Ga naar inhoud

[OPGELOST] Kan bestand niet verwijderen

kurt5

Door kurt5
in Archief Andere software

 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Blijkbaar heb je de voorgestelde fix met Combofix niet op de juiste manier uitgevoerd, waardoor de aangeduide bestanden niet verwijderd zijn. Je moet het bestand CFScript.txt slepen in de snelkoppeling van Combofix op je bureaublad. Dan start deze terug op en voert de aangeduide wijzigingen uit. NU heb je enkel een nieuw log van Combofix gemaakt ... met de besmette bestanden nog in. Dus dit graag even herhalen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\klick.dat

c:\windows\system32\drivers\klin.dat

Driver::

klick.dat

klin.dat

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

kurt5 Vaste Klant

kurt5

Geplaatst:
  • Auteur
Geplaatst:

Heb exact gedaan wat je zei, ik moest wel niet heropstarten. Dus moest ik iets verkeerd doen ik zou niet weten wat. Dus hier is mijn log.

ComboFix 09-06-26.02 - Administrator 27/06/2009 13:50.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1014.605 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: Kaspersky Anti-virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::

"c:\windows\system32\drivers\klick.dat"

"c:\windows\system32\drivers\klin.dat"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\klick.dat

c:\windows\system32\drivers\klin.dat

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-27 to 2009-06-27 ))))))))))))))))))))))))))))))

.

2009-06-25 16:27 . 2009-06-25 16:27 -------- d-----w- c:\windows\system32\dllcache\cache

2009-06-25 10:29 . 2009-06-25 10:29 -------- d-----w- c:\program files\Trend Micro

2009-06-24 19:07 . 2009-06-24 19:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-06-24 19:07 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-24 19:07 . 2009-06-24 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-24 19:07 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-24 19:07 . 2009-06-24 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-24 16:17 . 2009-06-24 16:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon

2009-06-24 16:17 . 2009-06-24 17:20 -------- d-----w- c:\program files\Unlocker

2009-06-23 18:02 . 2009-06-27 11:48 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2009-06-22 17:49 . 2009-06-25 04:46 -------- d-----w- c:\program files\UGS

2009-06-22 16:54 . 2009-06-22 16:54 -------- d-----w- c:\program files\LimeWire

2009-06-21 18:31 . 2009-06-21 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision

2009-06-21 18:30 . 2009-06-21 18:30 -------- d-----w- c:\program files\Rainbow Technologies

2009-06-20 10:33 . 2009-06-22 18:08 1467 ----a-w- c:\windows\system32\setacl.bat

2009-06-19 14:53 . 2009-06-19 14:53 -------- d-----w- C:\Cmsdata

2009-06-19 14:51 . 1994-05-25 07:59 19456 ----a-w- c:\windows\system32\drivers\KEYP.SYS

2009-06-19 14:45 . 2009-06-19 15:14 -------- d-----w- C:\Wintools

2009-06-19 10:34 . 2009-06-19 10:34 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-06-18 10:32 . 2009-06-18 10:31 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-18 10:31 . 2009-06-18 10:31 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_11\lzma.dll

2009-06-17 20:24 . 2004-03-01 10:07 233472 ----a-w- c:\windows\system32\s7esetdx.dll

2009-06-17 20:24 . 1998-06-17 21:00 89360 ----a-w- c:\windows\system32\vb5db.dll

2009-06-17 20:18 . 2009-06-17 20:23 -------- d-----w- c:\windows\TempRASETUP

2009-06-17 20:17 . 2009-06-20 17:17 -------- d-----w- c:\program files\SIEMENS

2009-06-17 20:17 . 2009-06-20 17:17 -------- d-----w- c:\program files\Common Files\Siemens

2009-06-17 20:17 . 2009-06-17 20:24 -------- d-----w- c:\windows\Setup

2009-06-17 20:16 . 2009-06-17 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Siemens

2009-06-17 19:50 . 2009-06-17 19:50 52736 ----a-w- c:\windows\ipuninst.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-27 11:57 . 2008-09-08 15:28 66623008 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-27 11:57 . 2008-09-08 15:28 2920224 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-27 11:45 . 2008-09-08 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-06-27 11:44 . 2008-10-10 14:25 15336 ----a-w- c:\windows\system32\tablet.dat

2009-06-27 11:43 . 2008-09-08 15:28 893576 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-27 11:43 . 2008-09-08 15:28 275576 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-25 10:36 . 2008-09-10 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

2009-06-22 17:40 . 2008-09-06 09:39 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-22 16:55 . 2008-09-10 17:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire

