Ga naar inhoud

[OPGELOST] Warning: You have a security problem!

Stefert
 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites
Stefert Leerling

Stefert

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

Dit is het logje.

ComboFix 09-02-24.02 - Steven Scherrens 2009-02-25 17:48:16.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2029.1423 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Steven Scherrens\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Steven Scherrens\Application Data\MBSMainPlugin1635.dll

c:\windows\system32\init32.exe

Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))

.

2009-02-24 16:32 . 2009-02-24 16:32 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-02-24 16:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll

2009-02-24 16:31 . 2009-02-24 16:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-02-24 15:37 . 2009-02-24 16:46 <DIR> dr-h----- c:\documents and settings\Steven Scherrens\Onlangs geopend

2009-02-24 15:32 . 2009-02-24 15:32 <DIR> d-------- c:\program files\CCleaner

2009-02-24 14:27 . 2009-02-24 14:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-24 14:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-24 14:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\PCSuite

2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\Nokia

2009-02-24 13:09 . 2009-02-24 13:09 <DIR> d-------- c:\program files\PC Connectivity Solution

2009-02-24 13:08 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll

2009-02-24 13:08 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2009-02-24 13:08 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2009-02-24 13:08 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2009-02-22 10:58 . 2009-02-22 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\81A5

2009-02-18 13:35 . 2009-02-18 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\2213

2009-02-17 20:41 . 2009-02-17 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\349C

2009-02-15 16:48 . 2009-02-15 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\536B

2009-02-15 13:07 . 2009-02-15 13:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\341F

2009-02-14 17:00 . 2001-06-18 09:41 282,624 --a------ c:\windows\system32\ActiveSkin.ocx

2009-02-14 17:00 . 2001-01-10 12:23 162,304 --a------ C:\UNWISE.EXE

2009-02-14 17:00 . 2001-06-18 09:41 112 --a------ c:\windows\ActiveSkin.INI

2009-02-14 14:57 . 2009-02-14 14:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\262FD

2009-02-11 18:19 . 2008-04-14 18:02 219,136 --a--c--- c:\windows\system32\dllcache\uxtheme.dll

2009-02-11 18:16 . 2009-02-11 18:16 <DIR> d-------- c:\program files\Microsoft Plus! Digital Media Edition

2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\windows\Performance

2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation

2009-02-11 18:07 . 2009-02-11 18:27 <DIR> d-------- c:\windows\Icons

2009-02-11 14:39 . 2009-02-11 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\35232

2009-02-10 20:04 . 2007-08-01 11:03 93,184 --a------ c:\windows\system32\UnPoker.exe

2009-02-10 18:54 . 2009-02-10 18:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\63E

2009-02-09 21:00 . 2009-02-09 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\31F9

2009-02-06 19:55 . 2009-02-06 19:55 308,616 --a------ c:\windows\WLXPGSS.SCR

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

2009-02-04 13:30 . 2009-02-04 13:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\2D3B9

2009-02-01 10:29 . 2009-02-01 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\25138

2009-01-31 19:39 . 2009-01-31 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\634B

2009-01-31 16:04 . 2009-01-31 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\1B35B

2009-01-30 19:34 . 2009-01-30 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\3ADA

2009-01-29 20:16 . 2009-01-29 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\3238A

2009-01-28 14:07 . 2009-01-28 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\2A109

2009-01-27 17:48 . 2009-01-27 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\251F

2009-01-26 22:15 . 2009-01-26 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\193AF

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-25 16:51 --------- d-----w c:\program files\Steam

2009-02-25 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-24 15:44 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Nokia

2009-02-24 12:52 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-24 12:10 --------- d-----w c:\program files\Nokia

2009-02-24 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\Installations

2009-02-21 10:01 --------- d-----w c:\program files\Windows Live

2009-02-18 15:53 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\U3

2009-02-12 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-02-12 17:25 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\skypePM

2009-02-11 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-02-06 18:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-06 18:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-01-24 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts

2009-01-22 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\244E

2009-01-21 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\73B9

2009-01-20 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\272E

2009-01-19 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\11217

2009-01-17 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\D2AF

2009-01-15 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\13DA

2009-01-12 16:45 --------- d-----w c:\program files\Google

2009-01-11 19:08 --------- d-----w c:\documents and settings\All Users\Application Data\2F3A9

