[OPGELOST] System Security

7 februari 2009

nouw, ik ga wel doen van combofix opnieuw te halen. als het waar is wat jij zegt kan er misschien wel iets gebeuren. eerst slapen dat kijk ik morgen verder. hopelijk kom ik er ooit van af.

8 februari 2009

gelukt, maar wel erg raar dat hij mijn lan poorten veranderd. mijn vriend heeft het kunnen oplossen voor de 2e keer maar wel erg vervelend:bawling:

hier is t logje

ComboFix 09-02-06.04 - Bram 2009-02-08 11:50:28.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.395 [GMT 1:00]

Gestart vanuit: e:\mijn afbeeldingen\ComboFix.exe

gebruikte Opdracht switches :: e:\mijn afbeeldingen\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

c:\documents and settings\Bram\becwg.exe

c:\documents and settings\Bram\pnehnv.exe

c:\documents and settings\Bram\wbi.exe

c:\windows\system32\2.tmp

c:\windows\system32\3.tmp

c:\windows\system32\5.tmp

c:\windows\system32\7.tmp

c:\windows\system32\A.tmp

c:\windows\system32\drivers\ndisio.sys

c:\windows\system32\drivers\zyejugxp.sys

c:\windows\system32\GroupPolicy -- Whitelisted --

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\310978522

c:\documents and settings\All Users\Application Data\310978522\789606398.exe

c:\documents and settings\All Users\Application Data\310978522\789606398.rar

c:\documents and settings\All Users\Application Data\310978522\config.udb

c:\documents and settings\All Users\Application Data\310978522\init.udb

c:\documents and settings\All Users\Application Data\310978522\Langs.udb

c:\documents and settings\Bram\becwg.exe

c:\documents and settings\Bram\pnehnv.exe

c:\documents and settings\Bram\wbi.exe

c:\windows\services.exe

c:\windows\system32\3.tmp

c:\windows\system32\4.tmp

c:\windows\system32\5.tmp

c:\windows\system32\7.tmp

c:\windows\system32\8.tmp

c:\windows\system32\9.tmp

c:\windows\system32\A.tmp

c:\windows\system32\C.tmp

c:\windows\system32\drivers\ndisio.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ZYEJUGXP

-------\Service_Passthru

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-08 to 2009-02-08 ))))))))))))))))))))))))))))))

.

2009-02-08 11:48 . 2009-02-08 11:48 11,776 --ah----- c:\documents and settings\Bram\qmmq.exe

2009-02-08 11:48 . 2009-02-08 11:48 128 --a------ c:\windows\adobe.bat

2009-02-08 11:48 . 2009-02-08 11:48 0 --a------ c:\windows\_id.dat

2009-02-08 11:37 . 2009-02-08 11:37 128 --a------ c:\windows\system32\6.tmp

2009-02-08 10:35 . 2009-02-08 10:35 163,652 --a------ c:\windows\system32\16.tmp

2009-02-08 10:35 . 2009-02-08 10:35 33,920 --a------ c:\windows\system32\drivers\uslrpxmt.sys

2009-02-08 10:35 . 2009-02-08 10:35 32,768 --ah----- c:\documents and settings\Bram\yjoameq.exe

2009-02-08 10:35 . 2009-02-08 10:35 29,184 --a------ c:\windows\system32\15.tmp

2009-02-08 10:35 . 2009-02-08 10:35 23,553 --a------ c:\windows\system32\14.tmp

2009-02-08 10:35 . 2009-02-08 10:35 172 --a------ c:\windows\system32\13.tmp

2009-02-08 10:34 . 2009-02-08 11:40 138,336 --a------ c:\windows\system32\drivers\ethhaubs.sys

2009-02-08 10:34 . 2009-02-08 10:34 32,768 --ah----- c:\documents and settings\Bram\dxawirp.exe

2009-02-08 10:34 . 2009-02-08 10:34 616 --a------ c:\windows\system32\D.tmp

2009-02-07 20:05 . 2009-02-07 20:05 <DIR> d-------- c:\windows\system32\Adobe

2009-02-07 19:24 . 2009-02-07 19:24 <DIR> d-------- c:\program files\Common Files\INCA Shared