2009-06-22 16:32 . 2008-09-08 15:26 140064 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-22 10:31 . 2008-09-08 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-21 09:06 . 2008-09-10 18:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel

2009-06-21 09:06 . 2008-09-10 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-06-20 17:30 . 2009-01-10 17:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2009-06-18 10:31 . 2008-09-06 09:37 -------- d-----w- c:\program files\Java

2009-06-18 10:27 . 2008-09-12 20:19 -------- d-----w- c:\program files\eMule

2009-06-17 20:28 . 2008-09-10 18:45 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-15 15:27 . 2009-01-11 12:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\My Games

2009-06-15 15:22 . 2009-04-15 17:48 -------- d-----w- c:\program files\3D-Album-CS

2009-05-26 17:26 . 2009-05-26 17:26 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

2009-05-11 18:43 . 2008-09-13 17:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Autodesk

2009-05-07 15:34 . 2004-08-04 08:03 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-06 18:05 . 2009-01-12 16:04 3012 ----a-w- C:\drmHeader.bin

2009-04-29 04:49 . 2004-08-04 08:03 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:49 . 2004-08-04 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-23 17:42 . 2008-09-10 18:38 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-04-23 17:42 . 2008-09-10 18:38 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-04-19 19:51 . 2004-08-04 07:56 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 08:06 . 2006-05-05 01:12 92620 ----a-w- c:\windows\system32\perfc013.dat

2009-04-16 08:06 . 2006-05-05 01:12 513498 ----a-w- c:\windows\system32\perfh013.dat

2009-04-15 14:55 . 2004-08-04 08:03 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\Administrator\Application Data\Desktopicon\eBayShortcuts.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_16.27.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-27 11:44 . 2009-06-27 11:44 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat

+ 2009-06-25 16:27 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe

+ 2009-06-25 16:27 . 2008-04-14 17:02 82432 c:\windows\system32\dllcache\cache\ws2_32.dll

+ 2009-06-25 16:27 . 2008-04-14 17:03 26112 c:\windows\system32\dllcache\cache\userinit.exe

+ 2009-06-25 16:27 . 2008-04-14 17:03 14336 c:\windows\system32\dllcache\cache\svchost.exe

+ 2009-06-25 16:27 . 2008-04-14 17:03 57856 c:\windows\system32\dllcache\cache\spoolsv.exe

+ 2009-06-25 16:27 . 2008-04-14 17:02 17408 c:\windows\system32\dllcache\cache\powrprof.dll

+ 2009-06-25 16:27 . 2008-04-14 17:03 13312 c:\windows\system32\dllcache\cache\lsass.exe

+ 2009-06-25 16:27 . 2008-04-14 16:39 25088 c:\windows\system32\dllcache\cache\kbdclass.sys

+ 2009-06-25 16:27 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys

+ 2009-06-25 16:27 . 2008-04-14 17:02 15360 c:\windows\system32\dllcache\cache\ctfmon.exe

+ 2009-06-25 16:27 . 2008-04-14 17:03 510464 c:\windows\system32\dllcache\cache\winlogon.exe

+ 2009-06-25 16:27 . 2009-04-29 04:49 827392 c:\windows\system32\dllcache\cache\wininet.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 580096 c:\windows\system32\dllcache\cache\user32.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 297472 c:\windows\system32\dllcache\cache\termsrv.dll

+ 2009-06-25 16:27 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys

+ 2009-06-25 16:27 . 2009-02-09 11:27 111104 c:\windows\system32\dllcache\cache\services.exe

+ 2009-06-25 16:27 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys

+ 2009-06-25 16:27 . 2008-04-14 17:02 110080 c:\windows\system32\dllcache\cache\imm32.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 175616 c:\windows\system32\dllcache\cache\appmgmts.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 1571840 c:\windows\system32\dllcache\cache\sfcfiles.dll

+ 2009-06-25 16:27 . 2009-02-09 11:27 2149888 c:\windows\system32\dllcache\cache\ntoskrnl.exe

+ 2009-06-25 16:27 . 2009-02-09 11:27 2028544 c:\windows\system32\dllcache\cache\ntkrnlpa.exe

+ 2009-06-25 16:27 . 2009-03-21 14:09 1030656 c:\windows\system32\dllcache\cache\kernel32.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 1037312 c:\windows\system32\dllcache\cache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-06-10 10:29 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 136600]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-10-10 106496]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [19/01/2009 18:16 120320]

R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [21/01/2009 22:05 78848]

R2 KeyP;KeyP;c:\windows\system32\drivers\KEYP.SYS [19/06/2009 16:51 19456]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [10/06/2008 12:29 53032]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [6/09/2008 11:41 540448]

R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [3/07/2008 13:04 31232]

R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [30/07/2007 12:06 71168]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/04/2007 14:58 24344]

R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [8/09/2008 17:40 161792]

S2 UGS License Server (ugslmd);UGS License Server (ugslmd);"c:\program files\UGS\UGSLicensing\lmgrd.exe" --> c:\program files\UGS\UGSLicensing\lmgrd.exe [?]

