Ga naar inhoud

trager dan normaal


Aanbevolen berichten

Heb je de gemelde bestanden ook verwijderd met Malwarebytes ? Want "no action taken" wijst er op dat dit niet het geval is. Zo niet, mag je dit zeker doen ... dan worden de besmettingen ook meteen verwijderd.

Link naar reactie
Delen op andere sites

  • Reacties 22
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

ze zijn weg :)

Malwarebytes' Anti-Malware 1.36

Database versie: 2070

Windows 6.0.6001 Service Pack 1

3/05/2009 22:41:14

mbam-log-2009-05-03 (22-41-14).txt

Scan type: Volledige Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|R:\|)

Objecten gescand: 488643

Verstreken tijd: 3 hour(s), 17 minute(s), 57 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 4

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

F:\Documents and Settings\Van de Voorde Daniel\Local Settings\Temp\CSM32.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

F:\Documents and Settings\Van de Voorde Daniel\Local Settings\Temp\MSI31.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{514FFDB4-59EE-49C6-8945-A2212C087B5F}\RP23\A0015237.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

F:\WINDOWS\Installer\MSI3C.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites

neen er staat wel bug.txt

dit is wat er in staat :

C:\32788R22FWJFW\n.com" cmdwait 2500 exec hide "~$folder.system$\cmd.execf" /c 32788R22FWJFW\prep.cmd (5172)

1 bestand(en) zijn verplaatst.

Killing 'n.com'

PUSHD "C:\32788R22FWJFW"

1 bestand(en) gekopieerd.

1 bestand(en) gekopieerd.

IF NOT EXIST C:\Windows\system32\cmd.exe GOTO Not_NT

IF EXIST OsVer EXIT

VER 1>OsVer

GREP.cfexe -F "5.2." OsVer

IF 1 == 0 GOTO Not_NT

GREP.cfexe -F "5.1.2" OsVer

IF 1 == 0 GOTO NT

GREP.cfexe -F "5.00.2" OsVer

IF 1 == 0 GOTO NT

=============================================

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Van de Voorde Daniel\AppData\Roaming

CFLDR=32788R22FWJFW

Chksum=E6C68298198233B0DA25F44550C69FA1

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=AMD-PHENOM9950

ComSpec=C:\Windows\system32\cmd.execf

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Van de Voorde Daniel

KMD=CF29815.exe

LOCALAPPDATA=C:\Users\Van de Voorde Daniel\AppData\Local

LOGONSERVER=\\AMD-PHENOM9950

NUMBER_OF_PROCESSORS=4

OS=Windows_NT

Path=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\

PATHEXT=.CFEXE;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 16 Model 2 Stepping 3, AuthenticAMD

PROCESSOR_LEVEL=16

PROCESSOR_REVISION=0203

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$

PUBLIC=C:\Users\Public

Qrntn=C:\Qoobox\Quarantine

RKEY_=hklm\software\microsoft\windows nt\currentversion\windows

sfxcmd="C:\Users\Van de Voorde Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IGUVOLO\ComboFix[1].exe"

sfxname=C:\Users\Van de Voorde Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IGUVOLO\ComboFix[1].exe

SYSTEM=C:\Windows\system32

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\VANDEV~1\AppData\Local\Temp

TMP=C:\Users\VANDEV~1\AppData\Local\Temp

USERDOMAIN=AMD-Phenom9950

USERNAME=Van de Voorde Daniel

USERPROFILE=C:\Users\Van de Voorde Daniel

windir=C:\Windows

=============================================

IF NOT DEFINED sfxname GOTO END

IF EXIST C:\cfDebug.cmd DEL /A/F C:\cfDebug.cmd

CALL sfx.cmd

CALL AV.cmd

SET /a AVCount+=1

CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs

FINDSTR -C:"*On-access scanning enabled*" Resident.txt 1>AVChk && (

SED -r "s/AV: (.*) \*On-access .*/* \1/;" AVChk | SED ":a; $!N;s/\n/~n/;ta" 1>AVChkB