2009-01-09 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\2A213

2009-01-08 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\33242

2009-01-03 13:42 --------- d-----w c:\documents and settings\All Users\Application Data\2090410918

2009-01-03 13:29 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Malwarebytes

2009-01-03 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-03 11:43 --------- d-----w c:\program files\Trend Micro

2009-01-02 12:52 --------- d-----w c:\program files\Java

2009-01-02 11:31 --------- d-----w c:\documents and settings\All Users\Application Data\ECB

2008-12-31 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\2C138

2008-12-30 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\F38A

2008-12-30 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\1D157

2008-12-28 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\11F

2008-12-27 09:35 --------- d-----w c:\documents and settings\All Users\Application Data\101B5

2008-12-25 12:36 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-25 12:24 --------- d-----w c:\program files\EA GAMES

2008-12-25 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\1C29F

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

"Steam"="c:\program files\Steam\Steam.exe" [2008-11-22 1410296]

"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-18 306088]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SigmatelSysTrayApp"="sttray.exe" [2008-02-01 c:\windows\sttray.exe]

"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\Steven Scherrens\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-09 692224]

Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2008-07-09 19357696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-06 19:46 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\insurgency\\hl2.exe"=

"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-09 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-09 107272]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 903960]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 298264]

S3 aaudstum;aaudstum;\??\c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-07-26 1527900]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-07-26 544768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e5698b-4d33-11dd-b549-806d6172696f}]

\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddea745a-4f4e-11dd-b557-001cc056ac9f}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Inhoud van de 'Gedeelde Taken' map

2009-01-02 c:\windows\Tasks\At1.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At10.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At11.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-22 c:\windows\Tasks\At12.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-22 c:\windows\Tasks\At13.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-22 c:\windows\Tasks\At14.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At15.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At16.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At17.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At18.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-23 c:\windows\Tasks\At19.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At2.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-22 c:\windows\Tasks\At20.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-20 c:\windows\Tasks\At21.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-20 c:\windows\Tasks\At22.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-16 c:\windows\Tasks\At23.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-28 c:\windows\Tasks\At24.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At25.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At26.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At27.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At28.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At29.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At3.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At30.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At31.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At32.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At33.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At34.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At35.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-22 c:\windows\Tasks\At36.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-22 c:\windows\Tasks\At37.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-22 c:\windows\Tasks\At38.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At39.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At4.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At40.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At41.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At42.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-24 c:\windows\Tasks\At43.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-22 c:\windows\Tasks\At44.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-20 c:\windows\Tasks\At45.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-20 c:\windows\Tasks\At46.job

- c:\windows\system32\71AL3dmP.exe []

2009-02-16 c:\windows\Tasks\At47.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-28 c:\windows\Tasks\At48.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At5.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At6.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At7.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At8.job

- c:\windows\system32\71AL3dmP.exe []

2009-01-02 c:\windows\Tasks\At9.job

- c:\windows\system32\71AL3dmP.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-25 17:53:47

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:71,6d,64,e3,38,e4,24,e1,f2,cb,88,4a,46,40,03,f9,14,9d,90,2d,89,7d,b3,

ad,cc,4e,19,30,e4,35,d4,fc,f4,8e,5f,8d,fd,93,d0,32,5a,83,02,46,53,1b,04,d2,\

"??"=hex:26,1d,53,4c,c2,af,ac,5b,8a,b6,ba,0c,2c,fa,b3,09

[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\License information*]

"datasecu"=hex:ca,6d,78,3f,76,f2,a4,f3,4e,79,f5,22,22,13,bc,69,84,42,53,64,a8,

66,4b,4d,4a,92,be,28,d0,0d,7c,ed,a2,15,6d,2c,52,b5,4c,c4,c9,cf,04,77,0d,94,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\scardsvr.exe

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Voltooingstijd: 2009-02-25 17:55:42 - machine werd herstart