S3 DualCoreCenter;DualCoreCenter;c:\biostools\NTGLM7X.sys [17/12/2008 10:38 28160]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [28/11/2008 17:34 33752]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [5/11/2008 19:05 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [5/11/2008 19:05 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594230785-904726401-1854274687-500.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-18 09:36]

2009-06-25 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-06-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-06-27 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 20:18]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - Sign In

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: arena51.be\www

Trusted Zone: bedrockplace.net\www

Trusted Zone: cgsociety.org\www

Trusted Zone: dexia.be\www

Trusted Zone: digitaltutors.com\www

Trusted Zone: google.be\www

Trusted Zone: kwsd.be\www

Trusted Zone: pc-helpforum.be\www

Trusted Zone: sportwereld.be\www

Trusted Zone: svzw.be\www

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-06-27 13:57

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1368)

c:\windows\system32\GTGina.dll

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll

c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1424)

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll

.

Voltooingstijd: 2009-06-27 13:58

ComboFix-quarantined-files.txt 2009-06-27 11:58

ComboFix2.txt 2009-06-27 11:39

ComboFix3.txt 2009-06-26 10:49

ComboFix4.txt 2009-06-26 10:40

ComboFix5.txt 2009-06-27 11:49

Pre-Run: 35.493.990.400 bytes beschikbaar

Post-Run: 35.470.204.928 bytes beschikbaar

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

254 --- E O F --- 2009-06-14 01:01

kurt5 Vaste Klant

kurt5

Geplaatst:
  • Auteur
Geplaatst:

Ja heb nog altijd het probleem dat ik een bestand niet kan verwijderen. Ik heb een printscreen genomen en daarop zie je het prog die ik wil verwijderen maar niet lukt en een foutmelding geeft. Dat was in feite mijn hoofdprobleem. Dit moet eraf zodat ik alles eens opnieuw kan erop zetten.

PrintScreen.doc

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Als het enkel om die UGSLicensing gaat, mag je dit even uitproberen :

Ga naar Start - Uitvoeren en tik in: sc stop ugslmd

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete ugslmd

Druk op Enter.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\UGS

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

kurt5 Vaste Klant

kurt5

Geplaatst:
  • Auteur
Geplaatst:

Oké, hier is mijn log. Heb alles gedaan zoals je zei.

ComboFix 09-06-26.02 - Administrator 28/06/2009 9:58.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1014.531 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: Kaspersky Anti-virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))

.

2009-06-28 07:22 . 2009-06-28 07:22 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-06-28 07:22 . 2009-06-28 07:22 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-06-25 16:27 . 2009-06-25 16:27 -------- d-----w- c:\windows\system32\dllcache\cache

2009-06-25 10:29 . 2009-06-25 10:29 -------- d-----w- c:\program files\Trend Micro

2009-06-24 19:07 . 2009-06-24 19:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-06-24 19:07 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-24 19:07 . 2009-06-24 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-24 19:07 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-24 19:07 . 2009-06-24 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-24 16:17 . 2009-06-24 16:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon

2009-06-24 16:17 . 2009-06-24 17:20 -------- d-----w- c:\program files\Unlocker

2009-06-23 18:02 . 2009-06-28 07:57 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2009-06-22 16:54 . 2009-06-22 16:54 -------- d-----w- c:\program files\LimeWire

2009-06-21 18:31 . 2009-06-21 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision

2009-06-21 18:30 . 2009-06-21 18:30 -------- d-----w- c:\program files\Rainbow Technologies

2009-06-20 10:33 . 2009-06-22 18:08 1467 ----a-w- c:\windows\system32\setacl.bat

2009-06-19 14:53 . 2009-06-19 14:53 -------- d-----w- C:\Cmsdata

2009-06-19 14:51 . 1994-05-25 07:59 19456 ----a-w- c:\windows\system32\drivers\KEYP.SYS

