Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Stoute schoenen aangetrokken. symantac staat ernog

dus hier is het scan logje

ComboFix 09-02-03.01 - Bram 2009-02-04 16:31:56.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.767.385 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Bram\Bureaublad\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-04 to 2009-02-04 ))))))))))))))))))))))))))))))

.

2009-02-03 16:09 . 2009-02-03 16:09 <DIR> d-------- c:\program files\Trend Micro

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\documents and settings\Bram\Application Data\Malwarebytes

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-02 21:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-02 21:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-02 21:42 . 2009-02-02 21:42 <DIR> dr------- c:\documents and settings\LocalService\Favorieten

2009-02-02 19:08 . 2009-02-02 19:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-02-02 19:04 . 2009-02-02 21:55 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-02-02 18:58 . 2009-02-02 21:55 <DIR> d-------- c:\program files\Lavasoft

2009-02-02 18:58 . 2009-02-02 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-02 18:00 . 2009-02-02 18:00 <DIR> dr------- c:\documents and settings\NetworkService\Favorieten

2009-02-02 17:29 . 2009-02-02 17:29 <DIR> d-------- c:\program files\Enigma Software Group

2009-02-02 17:06 . 2009-02-02 17:06 88,064 --a------ c:\windows\system32\srbG2NGJ.exe

2009-02-01 13:47 . 2009-02-01 13:47 <DIR> d-------- c:\windows\nview

2009-02-01 13:47 . 2008-05-16 14:01 466,944 --a------ c:\windows\system32\nvudisp.exe

2009-02-01 13:47 . 2009-02-04 16:22 186,097 --a------ c:\windows\system32\nvapps.xml

2009-02-01 13:47 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu

2009-02-01 13:46 . 2009-02-01 13:46 <DIR> d-------- C:\NVIDIA

2009-02-01 13:46 . 2008-05-16 11:48 466,944 --a------ c:\windows\system32\NVUNINST.EXE

2009-02-01 11:54 . 2009-02-01 17:28 34 --a------ c:\documents and settings\Bram\jagex_runescape_preferences.dat

2009-02-01 11:53 . 2009-02-01 11:53 <DIR> d-------- c:\windows\Sun

2009-02-01 11:53 . 2009-02-01 11:53 <DIR> d-------- c:\windows\.jagex_cache_32

2009-01-31 17:40 . 2009-01-31 17:40 0 --a------ c:\windows\vpc32.INI

2009-01-31 17:33 . 2009-02-01 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\310978522

2009-01-29 16:35 . 2009-01-31 17:37 <DIR> d-------- c:\program files\LimeWire Plus

2009-01-29 16:35 . 2009-01-31 14:01 <DIR> d-------- c:\documents and settings\Bram\Application Data\LimeWirePlus

2009-01-26 20:13 . 2009-01-26 20:13 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-01-25 22:05 . 2008-06-14 18:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-01-25 21:56 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-01-25 21:54 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-01-25 21:46 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-01-25 21:46 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-01-25 21:45 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-01-25 21:45 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-01-25 21:45 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-01-25 21:34 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2009-01-25 21:34 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-01-25 11:41 . 2009-01-25 11:41 <DIR> d-------- c:\program files\Windows Media Connect 2

2009-01-25 11:40 . 2009-01-25 11:40 <DIR> d-------- c:\windows\system32\LogFiles

2009-01-25 11:40 . 2009-01-25 11:40 <DIR> d-------- c:\windows\system32\drivers\UMDF

2009-01-25 11:26 . 2006-02-09 07:50 392,444 -ra------ c:\windows\system32\drivers\usbVM305.sys

2009-01-25 11:23 . 2008-04-14 22:32 221,184 --a------ c:\windows\system32\wmpns.dll

2009-01-25 10:46 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-01-25 10:46 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-01-25 10:46 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-01-24 19:53 . 2009-01-24 19:53 <DIR> d-------- c:\program files\Sun

