Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Zo daar ben ik weer met een nieuwe combofix.txt. (overigens kreeg in na het herstarten drie waarschuwingen van de virusscan, herstel inmiddels vier, 1 van een verwijderd Paard van Troje en drie van bufferoverloop- en microsoft outlook start erg traag op).

En zodra ik dit verzonden heb ik ga met CCleaner aan de slag

ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 11:59:58.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.104 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Gerda den Hollander\Bureaublad\CFScript.txt

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

FILE ::

C:\HijackThis.exe

c:\program files\HijackThis.zip

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\HijackThis.exe

c:\program files\HijackThis.zip

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))

.

2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes

2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor

2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools

2009-01-13 12:12 . 2009-01-14 11:49 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys

2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys

2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys

2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys

2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters

2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters

2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro

2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 10:35 --------- d-----w c:\program files\SPAMfighter

2009-01-13 23:21 --------- d-----w c:\program files\Google

2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt

2008-12-17 09:48 --------- d-----w c:\program files\Java

2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

2008-12-09 20:28 --------- d-----w c:\program files\Ricochet

2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer

2008-12-01 08:47 --------- d-----w c:\program files\iTunes

2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-01 08:46 --------- d-----w c:\program files\iPod

2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple

2008-12-01 08:42 --------- d-----w c:\program files\QuickTime

2008-12-01 08:29 --------- d-----w c:\program files\Safari

2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player

2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys

2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6

2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll

2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll

2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll

2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll

2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll

2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll

2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll

2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-14 10:29:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872]

"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]

"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\

Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496]

R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688]

R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]

R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]

R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]

R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]

R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920]

R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752]

S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv

.

Inhoud van de 'Gedeelde Taken' map

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-13 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]

2009-01-14 c:\windows\Tasks\Schijfopruiming.job

- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02]

.

- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.omroep.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.euro.dell.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - Add to Windows Live Favorites

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder

hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

c:\windows\Downloaded Program Files\OSDED4D.OSD

c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009}

hxxp://hyves.nl/cab/outlookaddressbook.cab

c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx

O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5}

hxxp://www.ob.gouda.nl/Components/screenshot.cab

c:\windows\Downloaded Program Files\screenshot.inf

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab

c:\windows\Downloaded Program Files\setup.inf

FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-14 12:05:51

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable

c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable

Scan succesvol afgerond

verborgen bestanden: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac]

"ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

Voltooingstijd: 2009-01-14 12:09:09

ComboFix-quarantined-files.txt 2009-01-14 11:09:03

ComboFix2.txt 2009-01-13 23:12:12

ComboFix3.txt 2009-01-13 22:53:08

Pre-Run: 88.003.657.728 bytes beschikbaar

Post-Run: 87,986,098,176 bytes beschikbaar

215 --- E O F --- 2008-12-18 14:18:28

Geplaatst:

er gaat van alles mis nu, nadat ik combo fix (zie boven) en CCleaner had gedaan. krijg steeds stopfout windows, wordt eruit gegooid kan amper opstarten.

krijg steeds meldingen van virusscanner bij start.

Kortom, komt dit ooit nog goed

Geplaatst:

Na vorige noodkreet is het gelukt nog 1 keer combofix te draaien. Hier is de log

ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 16:29:27.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.209 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)

* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))

.

2009-01-14 12:43 . 2009-01-14 12:43 <DIR> dr-h----- c:\documents and settings\Gerda den Hollander\Onlangs geopend

2009-01-14 12:34 . 2009-01-14 12:34 <DIR> d-------- c:\program files\CCleaner

2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes

2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor

2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools

2009-01-13 12:12 . 2009-01-14 16:14 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys

2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys

2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys

2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys

2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters

2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters

2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro

2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 15:14 --------- d-----w c:\program files\SPAMfighter