2009-02-07 19:24 . 2003-07-19 07:17 5,174 --a------ c:\windows\system32\nppt9x.vxd

2009-02-07 19:24 . 2005-01-02 22:43 4,682 --a------ c:\windows\system32\npptNT2.sys

2009-02-07 19:16 . 2009-02-07 19:16 <DIR> d-------- C:\ijji

2009-02-07 19:16 . 2009-02-07 19:22 <DIR> d--h----- c:\documents and settings\Bram\Application Data\ijjigame

2009-02-07 17:26 . 2009-02-07 19:07 <DIR> d-------- C:\Nexon

2009-02-07 17:26 . 2009-02-07 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\NexonUS

2009-02-07 17:07 . 2009-02-07 19:29 <DIR> d-------- c:\program files\Pando Networks

2009-02-07 17:07 . 2009-02-07 17:07 204 --a------ C:\Plugins

2009-02-05 15:56 . 2009-02-08 11:48 66,560 ---h----- c:\windows\system32\secupdat.dat

2009-02-03 16:09 . 2009-02-03 16:09 <DIR> d-------- c:\program files\Trend Micro

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\documents and settings\Bram\Application Data\Malwarebytes

2009-02-02 21:49 . 2009-02-02 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-02 21:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-02 21:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-02 21:42 . 2009-02-02 21:42 <DIR> dr------- c:\documents and settings\LocalService\Favorieten

2009-02-02 19:08 . 2009-02-02 19:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-02-02 19:04 . 2009-02-02 21:55 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-02-02 18:58 . 2009-02-02 21:55 <DIR> d-------- c:\program files\Lavasoft

2009-02-02 18:58 . 2009-02-02 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-02 18:00 . 2009-02-02 18:00 <DIR> dr------- c:\documents and settings\NetworkService\Favorieten

2009-02-02 17:29 . 2009-02-02 17:29 <DIR> d-------- c:\program files\Enigma Software Group

2009-02-01 13:47 . 2009-02-01 13:47 <DIR> d-------- c:\windows\nview

2009-02-01 13:47 . 2008-05-16 14:01 466,944 --a------ c:\windows\system32\nvudisp.exe

2009-02-01 13:47 . 2009-02-08 11:56 186,097 --a------ c:\windows\system32\nvapps.xml

2009-02-01 13:47 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu

2009-02-01 13:46 . 2009-02-01 13:46 <DIR> d-------- C:\NVIDIA

2009-02-01 13:46 . 2008-05-16 11:48 466,944 --a------ c:\windows\system32\NVUNINST.EXE

2009-02-01 11:54 . 2009-02-07 14:49 34 --a------ c:\documents and settings\Bram\jagex_runescape_preferences.dat

2009-02-01 11:53 . 2009-02-01 11:53 <DIR> d-------- c:\windows\Sun

2009-02-01 11:53 . 2009-02-01 11:53 <DIR> d-------- c:\windows\.jagex_cache_32

2009-01-31 17:40 . 2009-01-31 17:40 0 --a------ c:\windows\vpc32.INI

2009-01-29 16:35 . 2009-01-31 17:37 <DIR> d-------- c:\program files\LimeWire Plus

2009-01-29 16:35 . 2009-01-31 14:01 <DIR> d-------- c:\documents and settings\Bram\Application Data\LimeWirePlus

2009-01-26 20:13 . 2009-01-26 20:13 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-01-25 22:05 . 2008-06-14 18:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-01-25 21:56 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-01-25 21:54 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-01-25 21:54 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-01-25 21:46 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-01-25 21:46 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-01-25 21:45 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-01-25 21:45 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-01-25 21:45 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-01-25 21:34 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2009-01-25 21:34 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-01-25 11:41 . 2009-01-25 11:41 <DIR> d-------- c:\program files\Windows Media Connect 2