2009-01-24 19:53 . 2009-01-24 19:52 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-24 19:53 . 2009-01-24 19:52 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-24 19:51 . 2009-01-24 19:52 <DIR> d-------- c:\program files\Java

2009-01-24 19:31 . 2009-01-24 19:31 <DIR> d-------- c:\program files\Microsoft

2009-01-24 19:31 . 2009-02-03 16:03 <DIR> d-------- c:\documents and settings\Bram\Tracing

2009-01-24 19:30 . 2009-01-24 19:30 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-01-24 19:30 . 2009-01-24 19:31 <DIR> d-------- c:\program files\Windows Live

2009-01-24 19:28 . 2009-01-24 19:28 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-24 19:04 . 2009-01-24 19:07 <DIR> d-------- c:\windows\ServicePackFiles

2009-01-24 19:04 . 2008-04-14 22:32 315,392 -----c--- c:\windows\system32\dllcache\dlimport.exe

2009-01-24 19:00 . 2006-12-29 00:31 19,569 --a------ c:\windows\002729_.tmp

2009-01-24 17:04 . 2007-10-10 01:57 172,032 -ra------ c:\windows\system32\SecSNMP.dll

2009-01-24 17:04 . 2007-08-13 10:39 172,032 -ra------ c:\windows\system32\cl31cci.exe

2009-01-24 17:04 . 2007-08-13 10:39 65,536 -ra------ c:\windows\system32\cl31cci.dll

2009-01-24 17:04 . 2007-08-13 10:39 22,723 -ra------ c:\windows\system32\cl31cl3.dll

2009-01-24 17:04 . 2007-08-13 10:39 361 -ra------ c:\windows\system32\cl31cl3.smt

2009-01-24 17:03 . 2007-08-13 03:48 41,984 --------- c:\windows\system32\drivers\DGIVECP.SYS

2009-01-24 17:02 . 2009-01-24 17:02 <DIR> d-------- c:\program files\Network Print Monitor

2009-01-24 17:02 . 1998-10-29 16:45 324,096 --a------ c:\windows\IsUninst.exe

2009-01-24 16:57 . 2009-01-24 16:58 <DIR> d--h----- c:\windows\msdownld.tmp

2009-01-24 16:57 . 2009-01-29 16:27 <DIR> d-------- c:\program files\Google

2009-01-24 16:53 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-01-24 16:53 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-24 16:53 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-01-24 16:53 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-01-24 16:53 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-01-24 16:53 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-01-24 16:53 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-01-24 16:53 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-01-24 16:53 . 2008-10-16 14:11 31,232 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-01-24 16:41 . 2009-01-24 19:07 <DIR> d-------- c:\windows\system32\nl-NL

2009-01-24 16:41 . 2009-01-24 16:41 <DIR> d-------- c:\windows\system32\GroupPolicy

2009-01-24 16:41 . 2009-01-26 20:15 <DIR> d--h----- c:\windows\$hf_mig$

2009-01-24 16:41 . 2009-01-24 16:50 <DIR> d-------- c:\program files\Windows Desktop Search

2009-01-24 16:41 . 2007-08-10 20:52 26,488 --a------ c:\windows\system32\spupdsvc.exe

2009-01-24 16:23 . 2009-02-04 16:22 <DIR> d-------- c:\program files\Symantec AntiVirus

2009-01-24 16:23 . 2009-01-24 16:23 <DIR> d-------- c:\program files\Symantec

2009-01-24 16:23 . 2009-01-24 16:28 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-24 16:23 . 2009-01-24 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-24 16:23 . 2005-05-13 19:50 123,488 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-24 16:23 . 2005-05-13 19:50 91,856 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-24 16:13 . 2008-10-23 13:43 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll

2009-01-24 16:02 . 2009-01-24 16:02 <DIR> d-------- c:\program files\TeamViewer

2009-01-24 16:02 . 2009-01-24 16:02 <DIR> d-------- c:\documents and settings\Bram\Application Data\TeamViewer

2009-01-24 16:01 . 2009-01-24 16:01 <DIR> d-------- c:\documents and settings\Bram\temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-01 12:46 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-26 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-24 14:52 --------- d-----w c:\program files\MSBuild

2009-01-24 14:52 --------- d-----w c:\program files\Microsoft Works

2009-01-24 14:12 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-24 14:11 --------- d-----w c:\program files\Intel

2009-01-24 13:59 --------- d-----w c:\program files\microsoft frontpage

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll

.