ComboFix-quarantined-files.txt 2009-02-25 16:55:39

Pre-Run: 183.201.984.512 bytes beschikbaar

Post-Run: 186,196,271,104 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

349 --- E O F --- 2009-02-11 15:58:48

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Wil je eerst manueel alle gelijkaardige bestanden in de map c:\windows\Tasks verwijderen, dus alles

van

c:\windows\Tasks\At1.job

tot

c:\windows\Tasks\At9.job

Dan even een vraagje ? Ik neem aan dat je de onderstaande mappen met letters en cijfers niet zelf hebt aangemaakt. Is dit wel het geval, dan moet je deze schrappen uit het kladblokbestand hieronder. Indien je ze niet zelf hebt aangemaakt, mag je gewoon de opdracht hieronder uitvoeren :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\documents and settings\All Users\Application Data\81A5

c:\documents and settings\All Users\Application Data\2213

c:\documents and settings\All Users\Application Data\349C

c:\documents and settings\All Users\Application Data\536B

c:\documents and settings\All Users\Application Data\341F

c:\documents and settings\All Users\Application Data\35232

c:\documents and settings\All Users\Application Data\63E

c:\documents and settings\All Users\Application Data\31F9

c:\documents and settings\All Users\Application Data\2D3B9

c:\documents and settings\All Users\Application Data\25138

c:\documents and settings\All Users\Application Data\634B

c:\documents and settings\All Users\Application Data\1B35B

c:\documents and settings\All Users\Application Data\3ADA

c:\documents and settings\All Users\Application Data\3238A

c:\documents and settings\All Users\Application Data\2A109

c:\documents and settings\All Users\Application Data\251F

c:\documents and settings\All Users\Application Data\193AF

c:\documents and settings\All Users\Application Data\244E

c:\documents and settings\All Users\Application Data\73B9

c:\documents and settings\All Users\Application Data\272E

c:\documents and settings\All Users\Application Data\11217

c:\documents and settings\All Users\Application Data\D2AF

c:\documents and settings\All Users\Application Data\13DA

c:\documents and settings\All Users\Application Data\2F3A9

c:\documents and settings\All Users\Application Data\2A213

c:\documents and settings\All Users\Application Data\33242

c:\documents and settings\All Users\Application Data\2090410918

c:\documents and settings\All Users\Application Data\ECB

c:\documents and settings\All Users\Application Data\2C138

c:\documents and settings\All Users\Application Data\F38A

c:\documents and settings\All Users\Application Data\1D157

c:\documents and settings\All Users\Application Data\11F

c:\documents and settings\All Users\Application Data\101B5

c:\documents and settings\All Users\Application Data\1C29F

c:\windows\system32\71AL3dmP.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e5698b-4d33-11dd-b549-806d6172696f}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
Stefert Leerling

Stefert

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 09-02-24.02 - Steven Scherrens 2009-02-25 18:44:22.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2029.1376 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Steven Scherrens\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Steven Scherrens\Bureaublad\CFScript.txt..txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\documents and settings\All Users\Application Data\101B5

c:\documents and settings\All Users\Application Data\11217

c:\documents and settings\All Users\Application Data\11F

c:\documents and settings\All Users\Application Data\13DA

c:\documents and settings\All Users\Application Data\193AF

c:\documents and settings\All Users\Application Data\1B35B

c:\documents and settings\All Users\Application Data\1C29F

c:\documents and settings\All Users\Application Data\1D157

c:\documents and settings\All Users\Application Data\2090410918

c:\documents and settings\All Users\Application Data\2213

c:\documents and settings\All Users\Application Data\244E

c:\documents and settings\All Users\Application Data\25138

c:\documents and settings\All Users\Application Data\251F

c:\documents and settings\All Users\Application Data\272E

c:\documents and settings\All Users\Application Data\2A109

c:\documents and settings\All Users\Application Data\2A213

c:\documents and settings\All Users\Application Data\2C138

c:\documents and settings\All Users\Application Data\2D3B9

c:\documents and settings\All Users\Application Data\2F3A9

c:\documents and settings\All Users\Application Data\31F9

c:\documents and settings\All Users\Application Data\3238A

c:\documents and settings\All Users\Application Data\33242

c:\documents and settings\All Users\Application Data\341F

c:\documents and settings\All Users\Application Data\349C

c:\documents and settings\All Users\Application Data\35232

c:\documents and settings\All Users\Application Data\3ADA

c:\documents and settings\All Users\Application Data\536B

c:\documents and settings\All Users\Application Data\634B

c:\documents and settings\All Users\Application Data\63E

c:\documents and settings\All Users\Application Data\73B9

c:\documents and settings\All Users\Application Data\81A5

c:\documents and settings\All Users\Application Data\D2AF

c:\documents and settings\All Users\Application Data\ECB

c:\documents and settings\All Users\Application Data\F38A

c:\windows\system32\71AL3dmP.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))

.