2009-01-13 23:21 --------- d-----w c:\program files\Google

2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt

2008-12-17 09:48 --------- d-----w c:\program files\Java

2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys

2008-12-09 20:28 --------- d-----w c:\program files\Ricochet

2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer

2008-12-01 08:47 --------- d-----w c:\program files\iTunes

2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-01 08:46 --------- d-----w c:\program files\iPod

2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple

2008-12-01 08:42 --------- d-----w c:\program files\QuickTime

2008-12-01 08:29 --------- d-----w c:\program files\Safari

2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player

2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys

2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6

2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll

2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll

2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll

2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll

2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll

2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll

2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll

2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-10 20:37:06 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-01-14 12:01:20 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-12-10 20:37:06 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2009-01-14 12:01:20 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-12-10 20:37:06 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-01-14 12:01:21 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-12-10 20:37:06 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2009-01-14 12:01:21 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-12-10 20:37:06 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-01-14 12:01:22 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-12-10 20:37:06 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2009-01-14 12:01:22 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-12-10 20:37:06 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2009-01-14 12:01:23 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-12-10 20:37:06 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2009-01-14 12:01:19 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-12-10 20:37:06 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2009-01-14 12:01:19 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe

+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe

+ 2009-01-14 13:33:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872]

"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]

"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\

Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496]

R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688]

R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]

R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]

R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]

R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]

R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920]

R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752]

S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv

.

Inhoud van de 'Gedeelde Taken' map

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-14 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]

2009-01-14 c:\windows\Tasks\Schijfopruiming.job

- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.omroep.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.euro.dell.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - Add to Windows Live Favorites

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder

hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

c:\windows\Downloaded Program Files\OSDED4D.OSD

c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009}

hxxp://hyves.nl/cab/outlookaddressbook.cab

c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx

O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5}

hxxp://www.ob.gouda.nl/Components/screenshot.cab

c:\windows\Downloaded Program Files\screenshot.inf

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab

c:\windows\Downloaded Program Files\setup.inf

FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-14 16:36:09

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable

c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable

Scan succesvol afgerond

verborgen bestanden: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac]

"ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(236)

c:\program files\SPAMfighter\Clients\Outlook Express\SFOE0001.dll

c:\progra~1\WINDOW~2\wmpband.dll

.

Voltooingstijd: 2009-01-14 16:42:18

ComboFix-quarantined-files.txt 2009-01-14 15:42:10

ComboFix2.txt 2009-01-14 11:09:13

ComboFix3.txt 2009-01-13 23:12:12

ComboFix4.txt 2009-01-13 22:53:08

Pre-Run: 88.231.084.032 bytes beschikbaar

Post-Run: 88,210,739,200 bytes beschikbaar

233 --- E O F --- 2009-01-14 12:01:28

Geplaatst:

Kan je die fouten eens wat beter omschrijven : de stopfout bvb.(want dat zou er op kunnen wijzen dat er meer aan de hand is en er bvb ook hardwareproblemen mee gemoeid zijn) en de fouten die je virusscanner meldt (waar, in welke bestanden, enz.) ? Want normaal is dit inderdaad niet :s

Geplaatst:

help allerlei dingen die ik opstuur lijken niet aan te komen.

Na vorige noodkreet nog 1 x combofix gedaan. hier log

ComboFix 09-01-13.04 - Gerda den Hollander 2009-01-14 16:29:27.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.209 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Gerda den Hollander\Bureaublad\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)

* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))

.

2009-01-14 12:43 . 2009-01-14 12:43 <DIR> dr-h----- c:\documents and settings\Gerda den Hollander\Onlangs geopend

2009-01-14 12:34 . 2009-01-14 12:34 <DIR> d-------- c:\program files\CCleaner

2009-01-13 13:20 . 2009-01-13 13:20 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\Malwarebytes

2009-01-13 13:19 . 2009-01-13 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-13 13:19 . 2009-01-13 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-13 13:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-01-13 13:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-01-13 12:12 . 2009-01-14 11:53 <DIR> d-------- c:\program files\Spyware Doctor