NIRCMD beep 3000 200

NIRCMD beep 3000 300

IF 1 LEQ 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "ComboFix heeft vastgesteld dat de volgende real time scanner(s) actief zijn:~n~n%G~n~nAntivirus- en anti-inbraak programma's kunnen hinderend zijn voor~nComboFix's werking. Dit kan leiden tot onvoorspelbare resultaten en mogelijk~nsysteemschade. Gelieve deze scanners uit te schakelen alvorens te klikken op 'OK'." "Waarschuwing !!" "" && GOTO Av-check

IF 1 GTR 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "%G~n~nDe hoger vermelde real time scanner(s) zijn nog steeds actief, maar ComboFix zal~nverder werken. Gelieve op te merken dat dit op Uw eigen risico is" "Waarschuwing !!" ""

)

SET /a AVCount+=1

CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs

FINDSTR -C:"*On-access scanning enabled*" Resident.txt 1>AVChk && (

SED -r "s/AV: (.*) \*On-access .*/* \1/;" AVChk | SED ":a; $!N;s/\n/~n/;ta" 1>AVChkB

NIRCMD beep 3000 200

NIRCMD beep 3000 300

IF 2 LEQ 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "ComboFix heeft vastgesteld dat de volgende real time scanner(s) actief zijn:~n~n%G~n~nAntivirus- en anti-inbraak programma's kunnen hinderend zijn voor~nComboFix's werking. Dit kan leiden tot onvoorspelbare resultaten en mogelijk~nsysteemschade. Gelieve deze scanners uit te schakelen alvorens te klikken op 'OK'." "Waarschuwing !!" "" && GOTO Av-check

IF 2 GTR 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "%G~n~nDe hoger vermelde real time scanner(s) zijn nog steeds actief, maar ComboFix zal~nverder werken. Gelieve op te merken dat dit op Uw eigen risico is" "Waarschuwing !!" ""

)

DEL /A/F/Q AVChk?

SET AVCount=

IF EXIST OsVer00 CALL :Vista

REN OsVer00 Vista.mac

IF NOT DEFINED RKEY_ GOTO :EOF

IF /I "" EQU "RKEYB" GOTO RKEYB

COPY /Y /B C:\Windows\system32\sc.exe C:\Windows\system32\swsc.exe

1 bestand(en) gekopieerd.

HANDLE csrss.exe.mui 1>MUI00

SED -r "/.*(.:\\.*)\\[^\\]*$/!d; s//\1/" MUI00 | SED -r -n "G; s/\n/&&/; /^([ -~]*\n).*\n\1/d; s/\n//; h; P" 1>MUI

FOR /F "TOKENS=*" %G IN (MUI) DO @(

IF EXIST "%~G\sc.exe.mui" COPY /Y /B "%~G\sc.exe.mui" "%~G\swsc.exe.mui"

IF EXIST "%~G\cmd.exe.mui" (

SWXCACLS "%~G\cmd.exe.mui" /OA /Q

SWXCACLS "%~G\cmd.exe.mui" /P /GA:F /GS:F /GP:X /GU:X /Q

COPY /Y "%~G\cmd.exe.mui" "%~G\CF29815.exe.mui"

SWXCACLS "%~G\cmd.exe.mui" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /GA:X /GS:X /GP:X /GU:X /Q

SWXCACLS "%~G\cmd.exe.mui" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /Q

)

)

1 bestand(en) gekopieerd.

SteelWerX Extended Configuration Access Control Lists

Written by Bobbi Flekman 2006 ©

Ownerchange for "C:\Windows\System32\nl-NL\cmd.exe.mui" to Administrators group was successful

1 bestand(en) gekopieerd.

DEL /A/F/Q MUI0?

GOTO :EOF

IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort

IF EXIST "C:\Users\VANDEV~1\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log" DEL /A/F "C:\Users\VANDEV~1\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log"

(

SET "FileName=ComboFix[1]"

SET "FilePath=C:\Users\Van de Voorde Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IGUVOLO\"

)

SET FileName 1>FileName

GREP -isqx "FileName=[-[:alnum:]@.]*" FileName || GOTO AbortB

DEL /A/F/Q DirName0?