2009-02-24 16:32 . 2009-02-24 16:32 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-02-24 16:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll

2009-02-24 16:31 . 2009-02-24 16:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-02-24 15:37 . 2009-02-25 18:42 <DIR> dr-h----- c:\documents and settings\Steven Scherrens\Onlangs geopend

2009-02-24 15:32 . 2009-02-24 15:32 <DIR> d-------- c:\program files\CCleaner

2009-02-24 14:27 . 2009-02-24 14:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-24 14:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-24 14:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\PCSuite

2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\Nokia

2009-02-24 13:09 . 2009-02-24 13:09 <DIR> d-------- c:\program files\PC Connectivity Solution

2009-02-24 13:08 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll

2009-02-24 13:08 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2009-02-24 13:08 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2009-02-24 13:08 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2009-02-22 10:58 . 2009-02-22 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\81A5

2009-02-18 13:35 . 2009-02-18 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\2213

2009-02-17 20:41 . 2009-02-17 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\349C

2009-02-15 16:48 . 2009-02-15 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\536B

2009-02-15 13:07 . 2009-02-15 13:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\341F

2009-02-14 17:00 . 2001-06-18 09:41 282,624 --a------ c:\windows\system32\ActiveSkin.ocx

2009-02-14 17:00 . 2001-01-10 12:23 162,304 --a------ C:\UNWISE.EXE

2009-02-14 17:00 . 2001-06-18 09:41 112 --a------ c:\windows\ActiveSkin.INI

2009-02-14 14:57 . 2009-02-14 14:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\262FD

2009-02-11 18:19 . 2008-04-14 18:02 219,136 --a--c--- c:\windows\system32\dllcache\uxtheme.dll

2009-02-11 18:16 . 2009-02-11 18:16 <DIR> d-------- c:\program files\Microsoft Plus! Digital Media Edition

2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\windows\Performance

2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation

2009-02-11 18:07 . 2009-02-11 18:27 <DIR> d-------- c:\windows\Icons

2009-02-11 14:39 . 2009-02-11 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\35232

2009-02-10 20:04 . 2007-08-01 11:03 93,184 --a------ c:\windows\system32\UnPoker.exe

2009-02-10 18:54 . 2009-02-10 18:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\63E

2009-02-09 21:00 . 2009-02-09 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\31F9

2009-02-06 19:55 . 2009-02-06 19:55 308,616 --a------ c:\windows\WLXPGSS.SCR

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

2009-02-04 13:30 . 2009-02-04 13:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\2D3B9

2009-02-01 10:29 . 2009-02-01 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\25138

2009-01-31 19:39 . 2009-01-31 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\634B

2009-01-31 16:04 . 2009-01-31 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\1B35B

2009-01-30 19:34 . 2009-01-30 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\3ADA

2009-01-29 20:16 . 2009-01-29 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\3238A

2009-01-28 14:07 . 2009-01-28 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\2A109

2009-01-27 17:48 . 2009-01-27 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\251F

2009-01-26 22:15 . 2009-01-26 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\193AF

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-25 16:51 --------- d-----w c:\program files\Steam

2009-02-25 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-24 15:44 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Nokia

2009-02-24 12:52 201,352 ----a-w c:\windows\system32\PnkBstrB.exe

2009-02-24 12:52 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-24 12:10 --------- d-----w c:\program files\Nokia

2009-02-24 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\Installations

2009-02-21 10:01 --------- d-----w c:\program files\Windows Live

2009-02-18 15:53 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\U3

2009-02-12 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-02-12 17:25 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\skypePM

2009-02-11 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-02-06 18:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-06 18:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-02-06 18:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2009-01-24 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts

2009-01-22 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\244E

2009-01-21 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\73B9

2009-01-20 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\272E

2009-01-19 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\11217

2009-01-17 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\D2AF

2009-01-15 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\13DA

2009-01-12 16:45 --------- d-----w c:\program files\Google

2009-01-11 19:08 --------- d-----w c:\documents and settings\All Users\Application Data\2F3A9

2009-01-09 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\2A213

2009-01-08 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\33242

2009-01-03 13:42 --------- d-----w c:\documents and settings\All Users\Application Data\2090410918

2009-01-03 13:29 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Malwarebytes

2009-01-03 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-03 11:43 --------- d-----w c:\program files\Trend Micro