2009-01-25 11:40 . 2009-01-25 11:40 <DIR> d-------- c:\windows\system32\LogFiles

2009-01-25 11:40 . 2009-01-25 11:40 <DIR> d-------- c:\windows\system32\drivers\UMDF

2009-01-25 11:26 . 2006-02-09 07:50 392,444 -ra------ c:\windows\system32\drivers\usbVM305.sys

2009-01-25 11:23 . 2008-04-14 22:32 221,184 --a------ c:\windows\system32\wmpns.dll

2009-01-25 10:46 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-01-25 10:46 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-01-25 10:46 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-01-24 19:53 . 2009-01-24 19:53 <DIR> d-------- c:\program files\Sun

2009-01-24 19:53 . 2009-01-24 19:52 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-24 19:53 . 2009-01-24 19:52 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-24 19:51 . 2009-01-24 19:52 <DIR> d-------- c:\program files\Java

2009-01-24 19:31 . 2009-01-24 19:31 <DIR> d-------- c:\program files\Microsoft

2009-01-24 19:31 . 2009-02-07 13:28 <DIR> d-------- c:\documents and settings\Bram\Tracing

2009-01-24 19:30 . 2009-01-24 19:30 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-01-24 19:30 . 2009-01-24 19:31 <DIR> d-------- c:\program files\Windows Live

2009-01-24 19:28 . 2009-01-24 19:28 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-24 19:04 . 2009-01-24 19:07 <DIR> d-------- c:\windows\ServicePackFiles

2009-01-24 19:04 . 2008-04-14 22:32 315,392 -----c--- c:\windows\system32\dllcache\dlimport.exe

2009-01-24 17:04 . 2007-10-10 01:57 172,032 -ra------ c:\windows\system32\SecSNMP.dll

2009-01-24 17:04 . 2007-08-13 10:39 172,032 -ra------ c:\windows\system32\cl31cci.exe

2009-01-24 17:04 . 2007-08-13 10:39 65,536 -ra------ c:\windows\system32\cl31cci.dll

2009-01-24 17:04 . 2007-08-13 10:39 22,723 -ra------ c:\windows\system32\cl31cl3.dll

2009-01-24 17:04 . 2007-08-13 10:39 361 -ra------ c:\windows\system32\cl31cl3.smt

2009-01-24 17:03 . 2007-08-13 03:48 41,984 --------- c:\windows\system32\drivers\DGIVECP.SYS

2009-01-24 17:02 . 2009-01-24 17:02 <DIR> d-------- c:\program files\Network Print Monitor

2009-01-24 17:02 . 1998-10-29 16:45 324,096 --a------ c:\windows\IsUninst.exe

2009-01-24 16:57 . 2009-01-24 16:58 <DIR> d--h----- c:\windows\msdownld.tmp

2009-01-24 16:57 . 2009-01-29 16:27 <DIR> d-------- c:\program files\Google

2009-01-24 16:53 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-01-24 16:53 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-24 16:53 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-01-24 16:53 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-01-24 16:53 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-01-24 16:53 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-01-24 16:53 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-01-24 16:53 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-01-24 16:53 . 2008-10-16 14:11 31,232 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-01-24 16:41 . 2009-01-24 19:07 <DIR> d-------- c:\windows\system32\nl-NL

2009-01-24 16:41 . 2009-01-24 16:41 <DIR> d-------- c:\windows\system32\GroupPolicy

2009-01-24 16:41 . 2009-01-26 20:15 <DIR> d--h----- c:\windows\$hf_mig$

2009-01-24 16:41 . 2009-01-24 16:50 <DIR> d-------- c:\program files\Windows Desktop Search

2009-01-24 16:41 . 2007-08-10 20:52 26,488 --a------ c:\windows\system32\spupdsvc.exe

2009-01-24 16:23 . 2009-02-08 11:55 <DIR> d-------- c:\program files\Symantec AntiVirus