------- Sigcheck -------

2008-04-14 22:33 1054720 479f77808ac6e5a1e1eb4a655369ae01 c:\windows\explorer.exe

2004-08-04 00:03 1053184 f435e62c666284d8555774143138d08c c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 22:33 1054720 2b662ec02f9dc3bb6edccd0b9c5f918e c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 00:03 32768 d1e6a0f6b53a4c0fec6f0e485afcbca2 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 22:32 32768 33ff0b1d80560f3a6d9ce814564fd04e c:\windows\ServicePackFiles\i386\ctfmon.exe

2008-04-14 22:32 32768 0a641b9e3fb740ff0e70e8ea64044447 c:\windows\system32\ctfmon.exe

2004-08-04 00:03 75264 7bf1bc5b3c8de07fe87847f07ba43e5d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2008-04-14 22:33 75264 555aa1edb2b463054a92844105ad135c c:\windows\ServicePackFiles\i386\spoolsv.exe

2008-04-14 22:33 75264 ac2e86c44e2a2b40fa82eb1ff4c253d2 c:\windows\system32\spoolsv.exe

2004-08-04 00:03 41984 53f6b0a2325f6c9d03affd9750524941 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 22:33 43520 966dda64bd3416c31ba598688160fffb c:\windows\ServicePackFiles\i386\userinit.exe

2008-04-14 22:33 43520 7011d97083abe0c826ca8503f1a428a4 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 32768]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1712640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-24 136600]

"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

R3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2009-01-25 392444]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - EraserUtilDrvI7

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fd7068a-ea25-11dd-84f9-0011099941fc}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:

\Shell\Open\command - k:\resycled\boot.com f:

.

Inhoud van de 'Gedeelde Taken' map

2009-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-02-02 c:\windows\Tasks\At1.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At10.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At11.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At12.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At13.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At14.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At15.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At16.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-03 c:\windows\Tasks\At17.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-03 c:\windows\Tasks\At18.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-03 c:\windows\Tasks\At19.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At2.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-03 c:\windows\Tasks\At20.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-04 c:\windows\Tasks\At21.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-03 c:\windows\Tasks\At22.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At23.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At24.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At3.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At4.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At5.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At6.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At7.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At8.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

2009-02-02 c:\windows\Tasks\At9.job

- c:\windows\system32\srbG2NGJ.exe [2009-02-02 17:06]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://www.google.com

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-04 16:33:42

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scannen van verborgen bestanden ...

c:\windows\system32\audiode.dll 96256 bytes executable

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

.

Voltooingstijd: 2009-02-04 16:35:47

ComboFix-quarantined-files.txt 2009-02-04 15:35:43

Pre-Run: 10,283,720,704 bytes beschikbaar

Post-Run: 10,322,214,912 bytes beschikbaar

251 --- E O F --- 2009-01-26 21:35:26

  • Reacties 24
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\srbG2NGJ.exe

c:\windows\002729_.tmp

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fd7068a-ea25-11dd-84f9-0011099941fc}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Geplaatst:

ok, ga ik doen.

ik dacht eer even MBAM kijken wat die nog kan vinden.

ik start hem op en laat hem scannen. kijk nu eens naar die log, hoe kom ik hier toch telkends aan?:bawling:

logje MBAM

Malwarebytes' Anti-Malware 1.33

Database versie: 1721

Windows 5.1.2600 Service Pack 3

2009-02-04 21:56:49

mbam-log-2009-02-04 (21-56-49).txt

Scan type: Snelle Scan

Objecten gescand: 50082

Verstreken tijd: 3 minute(s), 35 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 6