2009-01-02 13:42 1,700,352 ----a-w c:\windows\system32\gdiplus.dll

2009-01-02 12:52 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-02 12:52 --------- d-----w c:\program files\Java

2009-01-02 11:31 --------- d-----w c:\documents and settings\All Users\Application Data\ECB

2008-12-31 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\2C138

2008-12-30 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\F38A

2008-12-30 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\1D157

2008-12-28 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\11F

2008-12-27 09:35 --------- d-----w c:\documents and settings\All Users\Application Data\101B5

2008-12-25 13:05 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-12-25 12:36 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-25 12:24 --------- d-----w c:\program files\EA GAMES

2008-12-25 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\1C29F

2008-12-20 23:03 826,368 ------w c:\windows\system32\wininet.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-02-25_17.55.08.89 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-25 16:51:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1b0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

"Steam"="c:\program files\Steam\Steam.exe" [2008-11-22 1410296]

"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-18 306088]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SigmatelSysTrayApp"="sttray.exe" [2008-02-01 c:\windows\sttray.exe]

"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\Steven Scherrens\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-09 692224]

Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2008-07-09 19357696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-06 19:46 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\insurgency\\hl2.exe"=

"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-09 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-09 107272]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 903960]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 298264]

S3 aaudstum;aaudstum;\??\c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-07-26 1527900]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-07-26 544768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddea745a-4f4e-11dd-b557-001cc056ac9f}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-25 18:45:26

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:71,6d,64,e3,38,e4,24,e1,f2,cb,88,4a,46,40,03,f9,14,9d,90,2d,89,7d,b3,

ad,cc,4e,19,30,e4,35,d4,fc,f4,8e,5f,8d,fd,93,d0,32,5a,83,02,46,53,1b,04,d2,\

"??"=hex:26,1d,53,4c,c2,af,ac,5b,8a,b6,ba,0c,2c,fa,b3,09

[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\License information*]

"datasecu"=hex:ca,6d,78,3f,76,f2,a4,f3,4e,79,f5,22,22,13,bc,69,84,42,53,64,a8,

66,4b,4d,4a,92,be,28,d0,0d,7c,ed,a2,15,6d,2c,52,b5,4c,c4,c9,cf,04,77,0d,94,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2009-02-25 18:46:14

ComboFix-quarantined-files.txt 2009-02-25 17:46:12

ComboFix2.txt 2009-02-25 16:55:44

Pre-Run: 186.160.291.840 bytes beschikbaar

Post-Run: 186,190,893,056 bytes beschikbaar

257 --- E O F --- 2009-02-11 15:58:48

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:49:31, on 25/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\sttray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Wireless Connection Manager.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 10970 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Zou je dit deel nog eens willen herhalen, want dat is niet helemaal goed gegaan (mijn foutje :s in de opdracht).

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\documents and settings\All Users\Application Data\81A5

c:\documents and settings\All Users\Application Data\2213

c:\documents and settings\All Users\Application Data\349C

c:\documents and settings\All Users\Application Data\536B

c:\documents and settings\All Users\Application Data\341F

c:\documents and settings\All Users\Application Data\35232

c:\documents and settings\All Users\Application Data\63E

c:\documents and settings\All Users\Application Data\31F9

c:\documents and settings\All Users\Application Data\2D3B9

c:\documents and settings\All Users\Application Data\25138

c:\documents and settings\All Users\Application Data\634B

c:\documents and settings\All Users\Application Data\1B35B

c:\documents and settings\All Users\Application Data\3ADA

c:\documents and settings\All Users\Application Data\3238A

c:\documents and settings\All Users\Application Data\2A109

c:\documents and settings\All Users\Application Data\251F

c:\documents and settings\All Users\Application Data\193AF

c:\documents and settings\All Users\Application Data\244E

c:\documents and settings\All Users\Application Data\73B9

c:\documents and settings\All Users\Application Data\272E

c:\documents and settings\All Users\Application Data\11217

c:\documents and settings\All Users\Application Data\D2AF

c:\documents and settings\All Users\Application Data\13DA

c:\documents and settings\All Users\Application Data\2F3A9

c:\documents and settings\All Users\Application Data\2A213

c:\documents and settings\All Users\Application Data\33242

c:\documents and settings\All Users\Application Data\2090410918

c:\documents and settings\All Users\Application Data\ECB

c:\documents and settings\All Users\Application Data\2C138

c:\documents and settings\All Users\Application Data\F38A

c:\documents and settings\All Users\Application Data\1D157

c:\documents and settings\All Users\Application Data\11F

c:\documents and settings\All Users\Application Data\101B5

c:\documents and settings\All Users\Application Data\1C29F

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat dan meteen even weten hoe het nu staat met de popups.