2009-06-19 14:45 . 2009-06-19 15:14 -------- d-----w- C:\Wintools

2009-06-19 10:34 . 2009-06-19 10:34 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-06-18 10:32 . 2009-06-18 10:31 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-18 10:31 . 2009-06-18 10:31 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_11\lzma.dll

2009-06-17 20:24 . 2004-03-01 10:07 233472 ----a-w- c:\windows\system32\s7esetdx.dll

2009-06-17 20:24 . 1998-06-17 21:00 89360 ----a-w- c:\windows\system32\vb5db.dll

2009-06-17 20:18 . 2009-06-17 20:23 -------- d-----w- c:\windows\TempRASETUP

2009-06-17 20:17 . 2009-06-20 17:17 -------- d-----w- c:\program files\SIEMENS

2009-06-17 20:17 . 2009-06-20 17:17 -------- d-----w- c:\program files\Common Files\Siemens

2009-06-17 20:17 . 2009-06-17 20:24 -------- d-----w- c:\windows\Setup

2009-06-17 20:16 . 2009-06-17 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Siemens

2009-06-17 19:50 . 2009-06-17 19:50 52736 ----a-w- c:\windows\ipuninst.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-28 08:02 . 2008-09-08 15:28 66793248 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-28 08:02 . 2008-09-08 15:28 2928160 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-28 07:29 . 2008-09-08 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-06-28 07:22 . 2008-10-10 14:25 15336 ----a-w- c:\windows\system32\tablet.dat

2009-06-27 23:25 . 2008-09-08 15:28 894920 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-27 23:25 . 2008-09-08 15:28 276032 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-25 10:36 . 2008-09-10 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

2009-06-22 17:40 . 2008-09-06 09:39 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-22 16:55 . 2008-09-10 17:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire

2009-06-22 16:32 . 2008-09-08 15:26 140064 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-22 10:31 . 2008-09-08 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-21 09:06 . 2008-09-10 18:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel

2009-06-21 09:06 . 2008-09-10 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-06-20 17:30 . 2009-01-10 17:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2009-06-18 10:31 . 2008-09-06 09:37 -------- d-----w- c:\program files\Java

2009-06-18 10:27 . 2008-09-12 20:19 -------- d-----w- c:\program files\eMule

2009-06-17 20:28 . 2008-09-10 18:45 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-15 15:27 . 2009-01-11 12:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\My Games

2009-06-15 15:22 . 2009-04-15 17:48 -------- d-----w- c:\program files\3D-Album-CS

2009-05-26 17:26 . 2009-05-26 17:26 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

2009-05-11 18:43 . 2008-09-13 17:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Autodesk

2009-05-07 15:34 . 2004-08-04 08:03 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-06 18:05 . 2009-01-12 16:04 3012 ----a-w- C:\drmHeader.bin

2009-04-29 04:49 . 2004-08-04 08:03 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:49 . 2004-08-04 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-23 17:42 . 2008-09-10 18:38 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-04-23 17:42 . 2008-09-10 18:38 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-04-19 19:51 . 2004-08-04 07:56 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 08:06 . 2006-05-05 01:12 92620 ----a-w- c:\windows\system32\perfc013.dat

2009-04-16 08:06 . 2006-05-05 01:12 513498 ----a-w- c:\windows\system32\perfh013.dat

2009-04-15 14:55 . 2004-08-04 08:03 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\Administrator\Application Data\Desktopicon\eBayShortcuts.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_16.27.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-28 07:22 . 2009-06-28 07:22 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat

+ 2009-06-25 16:27 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe

+ 2009-06-25 16:27 . 2008-04-14 17:02 82432 c:\windows\system32\dllcache\cache\ws2_32.dll

+ 2009-06-25 16:27 . 2008-04-14 17:03 26112 c:\windows\system32\dllcache\cache\userinit.exe

+ 2009-06-25 16:27 . 2008-04-14 17:03 14336 c:\windows\system32\dllcache\cache\svchost.exe

+ 2009-06-25 16:27 . 2008-04-14 17:03 57856 c:\windows\system32\dllcache\cache\spoolsv.exe

+ 2009-06-25 16:27 . 2008-04-14 17:02 17408 c:\windows\system32\dllcache\cache\powrprof.dll

+ 2009-06-25 16:27 . 2008-04-14 17:03 13312 c:\windows\system32\dllcache\cache\lsass.exe

+ 2009-06-25 16:27 . 2008-04-14 16:39 25088 c:\windows\system32\dllcache\cache\kbdclass.sys