2009-01-24 16:23 . 2009-01-24 16:23 <DIR> d-------- c:\program files\Symantec

2009-01-24 16:23 . 2009-01-24 16:28 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-24 16:23 . 2009-01-24 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-24 16:23 . 2005-05-13 19:50 123,488 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-24 16:23 . 2005-05-13 19:50 91,856 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-24 16:13 . 2008-10-23 13:43 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll

2009-01-24 16:02 . 2009-01-24 16:02 <DIR> d-------- c:\program files\TeamViewer

2009-01-24 16:02 . 2009-01-24 16:02 <DIR> d-------- c:\documents and settings\Bram\Application Data\TeamViewer

2009-01-24 16:01 . 2009-01-24 16:01 <DIR> d-------- c:\documents and settings\Bram\temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-07 18:30 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-01 12:46 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-26 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-24 14:52 --------- d-----w c:\program files\MSBuild

2009-01-24 14:52 --------- d-----w c:\program files\Microsoft Works

2009-01-24 14:11 --------- d-----w c:\program files\Intel

2009-01-24 13:59 --------- d-----w c:\program files\microsoft frontpage

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll

.

------- Sigcheck -------

2004-08-04 00:03 31744 52b1d3e33454675e89753c990cc687e7 c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-14 22:33 31744 b54f6cb2195839c045e5332cd82e192e c:\windows\ServicePackFiles\i386\svchost.exe

2008-04-14 22:33 31744 e4fa547adf6729a8ee64cc32ac77405b c:\windows\system32\svchost.exe

2008-04-14 22:33 1054720 479f77808ac6e5a1e1eb4a655369ae01 c:\windows\explorer.exe

2004-08-04 00:03 1053184 f435e62c666284d8555774143138d08c c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 22:33 1054720 2b662ec02f9dc3bb6edccd0b9c5f918e c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 00:03 32768 d1e6a0f6b53a4c0fec6f0e485afcbca2 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 22:32 32768 33ff0b1d80560f3a6d9ce814564fd04e c:\windows\ServicePackFiles\i386\ctfmon.exe

2008-04-14 22:32 32768 0a641b9e3fb740ff0e70e8ea64044447 c:\windows\system32\ctfmon.exe

2004-08-04 00:03 75264 7bf1bc5b3c8de07fe87847f07ba43e5d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2008-04-14 22:33 75264 555aa1edb2b463054a92844105ad135c c:\windows\ServicePackFiles\i386\spoolsv.exe

2008-04-14 22:33 75264 ac2e86c44e2a2b40fa82eb1ff4c253d2 c:\windows\system32\spoolsv.exe

2004-08-04 00:03 41984 53f6b0a2325f6c9d03affd9750524941 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 22:33 43520 966dda64bd3416c31ba598688160fffb c:\windows\ServicePackFiles\i386\userinit.exe

2008-04-14 22:33 43520 7011d97083abe0c826ca8503f1a428a4 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((( snapshot@2009-02-04_16.34.34.50 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-02-01 15:59:30 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll

+ 2009-02-07 13:49:17 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll

- 2009-02-01 15:59:30 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll

+ 2009-02-07 13:49:17 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll

+ 2009-02-07 18:23:39 787,904 ----a-w c:\windows\Downloaded Program Files\PurpleBean.exe

+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

+ 2009-01-16 18:17:04 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

+ 2009-01-16 16:19:40 202,168 ------w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 16:19:58 67,000 ----a-w c:\windows\system32\Adobe\Director\SwDnld.exe

+ 2009-01-16 18:17:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2009-01-16 17:58:24 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-01-16 18:17:46 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2009-01-16 17:45:12 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2009-01-16 17:45:12 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe

+ 2009-01-16 17:45:12 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 17:54:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2009-01-16 18:16:22 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2009-01-16 18:18:16 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2009-01-16 18:25:14 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe

+ 2009-01-16 18:16:08 135,168 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2009-01-16 18:16:06 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2009-01-16 17:45:12 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 1999-06-25 09:55:30 166,912 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

- 2009-02-04 15:21:53 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-02-08 10:54:58 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-02-04 15:21:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