Link naar reactie
Delen op andere sites
Stefert Leerling

Stefert

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

hier is het logje.

ComboFix 09-02-25.02 - Steven Scherrens 2009-02-26 13:17:00.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2029.1414 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Steven Scherrens\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Steven Scherrens\Bureaublad\CFScript.txt..txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\101B5

c:\documents and settings\All Users\Application Data\101B5\{10AAE29A-BE01-462E-8DAC-D1E7FBC21E12}.swf

c:\documents and settings\All Users\Application Data\11217

c:\documents and settings\All Users\Application Data\11217\{70526D7D-DF16-4B1B-9553-78A945EE4425}.swf

c:\documents and settings\All Users\Application Data\11F

c:\documents and settings\All Users\Application Data\11F\{5E26A8E0-1158-43C2-AEA1-462B47E6E4D0}.swf

c:\documents and settings\All Users\Application Data\13DA

c:\documents and settings\All Users\Application Data\13DA\{495A7678-1529-420F-B8B3-B7ACEDA72605}.swf

c:\documents and settings\All Users\Application Data\193AF

c:\documents and settings\All Users\Application Data\193AF\{7CE4A82F-3439-4DC7-9B78-EF26A7CD2ACE}.swf

c:\documents and settings\All Users\Application Data\1B35B

c:\documents and settings\All Users\Application Data\1B35B\{307D83B0-3FFD-4281-B7DD-9C2DBCC61A3B}.swf

c:\documents and settings\All Users\Application Data\1C29F

c:\documents and settings\All Users\Application Data\1C29F\{97CA273E-68E7-490E-A972-85BB772596AF}.swf

c:\documents and settings\All Users\Application Data\1D157

c:\documents and settings\All Users\Application Data\1D157\{802E8E2F-578A-4979-9BA0-8132BC9A10C4}.swf

c:\documents and settings\All Users\Application Data\2090410918

c:\documents and settings\All Users\Application Data\2090410918\config.udb

c:\documents and settings\All Users\Application Data\2090410918\init.udb

c:\documents and settings\All Users\Application Data\2090410918\Langs.udb

c:\documents and settings\All Users\Application Data\2213

c:\documents and settings\All Users\Application Data\2213\{EECCD9C5-AF2C-403A-A9D3-9B7E8FD4EC41}.swf

c:\documents and settings\All Users\Application Data\244E

c:\documents and settings\All Users\Application Data\244E\{56EA3B97-DFD5-48D6-8262-17522F30834D}.swf

c:\documents and settings\All Users\Application Data\25138

c:\documents and settings\All Users\Application Data\25138\{73235BBB-0A1C-4B51-AB71-5032CC97D369}.swf

c:\documents and settings\All Users\Application Data\251F

c:\documents and settings\All Users\Application Data\251F\{29C81F89-C056-44BE-9436-FD0F315D0DD8}.swf

c:\documents and settings\All Users\Application Data\272E

c:\documents and settings\All Users\Application Data\272E\{AD67C444-C257-4793-9F31-618650858315}.swf

c:\documents and settings\All Users\Application Data\2A109

c:\documents and settings\All Users\Application Data\2A109\{AC1BE271-0DE3-4D10-8959-5364EC204D09}.swf

c:\documents and settings\All Users\Application Data\2A213

c:\documents and settings\All Users\Application Data\2A213\{F2A16F65-6EA8-4BBF-A21A-FE926623C609}.swf

c:\documents and settings\All Users\Application Data\2C138

c:\documents and settings\All Users\Application Data\2C138\{7E7AF30D-474C-4EC3-8ED6-53918DF5AAC4}.swf

c:\documents and settings\All Users\Application Data\2D3B9

c:\documents and settings\All Users\Application Data\2D3B9\{6B0D67B8-DF42-4326-859E-F655C64A4C44}.swf

c:\documents and settings\All Users\Application Data\2F3A9

c:\documents and settings\All Users\Application Data\2F3A9\{1557B21C-907A-4D9F-B818-A9D8CCBDBE10}.swf