Registerwaarden geïnfecteerd: 4

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\CLSID\{502aadf7-c088-4003-9e4d-a3fab23a8416} (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{502aadf7-c088-4003-9e4d-a3fab23a8416} (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{502aadf7-c088-4003-9e4d-a3fab23a8416} (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{62b739fd-33e7-44f4-aebc-2b6dace17dc9} (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62b739fd-33e7-44f4-aebc-2b6dace17dc9} (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62b739fd-33e7-44f4-aebc-2b6dace17dc9} (Spyware.Passwords) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

C:\WINDOWS\system32\audiode.dll (Spyware.Passwords) -> Delete on reboot.

Geplaatst:

Zolang die items met Combofix niet verwijderd zijn, ga je steeds nieuwe besmettingen ontdekken met Malwarebytes. Eerst dat even doen ... en dan kijken we weer verder.

Geplaatst:

scan gedaan maar ik kan nergends het logje combofix.txt vinden. hij startte dit ook niet op

Geplaatst:

sorrie dat ik zolang niet geantwoord heb. komt omdat internet dr uitlag. hier t logje

ComboFix 09-02-04.04 - Bram 2009-02-05 16:21:30.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.767.414 [GMT 1:00]

Gestart vanuit: e:\mijn afbeeldingen\ComboFix.exe

gebruikte Opdracht switches :: e:\mijn afbeeldingen\CFscript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

c:\windows\002729_.tmp

c:\windows\system32\srbG2NGJ.exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\002729_.tmp

c:\windows\services.exe

c:\windows\system32\4.tmp

c:\windows\system32\6.tmp

c:\windows\system32\8.tmp

c:\windows\system32\9.tmp

c:\windows\system32\C.tmp

c:\windows\system32\c++.exe

c:\windows\system32\drivers\protect.sys

c:\windows\system32\srbG2NGJ.exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PROTECT

-------\Service_Passthru

-------\Service_protect

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-05 to 2009-02-05 ))))))))))))))))))))))))))))))

.

2009-02-05 16:10 . 2009-02-05 16:10 11,776 --ah----- c:\documents and settings\Bram\becwg.exe

2009-02-05 16:09 . 2009-02-05 16:09 124 --a------ c:\windows\system32\5.tmp

2009-02-05 16:02 . 2009-02-05 16:02 124 --a------ c:\windows\system32\3.tmp

2009-02-05 15:58 . 2009-02-05 15:58 33,920 --a------ c:\windows\system32\drivers\zyejugxp.sys

2009-02-05 15:57 . 2009-02-05 15:57 11,776 --ah----- c:\documents and settings\Bram\pnehnv.exe

2009-02-05 15:57 . 2009-02-05 15:57 124 --a------ c:\windows\system32\A.tmp

2009-02-05 15:56 . 2009-02-05 16:10 66,560 ---h----- c:\windows\system32\secupdat.dat

2009-02-05 15:56 . 2009-02-05 16:10 53,248 --a------ c:\windows\system32\drivers\ndisio.sys

2009-02-05 15:56 . 2009-02-05 15:56 32,768 --ah----- c:\documents and settings\Bram\wbi.exe

2009-02-05 15:56 . 2009-02-05 15:56 616 --a------ c:\windows\system32\7.tmp

2009-02-05 15:56 . 2009-02-05 15:56 124 --a------ c:\windows\system32\2.tmp

2009-02-03 16:09 . 2009-02-03 16:09 <DIR> d-------- c:\program files\Trend Micro

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\documents and settings\Bram\Application Data\Malwarebytes

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-02 21:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-02 21:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-02 21:42 . 2009-02-02 21:42 <DIR> dr------- c:\documents and settings\LocalService\Favorieten

2009-02-02 19:08 . 2009-02-02 19:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-02-02 19:04 . 2009-02-02 21:55 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-02-02 18:58 . 2009-02-02 21:55 <DIR> d-------- c:\program files\Lavasoft