+ 2009-06-25 16:27 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys

+ 2009-06-25 16:27 . 2008-04-14 17:02 15360 c:\windows\system32\dllcache\cache\ctfmon.exe

+ 2009-06-25 16:27 . 2008-04-14 17:03 510464 c:\windows\system32\dllcache\cache\winlogon.exe

+ 2009-06-25 16:27 . 2009-04-29 04:49 827392 c:\windows\system32\dllcache\cache\wininet.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 580096 c:\windows\system32\dllcache\cache\user32.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 297472 c:\windows\system32\dllcache\cache\termsrv.dll

+ 2009-06-25 16:27 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys

+ 2009-06-25 16:27 . 2009-02-09 11:27 111104 c:\windows\system32\dllcache\cache\services.exe

+ 2009-06-25 16:27 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys

+ 2009-06-25 16:27 . 2008-04-14 17:02 110080 c:\windows\system32\dllcache\cache\imm32.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 175616 c:\windows\system32\dllcache\cache\appmgmts.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 1571840 c:\windows\system32\dllcache\cache\sfcfiles.dll

+ 2009-06-25 16:27 . 2009-02-09 11:27 2149888 c:\windows\system32\dllcache\cache\ntoskrnl.exe

+ 2009-06-25 16:27 . 2009-02-09 11:27 2028544 c:\windows\system32\dllcache\cache\ntkrnlpa.exe

+ 2009-06-25 16:27 . 2009-03-21 14:09 1030656 c:\windows\system32\dllcache\cache\kernel32.dll

+ 2009-06-25 16:27 . 2008-04-14 17:02 1037312 c:\windows\system32\dllcache\cache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-06-10 10:29 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 136600]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-10-10 106496]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [19/01/2009 18:16 120320]

R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [21/01/2009 22:05 78848]

R2 KeyP;KeyP;c:\windows\system32\drivers\KEYP.SYS [19/06/2009 16:51 19456]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [10/06/2008 12:29 53032]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [6/09/2008 11:41 540448]

R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [3/07/2008 13:04 31232]

R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [30/07/2007 12:06 71168]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/04/2007 14:58 24344]

R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [8/09/2008 17:40 161792]

S2 UGS License Server (ugslmd);UGS License Server (ugslmd);"c:\program files\UGS\UGSLicensing\lmgrd.exe" --> c:\program files\UGS\UGSLicensing\lmgrd.exe [?]

S3 DualCoreCenter;DualCoreCenter;c:\biostools\NTGLM7X.sys [17/12/2008 10:38 28160]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [28/11/2008 17:34 33752]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [5/11/2008 19:05 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [5/11/2008 19:05 8320]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594230785-904726401-1854274687-500.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-18 09:36]

2009-06-27 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-06-28 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-06-28 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 20:18]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - Sign In

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: arena51.be\www

Trusted Zone: bedrockplace.net\www

Trusted Zone: cgsociety.org\www

Trusted Zone: dexia.be\www

Trusted Zone: digitaltutors.com\www

Trusted Zone: google.be\www

Trusted Zone: kwsd.be\www

Trusted Zone: pc-helpforum.be\www

Trusted Zone: sportwereld.be\www

Trusted Zone: svzw.be\www

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-06-28 10:02

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1368)

c:\windows\system32\GTGina.dll

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll

c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1432)

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(1188)

c:\windows\system32\tabhook.dll

c:\program files\Nero\Nero8\InCD\NBHShx.dll

c:\program files\Nero\Nero8\InCD\NBHStr.dll

c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2009-06-28 10:04

ComboFix-quarantined-files.txt 2009-06-28 08:04

ComboFix2.txt 2009-06-28 07:42

ComboFix3.txt 2009-06-27 11:59

ComboFix4.txt 2009-06-27 11:39

ComboFix5.txt 2009-06-28 07:57

Pre-Run: 35.484.483.584 bytes beschikbaar

Post-Run: 35.458.777.088 bytes beschikbaar

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

260 --- E O F --- 2009-06-14 01:01

kape Grootmeester

kape

Geplaatst:
Geplaatst:

De kans was ingecalculeerd dat je via Software dat item nooit meer zou kunnen verwijderen en dat het daar ten eeuwigen dage nutteloos zou blijven instaan, ondanks het feit dat het programma volledig van je PC is verdwenen. Enige mogelijkheid is dat je nog eens in je register gaat zoeken naar ingangen van die UGS en daar deze items gaat verwijderen. Maar werken in het register is altijd een beetje "tricky business" :s

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.