c:\documents and settings\All Users\Application Data\31F9

c:\documents and settings\All Users\Application Data\31F9\{D2F1B923-1B05-4BCD-A7A6-0318A14E0FA5}.swf

c:\documents and settings\All Users\Application Data\3238A

c:\documents and settings\All Users\Application Data\3238A\{465740B1-DE2C-45F1-AB1D-9EF297C2F7B0}.swf

c:\documents and settings\All Users\Application Data\33242

c:\documents and settings\All Users\Application Data\33242\{377AA634-AA5C-4640-B404-2B4A4251899B}.swf

c:\documents and settings\All Users\Application Data\341F

c:\documents and settings\All Users\Application Data\341F\{B1BD81B5-672C-44CF-8554-79E657104D94}.swf

c:\documents and settings\All Users\Application Data\349C

c:\documents and settings\All Users\Application Data\349C\{3950FFE2-B7F9-432F-9BEE-6FDE12D461CF}.swf

c:\documents and settings\All Users\Application Data\35232

c:\documents and settings\All Users\Application Data\35232\{2C793C24-B52D-4620-8737-D9DFBDB35AF8}.swf

c:\documents and settings\All Users\Application Data\3ADA

c:\documents and settings\All Users\Application Data\3ADA\{E7254E29-D96E-484C-91AB-BCA246413798}.swf

c:\documents and settings\All Users\Application Data\536B

c:\documents and settings\All Users\Application Data\536B\{C40B55FF-9846-4F33-AE65-D5C7B38B6995}.swf

c:\documents and settings\All Users\Application Data\634B

c:\documents and settings\All Users\Application Data\634B\{1617AB90-E44A-4467-A4FE-0D0CC5410E0A}.swf

c:\documents and settings\All Users\Application Data\63E

c:\documents and settings\All Users\Application Data\63E\{99482D56-65C1-4261-8313-96E4808A119F}.swf

c:\documents and settings\All Users\Application Data\73B9

c:\documents and settings\All Users\Application Data\73B9\{77FA9950-D4FB-4DFB-A877-69B38A2915CD}.swf

c:\documents and settings\All Users\Application Data\81A5

c:\documents and settings\All Users\Application Data\81A5\{3B1D813A-E122-473F-843D-9F1A3433D32C}.swf

c:\documents and settings\All Users\Application Data\D2AF

c:\documents and settings\All Users\Application Data\D2AF\{505921AA-F93F-4519-B44E-1CE23F79D82B}.swf

c:\documents and settings\All Users\Application Data\ECB

c:\documents and settings\All Users\Application Data\ECB\{4E22389C-A7DF-49DA-94F9-76126A096E9C}.swf

c:\documents and settings\All Users\Application Data\F38A

c:\documents and settings\All Users\Application Data\F38A\{92A62392-8927-4A7A-AC68-2F86DB88629A}.swf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))

.

2009-02-26 10:20 . 2009-02-26 10:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\EFA

2009-02-24 16:32 . 2009-02-24 16:32 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-02-24 16:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll

2009-02-24 16:31 . 2009-02-24 16:31 1,374 --a------ c:\windows\imsins.BAK

2009-02-24 16:31 . 2009-02-24 16:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-02-24 15:37 . 2009-02-26 13:15 <DIR> dr-h----- c:\documents and settings\Steven Scherrens\Onlangs geopend

2009-02-24 15:32 . 2009-02-24 15:32 <DIR> d-------- c:\program files\CCleaner

2009-02-24 14:27 . 2009-02-24 14:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-24 14:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-24 14:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\PCSuite

2009-02-24 13:10 . 2009-02-24 13:10 <DIR> d-------- c:\program files\Common Files\Nokia

2009-02-24 13:09 . 2009-02-24 13:09 <DIR> d-------- c:\program files\PC Connectivity Solution

2009-02-24 13:08 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll

2009-02-24 13:08 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2009-02-24 13:08 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2009-02-24 13:08 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-02-24 13:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2009-02-14 17:00 . 2001-06-18 09:41 282,624 --a------ c:\windows\system32\ActiveSkin.ocx

2009-02-14 17:00 . 2001-01-10 12:23 162,304 --a------ C:\UNWISE.EXE

2009-02-14 17:00 . 2001-06-18 09:41 112 --a------ c:\windows\ActiveSkin.INI

2009-02-14 14:57 . 2009-02-14 14:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\262FD