2009-02-02 18:58 . 2009-02-02 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-02 18:00 . 2009-02-02 18:00 <DIR> dr------- c:\documents and settings\NetworkService\Favorieten

2009-02-02 17:29 . 2009-02-02 17:29 <DIR> d-------- c:\program files\Enigma Software Group

2009-02-01 13:47 . 2009-02-01 13:47 <DIR> d-------- c:\windows\nview

2009-02-01 13:47 . 2008-05-16 14:01 466,944 --a------ c:\windows\system32\nvudisp.exe

2009-02-01 13:47 . 2009-02-05 16:26 186,097 --a------ c:\windows\system32\nvapps.xml

2009-02-01 13:47 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu

2009-02-01 13:46 . 2009-02-01 13:46 <DIR> d-------- C:\NVIDIA

2009-02-01 13:46 . 2008-05-16 11:48 466,944 --a------ c:\windows\system32\NVUNINST.EXE

2009-02-01 11:54 . 2009-02-01 17:28 34 --a------ c:\documents and settings\Bram\jagex_runescape_preferences.dat

2009-02-01 11:53 . 2009-02-01 11:53 <DIR> d-------- c:\windows\Sun

2009-02-01 11:53 . 2009-02-01 11:53 <DIR> d-------- c:\windows\.jagex_cache_32

2009-01-31 17:40 . 2009-01-31 17:40 0 --a------ c:\windows\vpc32.INI

2009-01-31 17:33 . 2009-02-01 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\310978522

2009-01-29 16:35 . 2009-01-31 17:37 <DIR> d-------- c:\program files\LimeWire Plus

2009-01-29 16:35 . 2009-01-31 14:01 <DIR> d-------- c:\documents and settings\Bram\Application Data\LimeWirePlus

2009-01-26 20:13 . 2009-01-26 20:13 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-01-25 22:05 . 2008-06-14 18:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-01-25 21:56 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-01-25 21:54 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-01-25 21:46 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-01-25 21:46 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-01-25 21:45 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-01-25 21:45 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-01-25 21:45 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-01-25 21:34 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2009-01-25 21:34 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-01-25 11:41 . 2009-01-25 11:41 <DIR> d-------- c:\program files\Windows Media Connect 2

2009-01-25 11:40 . 2009-01-25 11:40 <DIR> d-------- c:\windows\system32\LogFiles

2009-01-25 11:40 . 2009-01-25 11:40 <DIR> d-------- c:\windows\system32\drivers\UMDF

2009-01-25 11:26 . 2006-02-09 07:50 392,444 -ra------ c:\windows\system32\drivers\usbVM305.sys

2009-01-25 11:23 . 2008-04-14 22:32 221,184 --a------ c:\windows\system32\wmpns.dll

2009-01-25 10:46 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-01-25 10:46 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-01-25 10:46 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-01-24 19:53 . 2009-01-24 19:53 <DIR> d-------- c:\program files\Sun

2009-01-24 19:53 . 2009-01-24 19:52 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-24 19:53 . 2009-01-24 19:52 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-24 19:51 . 2009-01-24 19:52 <DIR> d-------- c:\program files\Java

2009-01-24 19:31 . 2009-01-24 19:31 <DIR> d-------- c:\program files\Microsoft

2009-01-24 19:31 . 2009-02-03 16:03 <DIR> d-------- c:\documents and settings\Bram\Tracing

2009-01-24 19:30 . 2009-01-24 19:30 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-01-24 19:30 . 2009-01-24 19:31 <DIR> d-------- c:\program files\Windows Live

2009-01-24 19:28 . 2009-01-24 19:28 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-24 19:04 . 2009-01-24 19:07 <DIR> d-------- c:\windows\ServicePackFiles

2009-01-24 19:04 . 2008-04-14 22:32 315,392 -----c--- c:\windows\system32\dllcache\dlimport.exe

2009-01-24 17:04 . 2007-10-10 01:57 172,032 -ra------ c:\windows\system32\SecSNMP.dll