2009-01-13 12:12 . 2009-01-13 12:12 <DIR> d-------- c:\documents and settings\Gerda den Hollander\Application Data\PC Tools

2009-01-13 12:12 . 2009-01-14 16:14 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-01-13 12:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys

2009-01-13 12:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys

2009-01-13 12:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys

2009-01-13 12:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys

2009-01-05 23:22 . 2009-01-08 21:42 <DIR> d-------- c:\program files\Fighters

2009-01-05 23:22 . 2009-01-05 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters

2009-01-05 23:10 . 2009-01-05 23:10 <DIR> d-------- c:\program files\Trend Micro

2008-12-17 10:49 . 2008-12-17 10:48 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 15:14 --------- d-----w c:\program files\SPAMfighter

2009-01-13 23:21 --------- d-----w c:\program files\Google

2009-01-08 20:42 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-05 22:15 12,288 ----a-w c:\program files\hijackthis logboek.txt

2008-12-17 09:48 --------- d-----w c:\program files\Java

2008-12-12 17:03 3,088,896 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys

2008-12-09 20:28 --------- d-----w c:\program files\Ricochet

2008-12-01 11:40 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\Apple Computer

2008-12-01 08:47 --------- d-----w c:\program files\iTunes

2008-12-01 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-01 08:46 --------- d-----w c:\program files\iPod

2008-12-01 08:46 --------- d-----w c:\program files\Common Files\Apple

2008-12-01 08:42 --------- d-----w c:\program files\QuickTime

2008-12-01 08:29 --------- d-----w c:\program files\Safari

2008-11-30 12:11 --------- d-----w c:\program files\Adobe Media Player

2008-11-30 12:10 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-18 10:01 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys

2008-11-16 12:20 --------- d-----w c:\documents and settings\Gerda den Hollander\Application Data\MSN6

2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll

2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll

2008-10-16 01:02 669,184 ----a-w c:\windows\SYSTEM32\wininet.dll

2008-10-16 01:02 669,184 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll

2008-10-16 01:02 620,032 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

2008-10-16 01:02 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll

2008-10-15 16:37 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll

2008-04-17 19:54 32,768 ----a-w c:\documents and settings\Gerda den Hollander\WebVpnRegKey6-pintix-rnw-nl.dll

2005-09-25 15:16 0 ---ha-w c:\documents and settings\Gerda den Hollander\Application Data\hpothb07.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-13_23.50.50,90 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-10 20:37:06 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-01-14 12:01:20 12,288 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-12-10 20:37:06 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2009-01-14 12:01:20 135,168 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-12-10 20:37:06 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-01-14 12:01:21 11,264 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-12-10 20:37:06 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2009-01-14 12:01:21 27,136 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-12-10 20:37:06 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-01-14 12:01:22 4,096 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-12-10 20:37:06 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2009-01-14 12:01:22 794,624 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-12-10 20:37:06 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2009-01-14 12:01:23 23,040 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-12-10 20:37:06 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2009-01-14 12:01:19 286,720 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-12-10 20:37:06 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2009-01-14 12:01:19 409,600 ----a-r c:\windows\Installer\{91130413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe

+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe

+ 2009-01-14 13:33:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-25 234856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872]

"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]

"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\SYSTEM32\P0630Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\Gerda den Hollander\Menu Start\Programma's\Opstarten\

Mediacontrole Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-11 155648]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2004-06-16 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 Vfscan;Vfscan;c:\windows\SYSTEM32\DRIVERS\vffilter.sys [2008-11-18 15496]

R3 wlags51b;Agere Wireless USB Driver;c:\windows\SYSTEM32\DRIVERS\WLAGS51B.sys [2004-11-07 178688]

R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]

R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]

R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]

R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]

R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-13 356920]

R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-30 33752]

S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [2007-01-23 91841]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mchInjDrv

.

