Ga naar inhoud

help!! zit met een virus

dries.vanysacker
 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:
uitvoeren: combofix/u - of eerst nog iets anders?
Neen, dat mag je even laten wachten. Eerst dit :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\d1vmq.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19d5e86e-8e80-11db-a078-00166fac9e19}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c96618c-17d4-11de-a3e9-00166fac9e19}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53f16d5a-74f4-11dd-a35f-00166fac9e19}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dca118a8-0d92-11de-a3cf-00166fac9e19}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e93801-12d7-11de-a3dc-00166fac9e19}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

dries.vanysacker Groentje

dries.vanysacker

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 09-04-28.03 - Dries Vanysacker 29/04/2009 13:56.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.502.233 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Dries Vanysacker\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))))

.

2009-04-28 07:35 . 2009-03-12 15:42 108840 --sh--r C:\d1vmq.exe

2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\Dries Vanysacker\Application Data\Malwarebytes

2009-04-28 06:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-28 06:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-27 20:06 . 2009-04-27 20:06 -------- d-----w c:\program files\Trend Micro

2009-04-27 15:07 . 2009-04-27 15:07 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-26 19:57 . 2001-09-06 19:27 5632 ----a-w c:\windows\system32\ptpusb.dll

2009-04-26 19:57 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys

2009-04-26 19:57 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys

2009-04-26 19:57 . 2008-04-14 17:02 159232 ----a-w c:\windows\system32\ptpusd.dll

2009-04-26 08:20 . 2009-04-29 11:49 -------- d-----w c:\program files\Common Files\Akamai

2009-04-25 15:33 . 2009-04-26 12:45 -------- d-----w C:\Autodesk

2009-04-16 15:52 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 15:52 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-16 15:52 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-16 15:52 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 15:52 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 15:52 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 15:52 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 15:52 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 15:52 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 15:51 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-06 14:20 . 2009-04-06 14:20 -------- d-----w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\DriveWorks Ltd

2009-04-03 16:37 . 2009-04-03 16:37 -------- d--h--r c:\documents and settings\Dries Vanysacker\Application Data\SecuROM

2009-04-03 16:37 . 2009-04-03 16:37 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-04-03 15:50 . 2006-09-28 14:04 68888 ----a-w c:\windows\system32\xinput1_3.dll

2009-04-03 15:50 . 2006-09-28 14:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll

2009-04-03 15:48 . 2009-04-03 15:48 -------- d-----w c:\windows\system32\AGEIA

2009-04-03 15:47 . 2009-04-03 15:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-28 07:09 . 2006-09-06 18:17 126096 ----a-w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-27 15:13 . 2008-04-28 16:45 -------- d-----w c:\program files\Common Files\Autodesk Shared

2009-04-22 19:05 . 2008-09-27 12:30 -------- d-----w c:\program files\MSECache

2009-04-17 06:36 . 2006-04-10 12:00 93948 ----a-w c:\windows\system32\perfc013.dat

2009-04-17 06:36 . 2006-04-10 12:00 515492 ----a-w c:\windows\system32\perfh013.dat

2009-04-03 15:48 . 2008-09-27 16:50 -------- d-----w c:\program files\AGEIA Technologies

2009-04-03 15:22 . 2006-07-18 10:35 -------- d-----w c:\program files\DivX

2009-04-03 15:22 . 2006-11-05 21:24 -------- d-----w c:\program files\Return to Castle Wolfenstein

2009-03-06 14:23 . 2006-04-10 12:00 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2006-04-10 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-03-02 17:11 . 2009-03-10 17:01 108423 --sh--r C:\2.com

2009-02-20 17:18 . 2006-04-10 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-10 17:10 . 2004-08-04 00:58 2070400 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 14:08 . 2006-04-10 12:00 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:27 . 2006-04-10 12:00 2193408 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:27 . 2006-04-10 12:00 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:56 . 2006-04-10 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:56 . 2006-04-10 12:00 684544 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:56 . 2006-04-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:56 . 2006-04-10 12:00 735744 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 10:39 . 2006-04-10 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:59 . 2006-04-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll

2008-09-30 10:19 . 2008-09-30 10:19 596 -c--a-w c:\program files\SolidWorksswxJRNL.BAK

2008-11-19 20:32 . 2008-01-05 10:56 67696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-11-19 20:32 . 2008-01-05 10:56 54376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-11-19 20:32 . 2008-01-05 10:56 34952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-11-19 20:32 . 2008-01-05 10:56 46720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-11-19 20:32 . 2008-01-05 10:56 172144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2006-07-18 10:35 . 2006-07-18 10:35 8 --sh--r c:\windows\system32\182E119D80.sys

2006-07-18 10:35 . 2006-07-18 10:35 4704 -csha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-04-28_17.20.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-29 11:48 . 2009-04-29 11:48 16384 c:\windows\Temp\Perflib_Perfdata_750.dat

+ 2009-04-29 11:48 . 2009-04-29 11:48 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-06 16251904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^Dries Vanysacker^Menu Start^Programma's^Opstarten^SolidWorks Task Scheduler Engine.lnk]

path=c:\documents and settings\Dries Vanysacker\Menu Start\Programma's\Opstarten\SolidWorks Task Scheduler Engine.lnk

backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\NetMeeting\\Conf.exe"=

"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=

"c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\games\\Call Of Duty\\CoDMP.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1473:TCP"= 1473:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"1061:TCP"= 1061:TCP:Akamai NetSession Interface

"1086:TCP"= 1086:TCP:Akamai NetSession Interface

"1595:TCP"= 1595:TCP:Akamai NetSession Interface

"2019:TCP"= 2019:TCP:Akamai NetSession Interface

R1 mailKmd;mailKmd; [x]

R1 Wbutton;Wbutton; [x]

R3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\DRIVERS\usb101et.sys [2004-08-03 32384]

S1 Hotkey;Hotkey; [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19d5e86e-8e80-11db-a078-00166fac9e19}]

\Shell\AutoRun\command - F:\d1vmq.exe

\Shell\open\Command - F:\d1vmq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7577c2-19e8-11db-859b-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c96618c-17d4-11de-a3e9-00166fac9e19}]

\Shell\AutoRun\command - F:\d1vmq.exe

\Shell\open\Command - F:\d1vmq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e142b44-54b6-11dc-a1d3-00166fac9e19}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53f16d5a-74f4-11dd-a35f-00166fac9e19}]

\Shell\AutoRun\command - F:\d1vmq.exe

\Shell\open\Command - F:\d1vmq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38f72d8-3ca0-11dd-a32b-00166fac9e19}]

\Shell\AutoRun\command - f:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e55560-474c-11dc-a1b2-00166fac9e19}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dca118a8-0d92-11de-a3cf-00166fac9e19}]

\Shell\AutoRun\command - F:\d1vmq.exe

\Shell\open\Command - F:\d1vmq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e93801-12d7-11de-a3dc-00166fac9e19}]

\Shell\AutoRun\command - F:\d1vmq.exe

\Shell\open\Command - F:\d1vmq.exe

.

Inhoud van de 'Gedeelde Taken' map

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.be/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab

FF - ProfilePath - c:\documents and settings\Dries Vanysacker\Application Data\Mozilla\Firefox\Profiles\3drs71h1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-29 13:59

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3764)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2009-04-29 14:02

ComboFix-quarantined-files.txt 2009-04-29 12:01

ComboFix2.txt 2009-04-28 17:26

Pre-Run: 20.519.448.576 bytes beschikbaar

Post-Run: 20.512.653.312 bytes beschikbaar

206 --- E O F --- 2009-04-28 18:47

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit is niet helemaal goed gegaan :s Het is de bedoeling dat je het bestand in de snelkoppeling van Combofix sleept. Dan start dit progje terug op en verwijdert het de aangeduide items in de fix. Zou je dit nog eens willen proberen ?

dries.vanysacker Groentje

dries.vanysacker

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 09-04-28.05 - Dries Vanysacker 29/04/2009 16:12.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.502.157 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Dries Vanysacker\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Dries Vanysacker\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

FILE ::

C:\d1vmq.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\d1vmq.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))))

.