2009-01-24 17:04 . 2007-08-13 10:39 172,032 -ra------ c:\windows\system32\cl31cci.exe

2009-01-24 17:04 . 2007-08-13 10:39 65,536 -ra------ c:\windows\system32\cl31cci.dll

2009-01-24 17:04 . 2007-08-13 10:39 22,723 -ra------ c:\windows\system32\cl31cl3.dll

2009-01-24 17:04 . 2007-08-13 10:39 361 -ra------ c:\windows\system32\cl31cl3.smt

2009-01-24 17:03 . 2007-08-13 03:48 41,984 --------- c:\windows\system32\drivers\DGIVECP.SYS

2009-01-24 17:02 . 2009-01-24 17:02 <DIR> d-------- c:\program files\Network Print Monitor

2009-01-24 17:02 . 1998-10-29 16:45 324,096 --a------ c:\windows\IsUninst.exe

2009-01-24 16:57 . 2009-01-24 16:58 <DIR> d--h----- c:\windows\msdownld.tmp

2009-01-24 16:57 . 2009-01-29 16:27 <DIR> d-------- c:\program files\Google

2009-01-24 16:53 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-01-24 16:53 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-24 16:53 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-01-24 16:53 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-01-24 16:53 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-01-24 16:53 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-01-24 16:53 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-01-24 16:53 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-01-24 16:53 . 2008-10-16 14:11 31,232 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-01-24 16:41 . 2009-01-24 19:07 <DIR> d-------- c:\windows\system32\nl-NL

2009-01-24 16:41 . 2009-01-24 16:41 <DIR> d-------- c:\windows\system32\GroupPolicy

2009-01-24 16:41 . 2009-01-26 20:15 <DIR> d--h----- c:\windows\$hf_mig$

2009-01-24 16:41 . 2009-01-24 16:50 <DIR> d-------- c:\program files\Windows Desktop Search

2009-01-24 16:41 . 2007-08-10 20:52 26,488 --a------ c:\windows\system32\spupdsvc.exe

2009-01-24 16:23 . 2009-02-05 16:26 <DIR> d-------- c:\program files\Symantec AntiVirus

2009-01-24 16:23 . 2009-01-24 16:23 <DIR> d-------- c:\program files\Symantec

2009-01-24 16:23 . 2009-01-24 16:28 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-24 16:23 . 2009-01-24 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-24 16:23 . 2005-05-13 19:50 123,488 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-24 16:23 . 2005-05-13 19:50 91,856 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-24 16:13 . 2008-10-23 13:43 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll

2009-01-24 16:02 . 2009-01-24 16:02 <DIR> d-------- c:\program files\TeamViewer

2009-01-24 16:02 . 2009-01-24 16:02 <DIR> d-------- c:\documents and settings\Bram\Application Data\TeamViewer

2009-01-24 16:01 . 2009-01-24 16:01 <DIR> d-------- c:\documents and settings\Bram\temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-01 12:46 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-26 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-24 14:52 --------- d-----w c:\program files\MSBuild

2009-01-24 14:52 --------- d-----w c:\program files\Microsoft Works

2009-01-24 14:12 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-24 14:11 --------- d-----w c:\program files\Intel

2009-01-24 13:59 --------- d-----w c:\program files\microsoft frontpage

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

.

------- Sigcheck -------

2004-08-04 00:03 31744 52b1d3e33454675e89753c990cc687e7 c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-14 22:33 31744 b54f6cb2195839c045e5332cd82e192e c:\windows\ServicePackFiles\i386\svchost.exe

2008-04-14 22:33 31744 e4fa547adf6729a8ee64cc32ac77405b c:\windows\system32\svchost.exe

2008-04-14 22:33 1054720 479f77808ac6e5a1e1eb4a655369ae01 c:\windows\explorer.exe

2004-08-04 00:03 1053184 f435e62c666284d8555774143138d08c c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 22:33 1054720 2b662ec02f9dc3bb6edccd0b9c5f918e c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 00:03 32768 d1e6a0f6b53a4c0fec6f0e485afcbca2 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 22:32 32768 33ff0b1d80560f3a6d9ce814564fd04e c:\windows\ServicePackFiles\i386\ctfmon.exe