CALL n.com INFOBOX "U kunt ComboFix niet herbenoemen als %FileName%~n~nGelieve een andere naam te gebruiken, bij voorkeur opgebouwd uit alfanumerische karakters" ""

GOTO END

IF EXIST "C:\Windows\system32\cmd.execf" MOVE /Y "C:\Windows\system32\cmd.execf" "C:\Users\VANDEV~1\AppData\Local\Temp"

1 bestand(en) zijn verplaatst.

CD ..

IF DEFINED cfldr RD /S/Q "32788R22FWJFW"

Link naar reactie
Delen op andere sites

Vreemd ... dat is blijkbaar de programmacode van Combofix. Probeer eens of je via Start -> Uitvoeren -> typ combofix /u het tooltje te verwijderen. Laat dan even weten hoe dit afgelopen is, om te bekijken hoe we verder kunnen.

Link naar reactie
Delen op andere sites

kan het bestand niet vinden zegt em
Lijkt me niet onlogisch. Verwijder dan de bug.txt maar via Windows Verkenner.

Probeer daarna opnieuw Combofix te downloaden, maar wijzig de naam van Combofix bij het opslaan op het bureaublad in bvb. Combo-Fix ... en probeer dan eens of scannen dan wel op een normale manier lukt.

Link naar reactie
Delen op andere sites

deze keer is het wel gelukt

hier is het logje

ComboFix 09-05-04.A3 - Van de Voorde Daniel 05/05/2009 21:28.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.32.1033.18.3070.2005 [GMT 2:00]

Gestart vanuit: c:\users\Van de Voorde Daniel\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Van de Voorde Daniel\Favorites\Videos.url

c:\users\VANDEV~1\FAVORI~1\Videos.url

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-05 to 2009-05-05 ))))))))))))))))))))))))))))))

.

2009-05-04 16:51 . 2009-05-04 16:51 -------- d-----w c:\program files\Lavalys

2009-05-03 16:05 . 2009-05-03 16:05 -------- d-----w c:\users\Van de Voorde Daniel\AppData\Roaming\Malwarebytes

2009-05-03 16:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-03 16:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-03 16:05 . 2009-05-03 16:05 -------- d-----w c:\programdata\Malwarebytes

2009-05-03 16:05 . 2009-05-03 16:05 -------- d-----w c:\users\All Users\Malwarebytes

2009-05-03 16:05 . 2009-05-03 19:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-02 10:44 . 2009-05-02 10:44 -------- d-----w c:\program files\Trend Micro

2009-05-02 09:57 . 2009-05-02 09:57 -------- d-----w c:\program files\MSXML 4.0

2009-05-01 12:13 . 2009-05-02 12:05 -------- d-----w c:\users\Van de Voorde Daniel\AppData\Roaming\Ahead

2009-05-01 11:17 . 2009-05-01 12:13 -------- d-----w c:\users\Van de Voorde Daniel\AppData\Local\Ahead

2009-05-01 11:14 . 2009-05-01 11:14 -------- d-----w c:\programdata\Ahead

2009-05-01 11:14 . 2009-05-01 11:14 -------- d-----w c:\users\All Users\Ahead

2009-05-01 11:10 . 2009-05-01 11:10 -------- d-----w c:\program files\Nero

2009-05-01 11:10 . 2009-05-01 11:10 -------- d-----w c:\programdata\Nero

2009-05-01 11:10 . 2009-05-01 11:10 -------- d-----w c:\users\All Users\Nero

2009-05-01 11:10 . 2009-05-01 11:12 -------- d-----w c:\program files\Common Files\Ahead

2009-04-29 14:27 . 2008-08-17 10:33 678408 ----a-w c:\windows\system32\gpprefcl.dll

2009-04-20 13:43 . 2009-04-20 13:43 -------- d-----w c:\program files\Microsoft Silverlight

2009-04-17 10:50 . 2009-04-17 10:50 -------- d-----w c:\program files\Microsoft Virtual PC

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-05 14:26 . 2009-01-21 18:32 668790 ----a-w c:\windows\system32\perfh013.dat