2009-04-29 13:09 . 2009-04-29 13:47 -------- d--h--w C:\$AVG8.VAULT$

2009-04-29 13:04 . 2009-04-29 13:04 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-04-29 13:04 . 2009-04-29 13:04 76040 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-29 13:04 . 2009-04-29 13:04 97928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-04-29 13:04 . 2009-04-29 13:06 -------- d-----w c:\windows\system32\drivers\Avg

2009-04-29 13:04 . 2009-04-29 13:04 -------- d-----w c:\documents and settings\Dries Vanysacker\Application Data\AVGTOOLBAR

2009-04-29 13:04 . 2009-04-29 13:04 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\Dries Vanysacker\Application Data\Malwarebytes

2009-04-28 06:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-28 06:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-27 20:06 . 2009-04-27 20:06 -------- d-----w c:\program files\Trend Micro

2009-04-27 15:07 . 2009-04-27 15:07 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-26 19:57 . 2001-09-06 19:27 5632 ----a-w c:\windows\system32\ptpusb.dll

2009-04-26 19:57 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys

2009-04-26 19:57 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys

2009-04-26 19:57 . 2008-04-14 17:02 159232 ----a-w c:\windows\system32\ptpusd.dll

2009-04-26 08:20 . 2009-04-29 13:48 -------- d-----w c:\program files\Common Files\Akamai

2009-04-25 15:33 . 2009-04-26 12:45 -------- d-----w C:\Autodesk

2009-04-16 15:52 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 15:52 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-16 15:52 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-16 15:52 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 15:52 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 15:52 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 15:52 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 15:52 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 15:52 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 15:51 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-06 14:20 . 2009-04-06 14:20 -------- d-----w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\DriveWorks Ltd

2009-04-03 16:37 . 2009-04-03 16:37 -------- d--h--r c:\documents and settings\Dries Vanysacker\Application Data\SecuROM

2009-04-03 16:37 . 2009-04-03 16:37 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-04-03 15:50 . 2006-09-28 14:04 68888 ----a-w c:\windows\system32\xinput1_3.dll

2009-04-03 15:50 . 2006-09-28 14:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll

2009-04-03 15:48 . 2009-04-03 15:48 -------- d-----w c:\windows\system32\AGEIA

2009-04-03 15:47 . 2009-04-03 15:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-28 07:09 . 2006-09-06 18:17 126096 ----a-w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-27 15:13 . 2008-04-28 16:45 -------- d-----w c:\program files\Common Files\Autodesk Shared

2009-04-22 19:05 . 2008-09-27 12:30 -------- d-----w c:\program files\MSECache

2009-04-17 06:36 . 2006-04-10 12:00 93948 ----a-w c:\windows\system32\perfc013.dat

2009-04-17 06:36 . 2006-04-10 12:00 515492 ----a-w c:\windows\system32\perfh013.dat

2009-04-03 15:48 . 2008-09-27 16:50 -------- d-----w c:\program files\AGEIA Technologies

2009-04-03 15:22 . 2006-07-18 10:35 -------- d-----w c:\program files\DivX

2009-04-03 15:22 . 2006-11-05 21:24 -------- d-----w c:\program files\Return to Castle Wolfenstein

2009-03-06 14:23 . 2006-04-10 12:00 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2006-04-10 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:18 . 2006-04-10 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-10 17:10 . 2004-08-04 00:58 2070400 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 14:08 . 2006-04-10 12:00 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:27 . 2006-04-10 12:00 2193408 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:27 . 2006-04-10 12:00 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:56 . 2006-04-10 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:56 . 2006-04-10 12:00 684544 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:56 . 2006-04-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:56 . 2006-04-10 12:00 735744 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 10:39 . 2006-04-10 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:59 . 2006-04-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll

2008-09-30 10:19 . 2008-09-30 10:19 596 -c--a-w c:\program files\SolidWorksswxJRNL.BAK

2006-07-18 10:35 . 2006-07-18 10:35 8 --sh--r c:\windows\system32\182E119D80.sys

2006-07-18 10:35 . 2006-07-18 10:35 4704 -csha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-04-28_17.20.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-29 11:48 . 2009-04-29 11:48 16384 c:\windows\Temp\Perflib_Perfdata_750.dat

+ 2009-04-29 11:48 . 2009-04-29 11:48 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat

+ 2009-04-29 13:04 . 2009-04-29 13:04 26824 c:\windows\system32\drivers\avgmfx86.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-29 1235736]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-06 16251904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Dries Vanysacker^Menu Start^Programma's^Opstarten^SolidWorks Task Scheduler Engine.lnk]

path=c:\documents and settings\Dries Vanysacker\Menu Start\Programma's\Opstarten\SolidWorks Task Scheduler Engine.lnk

backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\NetMeeting\\Conf.exe"=

"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=

"c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\games\\Call Of Duty\\CoDMP.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1473:TCP"= 1473:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"1061:TCP"= 1061:TCP:Akamai NetSession Interface

"1086:TCP"= 1086:TCP:Akamai NetSession Interface

"1595:TCP"= 1595:TCP:Akamai NetSession Interface

"2019:TCP"= 2019:TCP:Akamai NetSession Interface

"1150:TCP"= 1150:TCP:Akamai NetSession Interface

"1548:TCP"= 1548:TCP:Akamai NetSession Interface

R1 mailKmd;mailKmd; [x]

R1 Wbutton;Wbutton; [x]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 231704]

R3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\DRIVERS\usb101et.sys [2004-08-03 32384]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-29 97928]

S1 Hotkey;Hotkey; [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-29 875288]

S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-29 76040]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - AVG8EMC

*NewlyCreated* - AVG8WD

*NewlyCreated* - AVGLDX86

*NewlyCreated* - AVGMFX86

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7577c2-19e8-11db-859b-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e142b44-54b6-11dc-a1d3-00166fac9e19}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38f72d8-3ca0-11dd-a32b-00166fac9e19}]

\Shell\AutoRun\command - f:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e55560-474c-11dc-a1b2-00166fac9e19}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.be/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab

FF - ProfilePath - c:\documents and settings\Dries Vanysacker\Application Data\Mozilla\Firefox\Profiles\3drs71h1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-29 16:17

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2009-04-29 16:21

ComboFix-quarantined-files.txt 2009-04-29 14:21

ComboFix2.txt 2009-04-29 12:02

ComboFix3.txt 2009-04-28 17:26

Pre-Run: 19.930.492.928 bytes beschikbaar

Post-Run: 19.922.931.712 bytes beschikbaar

210 --- E O F --- 2009-04-28 18:47

dries.vanysacker Groentje

dries.vanysacker

Geplaatst:
  • Auteur
Geplaatst:

nog effetjes melden dat mijn computer niet wou afsluiten na dit vorige gedaan te hebben je zat waarschijnlijk vast heb dan ook zonder stroom moeten zetten en herop starten maar alles lijkt goed, khoop dat dit geen invloed heeft alles wat we gedaan hadden.

btw nog eens merci voor de hulp

kape Grootmeester

kape

Geplaatst:
Geplaatst:
moet ik nu alles nog verwijderen via uitvoeren: combofix/u en de rest doen zoals je al had gezegt?
Ja, daar is het nu het moment voor. Maar wel opletten : niet combofix/u maar wél combofix /u (met spatie voor de slash).
  • 3 weken later...
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Bij gebrek aan reactie sluiten we dit onderwerp af. Wil je het topic terug openen, neem dan contact op met één van de moderators.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.