Inhoud van de 'Gedeelde Taken' map

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-14 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2005-09-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106417417.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]

2009-01-14 c:\windows\Tasks\Schijfopruiming.job

- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 18:02]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.omroep.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.euro.dell.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - Add to Windows Live Favorites

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder

hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

c:\windows\Downloaded Program Files\OSDED4D.OSD

c:\windows\Downloaded Program Files\AddrBookATL.dll - O16 -: {426784E5-24B2-4708-820D-117342FAD009}

hxxp://hyves.nl/cab/outlookaddressbook.cab

c:\windows\Downloaded Program Files\imglib.dll - c:\windows\Downloaded Program Files\screenshot.ocx

O16 -: {558714D6-8AC5-11D2-BCB7-00A024A866A5}

hxxp://www.ob.gouda.nl/Components/screenshot.cab

c:\windows\Downloaded Program Files\screenshot.inf

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://internethuis.rnw.nl/activex/AMC.cab

c:\windows\Downloaded Program Files\setup.inf

FF - ProfilePath - c:\documents and settings\Gerda den Hollander\Application Data\Mozilla\Firefox\Profiles\kzg9xpfx.default\

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-14 16:36:09

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys 39936 bytes executable

c:\windows\system32\_e6e943de6d2e2d8c33d5130c1ccdd3ac.sys_.vir 39936 bytes executable

Scan succesvol afgerond

verborgen bestanden: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e6e943de6d2e2d8c33d5130c1ccdd3ac]

"ImagePath"="system32\e6e943de6d2e2d8c33d5130c1ccdd3ac.sys"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(236)

c:\program files\SPAMfighter\Clients\Outlook Express\SFOE0001.dll

c:\progra~1\WINDOW~2\wmpband.dll

.

Voltooingstijd: 2009-01-14 16:42:18

ComboFix-quarantined-files.txt 2009-01-14 15:42:10

ComboFix2.txt 2009-01-14 11:09:13

ComboFix3.txt 2009-01-13 23:12:12

ComboFix4.txt 2009-01-13 22:53:08

Pre-Run: 88.231.084.032 bytes beschikbaar

Post-Run: 88,210,739,200 bytes beschikbaar

233 --- E O F --- 2009-01-14 12:01:28

Geplaatst:

Ik stuur ze stukje bij beetje, want ik heb al een paar keer gehad, dat ik een heleboel had opgeschreven en dat windows werd afgesloten; Dan krijg ik de volgende mededeling:

Computer is hersteld van een ernstige fout in microsoft windows (was ook afgesloten bij vorige poging op te starten.

En dit is de inhoud van foutenrapport dat voor microsoft is opgesteld:

C:\DOCUME~1\GERDAD~1\LOCALS~1\Temp\WERca0e.dir00\Mini011409-01.dmp

C:\DOCUME~1\GERDAD~1\LOCALS~1\Temp\WERca0e.dir00\sysdata.xml

Geplaatst:

En bij het opstarten krijg ik meldingen van virusscannen bij toegang, over

bufferloop in Windows\Explorer.EXE.KERNEL32CreateProcessA (in allerlei varianten). En dat ze nu geblokkeerd zijn door bufferoverloop. Maar die mededeling blijft steeds opnieuw op puppen.

Ik ben er dus meerdere keren uitgegooid, waarbij je een blauw scherm krijgt met witte letters, waarop gewaarschuwd wordt dat je opnieuw op moet starten als dit de eerste keer is dat je die melding krijgt, en bij volgende keren technische steun moet vragen. Maar dat valt niet te printen of kopièren

Geplaatst:

Ben er zojuist weer uitgegooid in het blauwe scherm stond onder meer:

STOP:0x00000005, 0xF8503ABA, 0xBODBCAE4, 0x00000000

(NB alle eerste 0's kunnen ook O's zijn)

fltmgr.sys-adress F8503ABA base at F84FE000 Datestamp 480251da

  • 2 maanden later...
Geplaatst:

Bij gebrek aan reactie zetten we een "slotje" op dit onderwerp. Mocht je dit topic toch nog willen heropenen, geef dan een seintje aan één van de moderators.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.