2009-05-05 14:26 . 2009-01-21 18:32 127364 ----a-w c:\windows\system32\perfc013.dat

2009-05-01 21:19 . 2009-01-28 22:15 2560 ----a-w c:\windows\_MSRSTRT.EXE

2009-05-01 21:15 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat

2009-05-01 21:15 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-05-01 21:15 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-04-28 16:09 . 2009-01-21 18:56 -------- d-----w c:\program files\Microsoft

2009-04-26 16:24 . 2009-01-21 17:39 54600 ----a-w c:\users\Van de Voorde Daniel\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-18 09:58 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-03-17 03:38 . 2009-04-17 10:24 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-17 10:24 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-11 22:06 . 2009-03-11 22:06 -------- d-----w c:\program files\Visiosonic

2009-03-09 21:07 . 2009-03-09 21:07 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-03-09 20:50 . 2009-03-09 20:50 -------- d-----w c:\program files\Electronic Arts

2009-03-09 20:50 . 2009-01-21 17:44 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-09 20:48 . 2009-03-09 20:48 662 ----a-w c:\windows\system32\ealregsnapshot1.reg

2009-03-08 11:34 . 2009-04-30 23:49 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-04-30 23:49 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-04-30 23:49 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-04-30 23:49 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-04-30 23:49 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-04-30 23:49 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-04-30 23:49 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-04-30 23:49 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-04-30 23:49 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-04-30 23:49 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-04-30 23:49 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-04-30 23:49 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-04-30 23:49 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-04-30 23:49 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-04-30 23:49 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-04-30 23:49 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-04-30 23:49 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-04-30 23:49 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-03 04:46 . 2009-04-17 10:24 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-17 10:24 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:39 . 2009-04-17 10:24 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-17 10:24 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-17 10:24 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-17 10:24 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-17 10:24 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-17 10:24 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-17 10:24 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-17 10:24 17408 ----a-w c:\windows\system32\iashost.exe

2009-02-22 17:57 . 2009-02-22 17:53 141473 ----a-w c:\windows\hpiins06.dat

2009-02-19 15:25 . 2009-01-21 21:29 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-02-19 15:25 . 2009-02-19 15:25 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-02-19 15:25 . 2009-01-21 21:29 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-17 17:32 . 2009-01-21 17:39 2032 ----a-w c:\users\Van de Voorde Daniel\AppData\Local\d3d9caps.dat

2009-02-13 08:49 . 2009-04-17 10:24 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-17 10:24 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 15:26 2033152 ----a-w c:\windows\system32\win32k.sys

2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 17:08 . 2009-02-18 20:48 55280 ----a-w c:\windows\system32\drivers\fssfltr.sys

2009-01-24 15:47 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini

2006-11-22 14:58 . 2006-11-22 14:58 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-07-03 2177576]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"EzAgent"="c:\program files\ASUS\ASUS EzVCR.FM\ezagent.exe" [2002-10-31 114688]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-23 171448]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]

"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-19 1601304]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-27 4702208]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]

c:\users\Van de Voorde Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Reliability and Performance Monitor.lnk - c:\windows\System32\perfmon.msc [2009-1-24 145455]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{258E52C9-1CFC-40CF-9302-BDCF085194ED}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{5334BEA3-E077-4C1D-899A-D37D14B2137F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{DD55A754-67CA-4185-9929-FAB7C38E0F12}"= UDP:c:\windows\System32\rserver30\rserver3.exe:Radmin Server 3

"{B223907B-F86F-4444-AB19-6D804CAE3110}"= TCP:c:\windows\System32\rserver30\rserver3.exe:Radmin Server 3

"TCP Query User{AD325BB8-AE4E-464E-8C09-937960E69A8D}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{BA45A234-D352-4B9A-9819-FAF2C4A5BF92}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{EEF3EA1B-12E1-4134-A1B3-4F8D1106B012}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{C82F3BA3-28EF-4A0E-99D1-ADA2A0930918}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{915AB1C6-366F-4E18-A12B-7F481F37B9D0}e:\\crysis\\bin32\\crysis.exe"= UDP:e:\crysis\bin32\crysis.exe:Crysis

"UDP Query User{05916FCA-56CB-4DD6-95D5-B003DD518BC4}e:\\crysis\\bin32\\crysis.exe"= TCP:e:\crysis\bin32\crysis.exe:Crysis

R0 amacpi;Microsoft Away Mode System;c:\windows\System32\drivers\null.sys [24/01/2009 16:09 4608]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21/01/2009 23:29 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [19/02/2009 17:25 107272]

R1 raddrvv3;raddrvv3;c:\windows\System32\rserver30\raddrvv3.sys [24/04/2008 9:49 45848]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21/01/2009 23:29 903960]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/01/2009 23:29 298264]

R2 drhard;drhard;c:\windows\System32\drivers\drhard.sys [25/01/2009 1:56 23600]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18:53 226656]

R3 mirrorv3;mirrorv3;c:\windows\System32\drivers\rminiv3.sys [1/11/2006 7:01 3328]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3/04/2007 11:43 1131136]

R3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\System32\drivers\SMCWGU.sys [21/01/2009 20:18 408064]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [18/02/2009 22:48 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 19:08 533360]

S3 RServer3;Radmin Server V3;c:\windows\System32\rserver30\rserver3.exe [24/04/2008 9:44 1238344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3418e2b5-35d7-11de-82aa-806e6f6e6963}]

\shell\AutoRun\command - M:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{760d3e4b-e7e0-11dd-bbce-806e6f6e6963}]

\shell\AutoRun\command - F:\Run.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a231c731-2b64-11de-a534-806e6f6e6963}]

\shell\AutoRun\command - G:\Run.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f97d2e32-2b52-11de-a40f-806e6f6e6963}]

\shell\AutoRun\command - g:\autorun\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc56099f-e7e3-11dd-b7e6-001d7d03b995}]

\shell\AutoRun\command - L:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Inhoud van de 'Gedeelde Taken' map

2009-05-05 c:\windows\Tasks\User_Feed_Synchronization-{82257FB8-E9E5-404B-B3BF-BC87A65B1A6F}.job

- c:\windows\system32\msfeedssync.exe [2009-04-30 11:31]

.

- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-CubeDesktop - (no file)

HKLM-Run-snpstd - c:\windows\vsnpstd.exe

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-05 21:30

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2109742368-2942914443-4059112236-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9F75FF1-9BB3-D5CD-9DAC-691551B22043}*]

"japelmggjmoihemoldka"=hex:63,61,69,6b,6a,6c,00,00

"pahfmhjkokkedccncmlgckjjgdgbcdla"=hex:65,61,65,6c,69,6f,6d,70,68,6d,00,00

"hapelmggjmoihemo"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-2109742368-2942914443-4059112236-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:71,fd,93,ae,b8,35,5f,38,f6,d5,b1,33,fe,1a,9b,3f,d7,4a,3a,3c,31,72,77,

f3,56,e4,0d,a5,f7,5c,06,98,c1,cb,d0,a0,17,c9,0c,f1,df,33,6c,73,e7,91,a6,ba,\

"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-2109742368-2942914443-4059112236-1000\Software\SecuROM\License information*]

"datasecu"=hex:02,32,8d,c6,57,49,a9,2a,23,ff,23,85,34,40,a8,c9,12,80,fd,05,b2,

3b,ad,a5,79,43,57,b3,31,58,90,ca,d6,ad,0f,ed,6e,80,72,6e,72,95,96,d5,6f,e1,\

"rkeysecu"=hex:3d,eb,72,17,a8,e6,0a,f6,53,4c,e3,85,9d,cc,85,78

.

Voltooingstijd: 2009-05-05 21:31

ComboFix-quarantined-files.txt 2009-05-05 19:31

Pre-Run: 12.591.738.880 bytes beschikbaar

Post-Run: 12.661.010.432 bytes beschikbaar

209 --- E O F --- 2009-05-04 14:22

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{760d3e4b-e7e0-11dd-bbce-806e6f6e6963}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a231c731-2b64-11de-a534-806e6f6e6963}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f97d2e32-2b52-11de-a40f-806e6f6e6963}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.