"=expand:"@dot3gpclnt.dll,-100"

"ProcessGroupPolicyEx"="ProcessLANPolicyEx"

"GenerateGroupPolicy"="GenerateLANPolicy"

"DllName"=expand:"dot3gpclnt.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]

@DACL=(02 0000)

@="Microsoft Offline Files"

"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"

"EnableAsynchronousProcessing"=dword:00000000

"NoBackgroundPolicy"=dword:00000000

"NoGPOListChanges"=dword:00000000

"NoMachinePolicy"=dword:00000000

"NoSlowLink"=dword:00000000

"NoUserPolicy"=dword:00000001

"PerUserLocalSettings"=dword:00000000

"ProcessGroupPolicy"="ProcessGroupPolicy"

"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]

@DACL=(02 0000)

@="Software-installatie"

"DllName"=expand:"appmgmts.dll"

"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"

"GenerateGroupPolicy"="GenerateGroupPolicy"

"NoBackgroundPolicy"=dword:00000000

"RequiresSucessfulRegistry"=dword:00000000

"NoSlowLink"=dword:00000001

"PerUserLocalSettings"=dword:00000001

"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

@DACL=(02 0000)

"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"

"Logon"="SABWINLOLogon"

"Logoff"="SABWINLOLogoff"

"Startup"="SABWINLOStartup"

"Shutdown"="SABWINLOShutdown"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=expand:"crypt32.dll"

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=expand:"cryptnet.dll"

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

@DACL=(02 0000)

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

@DACL=(02 0000)

@SACL=

@=""

"DLLName"="igfxdev.dll"

"Asynchronous"=dword:00000001

"Impersonate"=dword:00000001

"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

@DACL=(02 0000)

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"DllName"=expand:"wlnotify.dll"

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

@DACL=(02 0000)

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

@DACL=(02 0000)

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"DllName"=expand:"wlnotify.dll"

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

@DACL=(02 0000)

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

@DACL=(02 0000)

"HelpAssistant"=dword:00000000

"TsInternetUser"=dword:00000000

"SQLAgentCmdExec"=dword:00000000

"NetShowServices"=dword:00000000

"IWAM_"=dword:00010000

"IUSR_"=dword:00010000

"VUSR_"=dword:00010000

"ASPNET"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2868)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxext.exe

c:\docume~1\PAA6D~1.VAN\LOCALS~1\Temp\RtkBtMnt.exe

.

**************************************************************************

.

Voltooingstijd: 2010-08-28 14:35:19 - machine werd herstart

ComboFix-quarantined-files.txt 2010-08-28 12:35

Pre-Run: 83.635.843.072 bytes beschikbaar

Post-Run: 83.782.889.472 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 760091B60F50CD14F505703D0E4FC355

groet Patrice.

Link naar reactie
Delen op andere sites

Verwijder volgende vetgedrukte bestanden :

c:\documents and settings\P. van der Helm\Application Data\ohydy.exe

c:\documents and settings\Administrator\Application Data\ohydy.exe

... en laat dan Malwarebytes nog eens scannen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.