2009-02-11 18:19 . 2008-04-14 18:02 219,136 --a--c--- c:\windows\system32\dllcache\uxtheme.dll

2009-02-11 18:16 . 2009-02-11 18:16 <DIR> d-------- c:\program files\Microsoft Plus! Digital Media Edition

2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\windows\Performance

2009-02-11 18:12 . 2009-02-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation

2009-02-11 18:07 . 2009-02-11 18:27 <DIR> d-------- c:\windows\Icons

2009-02-10 20:04 . 2007-08-01 11:03 93,184 --a------ c:\windows\system32\UnPoker.exe

2009-02-06 19:55 . 2009-02-06 19:55 308,616 --a------ c:\windows\WLXPGSS.SCR

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-26 12:11 --------- d-----w c:\program files\Steam

2009-02-25 19:27 201,352 ----a-w c:\windows\system32\PnkBstrB.exe

2009-02-25 19:27 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-25 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-24 15:44 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Nokia

2009-02-24 12:10 --------- d-----w c:\program files\Nokia

2009-02-24 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\Installations

2009-02-21 10:01 --------- d-----w c:\program files\Windows Live

2009-02-18 15:53 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\U3

2009-02-12 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-02-12 17:25 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\skypePM

2009-02-11 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-02-06 18:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-06 18:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-02-06 18:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2009-01-24 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts

2009-01-12 16:45 --------- d-----w c:\program files\Google

2009-01-03 13:29 --------- d-----w c:\documents and settings\Steven Scherrens\Application Data\Malwarebytes

2009-01-03 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-03 11:43 --------- d-----w c:\program files\Trend Micro

2009-01-02 13:42 1,700,352 ----a-w c:\windows\system32\gdiplus.dll

2009-01-02 12:52 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-02 12:52 --------- d-----w c:\program files\Java

2008-12-25 13:05 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-12-20 23:03 826,368 ------w c:\windows\system32\wininet.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-02-25_17.55.08.89 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-17 19:03:19 8,508,416 -c----w c:\windows\system32\dllcache\shell32.dll

- 2008-04-14 17:02:39 8,508,416 ----a-w c:\windows\system32\shell32.dll

+ 2008-06-17 19:03:19 8,508,416 ----a-w c:\windows\system32\shell32.dll

+ 2009-02-26 12:10:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1ec.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

"Steam"="c:\program files\Steam\Steam.exe" [2008-11-22 1410296]

"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-18 306088]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SigmatelSysTrayApp"="sttray.exe" [2008-02-01 c:\windows\sttray.exe]

"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\Steven Scherrens\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-09 692224]

Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2008-07-09 19357696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-06 19:46 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"c:\\Program Files\\Steam\\SteamApps\\stefert1993\\insurgency\\hl2.exe"=

"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-09 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-09 107272]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 903960]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 298264]

S3 aaudstum;aaudstum;\??\c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\STEVEN~1\LOCALS~1\Temp\aaudstum.sys [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-07-26 1527900]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-07-26 544768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddea745a-4f4e-11dd-b557-001cc056ac9f}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-26 13:19:19

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:71,6d,64,e3,38,e4,24,e1,f2,cb,88,4a,46,40,03,f9,14,9d,90,2d,89,7d,b3,

ad,cc,4e,19,30,e4,35,d4,fc,f4,8e,5f,8d,fd,93,d0,32,5a,83,02,46,53,1b,04,d2,\

"??"=hex:26,1d,53,4c,c2,af,ac,5b,8a,b6,ba,0c,2c,fa,b3,09

[HKEY_USERS\S-1-5-21-292133596-1602540513-1142094642-1006\Software\SecuROM\License information*]

"datasecu"=hex:ca,6d,78,3f,76,f2,a4,f3,4e,79,f5,22,22,13,bc,69,84,42,53,64,a8,

66,4b,4d,4a,92,be,28,d0,0d,7c,ed,a2,15,6d,2c,52,b5,4c,c4,c9,cf,04,77,0d,94,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2009-02-26 13:20:09

ComboFix-quarantined-files.txt 2009-02-26 12:20:07

ComboFix2.txt 2009-02-25 17:46:16

ComboFix3.txt 2009-02-25 16:55:44

Pre-Run: 185.917.206.528 bytes beschikbaar

Post-Run: 186,029,486,080 bytes beschikbaar

264 --- E O F --- 2009-02-25 19:45:00

En alles is opgelost.

Merci, echt merci

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.