2008-04-14 22:32 32768 0a641b9e3fb740ff0e70e8ea64044447 c:\windows\system32\ctfmon.exe

2004-08-04 00:03 75264 7bf1bc5b3c8de07fe87847f07ba43e5d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2008-04-14 22:33 75264 555aa1edb2b463054a92844105ad135c c:\windows\ServicePackFiles\i386\spoolsv.exe

2008-04-14 22:33 75264 ac2e86c44e2a2b40fa82eb1ff4c253d2 c:\windows\system32\spoolsv.exe

2004-08-04 00:03 41984 53f6b0a2325f6c9d03affd9750524941 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 22:33 43520 966dda64bd3416c31ba598688160fffb c:\windows\ServicePackFiles\i386\userinit.exe

2008-04-14 22:33 43520 7011d97083abe0c826ca8503f1a428a4 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((( snapshot@2009-02-04_16.34.34.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 19:02:28 184,320 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2009-02-04 15:21:53 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-02-05 15:25:25 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-02-04 15:21:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

+ 2009-02-05 15:25:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

- 2009-02-04 15:21:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-05 15:25:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-05 15:25:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_54c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 32768]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1712640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-24 136600]

"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\zyejugxp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

R0 zyejugxp;zyejugxp;c:\windows\system32\drivers\zyejugxp.sys [2009-02-05 33920]

R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2009-01-30 99376]

R3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2009-01-25 392444]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608]

.

Inhoud van de 'Gedeelde Taken' map

2009-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://www.google.com

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-05 16:26:46

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2009-02-05 16:29:36 - machine werd herstart [bram]

ComboFix-quarantined-files.txt 2009-02-05 15:29:32

ComboFix2.txt 2009-02-04 15:35:48

Pre-Run: 10,557,079,552 bytes beschikbaar

Post-Run: 10,545,709,056 bytes beschikbaar

308 --- E O F --- 2009-01-26 21:35:26

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\documents and settings\Bram\becwg.exe

c:\windows\system32\5.tmp

c:\windows\system32\3.tmp

c:\windows\system32\drivers\zyejugxp.sys

c:\documents and settings\Bram\pnehnv.exe

c:\windows\system32\A.tmp

c:\windows\system32\drivers\ndisio.sys

c:\documents and settings\Bram\wbi.exe

c:\windows\system32\7.tmp

c:\windows\system32\2.tmp

Folder::

c:\documents and settings\All Users\Application Data\310978522

c:\windows\system32\GroupPolicy

Driver::

zyejugxp

ndisio

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\zyejugxp.sys]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Geplaatst:

Kan niet. hie zegt wilde u dit script gebruiken? het lijkt alof dit script verkeerd is geschreven.

Klopt dit kijk het eventjes na aub.

ik ben van die pop-ups af en mijn computer doet het gewoon weer goed.

zijn verdere stappen echt nodig want de vorige keer met combofix had hij heel mijn internet poorten veranderd en kon ik niet meer op internet.

best lastig om terug te zetten btw.

Geplaatst:

Erg vreemd, want Combofix heeft al gewerkt :s

En is dit nodig ? Ja, dus ... want sinds je vorige log zijn er weer nieuwe besmette bestanden op je PC terechtgekomen. Dat mag dan misschien uiterlijk niet zichtbaar zijn, toch zitten ze er. Het wegnemen van de bron via de aangeduide fix met Combofix is dan ook noodzakelijk om herhaling van je problemen te voorkomen. Maar aan jou de keuze ... het is jouw PC.

Mocht je toch nog willen doorgaan, moet je eerst Combofix even uninstallen via volgende opdracht in "uitvoeren" te zetten : combofix /u Dan een nieuwe versie downloaden en de fix trachten uit te voeren. Maar of je dit al dan niet wil doen is uiteraard jouw beslissing ... geen probleem.

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.