+ 2009-02-08 10:54:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

- 2009-02-04 15:21:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-08 10:54:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-04 00:03:22 53,248 ----a-w c:\windows\system32\Macromed\Common\SwSupport.dll

+ 2008-12-03 23:59:26 581,632 ----a-w c:\windows\system32\Macromed\Shockwave 10\Control.dll

+ 2008-12-03 23:59:30 1,490,944 ----a-w c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll

+ 2008-12-03 23:59:26 24,576 ----a-w c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll

+ 2008-12-03 23:59:30 606,208 ----a-w c:\windows\system32\Macromed\Shockwave 10\iml32X.dll

+ 2008-12-03 23:59:26 339,968 ----a-w c:\windows\system32\Macromed\Shockwave 10\Plugin.dll

+ 2008-12-03 23:59:26 475,136 ----a-w c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll

+ 2008-12-03 23:59:26 180,224 ----a-w c:\windows\system32\Macromed\Shockwave 10\Proj.dll

+ 2008-12-03 23:59:26 98,304 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwInit.exe

+ 2008-12-03 23:59:26 86,016 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll

+ 2008-12-03 23:59:26 98,304 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll

+ 2009-02-08 10:55:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6a0.dat

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 32768]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1712640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-24 136600]

"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uslrpxmt.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

R0 uslrpxmt;uslrpxmt;c:\windows\system32\drivers\uslrpxmt.sys [2009-02-08 33920]

R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2009-01-30 99376]

R3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2009-01-25 392444]

S1 ethhaubs;ethhaubs;c:\windows\system32\drivers\ethhaubs.sys [2009-02-08 138336]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608]

.

Inhoud van de 'Gedeelde Taken' map

2009-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

.

- - - - ORPHANS VERWIJDERD - - - -

HKU-Default-Run-services - c:\windows\services.exe

HKLM-Explorer_Run-services - c:\windows\services.exe

HKU-Default-Explorer_Run-services - c:\windows\services.exe

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://www.google.com

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-08 11:55:54

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2009-02-08 11:58:48 - machine werd herstart [bram]

ComboFix-quarantined-files.txt 2009-02-08 10:58:43

ComboFix2.txt 2009-02-05 15:29:38

ComboFix3.txt 2009-02-04 15:35:48

Pre-Run: 10.392.621.056 bytes beschikbaar

Post-Run: 10,401,415,168 bytes beschikbaar

333 --- E O F --- 2009-01-26 21:35:26

kape · 8 februari 2009

Deze items verwijderen met Windows Verkenner :

c:\documents and settings\Bram\qmmq.exe

c:\windows\adobe.bat

c:\windows\_id.dat

c:\windows\system32\6.tmp

c:\windows\system32\16.tmp

c:\windows\system32\drivers\uslrpxmt.sys

c:\documents and settings\Bram\yjoameq.exe

c:\windows\system32\15.tmp

c:\windows\system32\14.tmp

c:\windows\system32\13.tmp

c:\windows\system32\drivers\ethhaubs.sys

c:\documents and settings\Bram\dxawirp.exe

c:\windows\system32\D.tmp

Download Findykill en laat dit programma runnen. Kies voor de optie 1 en plaats dan het logje in je volgende bericht.

17 februari 2009

com start nu vanzelf op en zegt dat er een fout zit in system32, hij start vanzelf op als ik op internet zit en loopt vast als ik bezig ben. na de vakantie opnieuw installeren of is dit wel op te lossen?

kape · 18 februari 2009

com start nu vanzelf op en zegt dat er een fout zit in system32, hij start vanzelf op als ik op internet zit en loopt vast als ik bezig ben. na de vakantie opnieuw installeren of is dit wel op te lossen?

De verschillende problemen lijken zich meer en meer op te stapelen ... en - al ben ik er geen voorstander van - toch lijkt me uw laatste suggestie in dit geval wel de beste te zijn.

Inloggen

[OPGELOST] System Security

Aanbevolen berichten

Gast bramy

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Gast bramy

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

Gast bramy

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie