[OPGELOST] Ook een system security virus

15 mei 2009

De eerste van deel 1 is na veel omwegen verwijderd en gelijk de prullebak leeg gemaakt. De 2e wil echt niet, al wat we ook proberen.

Combofix-txt nog niet geprobeerd, ik dacht dat eerst die eerste weg moesten zijn.

Ga nu gelijk Combofix-txt proberen, bedankt Kape!!

15 mei 2009

ComboFix 09-05-15.01 - Maarten 15-05-2009 23:03.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1527.1149 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Maarten\Bureaublad\Combo-Fix.exe

gebruikte Opdracht switches :: c:\documents and settings\Maarten\Bureaublad\CFScript.txt

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-15 to 2009-05-15 ))))))))))))))))))))))))))))))

.

2009-05-14 07:18 . 2009-05-14 07:18 -------- d-----w C:\2787ee7c30143565f4df1afd82581812

2009-05-14 06:51 . 2009-05-14 06:51 41984 --sh--r c:\windows\system32\advpacky.exe

2009-05-13 22:22 . 2009-05-15 20:16 -------- d-----w c:\documents and settings\All Users\Application Data\17893124

2009-05-13 22:22 . 2009-05-15 20:32 -------- d-----w c:\documents and settings\All Users\Application Data\67913119

2009-04-19 20:34 . 2009-04-19 20:34 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-04-19 20:34 . 2009-04-19 20:34 -------- d-----w c:\windows\system32\IOSUBSYS

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-15 19:44 . 2009-01-29 10:18 -------- d-----w c:\program files\SPAMfighter

2009-05-03 08:40 . 2005-08-26 19:41 71518 ----a-w c:\windows\system32\perfc013.dat

2009-05-03 08:40 . 2005-08-26 19:41 446906 ----a-w c:\windows\system32\perfh013.dat

2009-04-19 20:34 . 2006-09-12 15:52 -------- d-----w c:\program files\Google

2009-04-05 07:16 . 2007-03-29 11:05 -------- d-----w c:\program files\iTunes

2009-04-05 07:16 . 2007-03-29 11:05 -------- d-----w c:\program files\iPod

2009-04-05 07:16 . 2008-09-13 19:08 -------- d-----w c:\program files\Common Files\Apple

2009-04-05 07:04 . 2009-04-05 07:03 -------- d-----w c:\program files\Safari

2009-04-05 07:01 . 2009-04-05 07:01 -------- d-----w c:\program files\Bonjour

2009-03-26 20:08 . 2009-03-26 20:08 -------- d-----w c:\program files\Belastingdienst

2009-03-06 14:23 . 2005-08-26 19:41 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2005-08-26 19:41 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:18 . 2005-08-26 19:40 78336 ----a-w c:\windows\system32\ieencode.dll

2007-03-31 19:20 . 2007-02-06 17:25 711168 --sh--r c:\windows\Server.DLL

2007-03-31 12:12 . 2007-02-06 17:25 66560 --sh--r c:\windows\SERVERKEY.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2005-02-22 1611488]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 68856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"Xanadu"="c:\program files\Foreignword\Xanadu\Xanadu.exe" [2002-08-14 819200]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-16 325768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-06-20 77824]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Maarten\Menu Start\Programma's\Opstarten\

ADSL Dial-in.lnk - c:\documents and settings\Maarten\Application Data\Microsoft\Installer\{01C16D3B-7154-4F1B-8149-F5F124A738D3}\ADSLDialIn.exe11_01C16D3B71544F1B8149F5F124A738D3.exe [2005-9-16 4286]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\utorrent\\utorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [26-5-2006 14:49 4064]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [16-1-2009 11:11 184968]

.

Inhoud van de 'Gedeelde Taken' map

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{F1A4F988-05D3-4541-968F-8B1F7F767DA5}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: {{5CC384BB-1326-11D5-F4AE-00C04923F885} - c:\program files\Foreignword\Xanadu\XanaduLaunch.exe

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-05-15 23:05

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\konfig]

"ImagePath"="c:\opt\MBCASE\pm\bin\mcp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\license]

"ImagePath"="c:\opt\MBCASE\pm\bin\mcp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mcp]

"ImagePath"="c:\opt\MBCASE\pm\bin\mcp"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2648)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2009-05-15 23:07

ComboFix-quarantined-files.txt 2009-05-15 21:07

ComboFix2.txt 2009-05-15 20:53

ComboFix3.txt 2009-05-15 20:12

ComboFix4.txt 2009-05-14 21:07

Pre-Run: 34.050.560.000 bytes beschikbaar

Post-Run: 34.041.745.408 bytes beschikbaar

137 --- E O F --- 2009-05-13 22:31

Bij deze het nieuwe log van ComboFix.

HijackThis heb ik nog niet gedaan, moet dat nu ook?

15 mei 2009

Bij deze ook een log van HiJackThis.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:21:21, on 15-5-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\All Users\Application Data\67913119\67913119.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [Xanadu] C:\Program Files\Foreignword\Xanadu\Xanadu.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ADSL Dial-in.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - C:\opt\MBCASE\WIS\TBCD\tbmux32.exe

--

End of file - 8027 bytes

kape · 15 mei 2009

Combofix heeft een belangrijke rem weggenomen om die twee items te verwijderen. Probeer nu eens of ze allebei kunnen verwijderd worden, want ze duiken nog steeds op in je logje.

Deze dus :

c:\documents and settings\All Users\Application Data\17893124\17893124.exe

c:\documents and settings\All Users\Application Data\67913119\67913119.exe

15 mei 2009

De eerste is niet terug te vinden en de tweede kan niet verwijderd worden, krijg ik de melding.

Ik laat Verkenner zoeken, anders vind ik de bestanden niet, dus copieer en plak.

kape · 15 mei 2009

De eerste is niet terug te vinden en de tweede kan niet verwijderd worden, krijg ik de melding.
Ik laat Verkenner zoeken, anders vind ik de bestanden niet, dus copieer en plak.

Erg vreemd ... want ze zitten allebei nog in je log. Probeer eens of je dat exemplaar dat je kan terugvinden kan verwijderen met Unlocker.

15 mei 2009

Geprobeerd met Unlocker maar zelfs die krijgt de tweede niet weg.

Krijg de melding dat er geen blokkade gevonden is voor dit bestand en als ik dan met unlocker probeer te verwijderen dan lukt dat niet.

kape · 16 mei 2009

OK, dan proberen we met een andere switch van Combofix. Je kent het ondertussen wel

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder:

c:\documents and settings\All Users\Application Data\17893124

c:\documents and settings\All Users\Application Data\67913119

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

16 mei 2009

Hier is het nieuwe log, er wordt trouwens geen herstart van de pc gevraagd, is dit eigenlijk wel de bedoeling? Moet ik dit zelf doen?

Vannacht hebben we de pc aan laten staan omdat we anders bang zijn weer van alles te moeten uithalen om programma's te kunnen openen.

ComboFix 09-05-15.01 - Maarten 16-05-2009 9:09.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1527.1118 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Maarten\Bureaublad\Combo-Fix.exe

gebruikte Opdracht switches :: c:\documents and settings\Maarten\Bureaublad\CFScript.txt

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-16 to 2009-05-16 ))))))))))))))))))))))))))))))

.

2009-05-15 21:57 . 2009-05-15 21:57 -------- d-----w c:\documents and settings\Maarten\Application Data\Desktopicon

2009-05-15 21:57 . 2009-05-15 21:57 -------- d-----w c:\program files\Unlocker

2009-05-15 21:20 . 2009-05-15 21:20 -------- d-----w c:\program files\Trend Micro