|
| |||||||
 |
 |
| | Thread Tools |
|
#1
23 juni 2009, 10:38
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! Ik heb onlangs een thema gedownload aanvraag. Na installatie, Kaspersky gevraagd een waarschuwing te zeggen computer is geïnfecteerd met MultiPacked.Multi.Generic malware. Mijn Kaspersky werken niet meer en mijn windows theme is weg-ik ben vast met vensters klassieker. Help alsjeblieft! |
|
#2
23 juni 2009, 11:25
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! Probeer je me een van de logs kun je van hier. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24 jun 2009, 11:44
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! Lijkt erop dat de forums een glitch. Gelieve na deze DDS logs. Download DDS uit | HIER | of | HIER | of | HIER | en sla het op uw bureaublad. Vista-gebruikers klik met de rechtermuisknop op DDS en selecteer Uitvoeren als beheerder (u ontvangt een UAC-prompt, gelieve toelaten) * XP-gebruikers Dubbelklik op DDS om het uit te voeren. * Als uw antivirus of firewall probeert te blokkeren DDS neem dan toe te lopen. * Wanneer u klaar bent DDS zal twee (2) logs. 1) DDS.txt 2) Attach.txt * Sla beide logs op uw bureaublad. * Kopieer en plak de volledige inhoud van beide stammen in je volgende antwoord. Opmerking: DDS zal u na de Attach.txt log als bijlage. Gelieve alleen bericht als u een andere log door kopiëren en plakken in het antwoord.
__________________ |
|
#4
24 jun 2009, 13:55
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! DDS (Ver_09-05-14.01) - NTFSx86 Draaien met de muis op 16:53:23.36 op woensdag 06.24.2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * On-access scannen gehandicapte * (Updated) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * ingeschakeld * (2C4D4BC6-0793-4956-A9F9-E252435469C0) ============== Draaiende processen =============== C: \ WINDOWS \ system32 \ svchost-k DcomLaunch svchost.exe C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ svchost.exe-k WudfServiceGroup svchost.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ RUNDLL32.EXE C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ PROGRA ~ 1 \ MICROS ~ 4 \ rapimgr.exe svchost.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ svchost.exe-k imgsvc C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Desktop \ dds.com ============== Pseudo HJT Verslag =============== uStart Page = hxxp: / / google.com / uInternet Instellingen, ProxyOverride = *. lokale BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - c: \ program files \ common files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (mastermind): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO Klasse: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-In 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl Klasse: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ implementeren \ jqs \ IE \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - c: \ program files \ Veoh netwerken \ Veoh \ Plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-A342-7c2a440a9478) - Geen bestand uRun: [Ctfmon.exe] c: \ windows \ system32 \ Ctfmon.exe uRun: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c: \ windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "c: \ program files \ creative \ shared files \ module loader \ DLLML.exe" RCSystem *-Startup mRun: [AudioDrvEmulator] "c: \ program files \ creative \ shared files \ module loader \ dllml.exe" -1 audiodrvemulator "c: \ program files \ creative \ shared files \ module loader \ audio emulator \ AudDrvEm.dll" mRun: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ volume panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] RUNDLL32.EXE c: \ windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] c: \ program files \ common files \ apple \ mobile device support \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "c: \ program files \ itunes \ iTunesHelper.exe" IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xporteren naar Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminal / InstallerControl.cab DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # version = 6030,2008,0904,1947 Handler: CDO - (CD00020A-8B95-11D1-82 dB-00C04FB1625D) - c: \ program files \ common files \ Microsoft Shared \ Web Folders \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - c: \ progra ~ 1 \ common ~ 1 \ Skype \ SKYPE4 ~ 1.dll Notify:! SASWinLogon - c: \ program files \ superantispyware \ SASWINLO.DLL Melden: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ adialhk.dll, c: \ progra ~ 1 \ kaspe r ~ 1 \ kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - c: \ windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook Klasse: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - c: \ program files \ superantispyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= DIENSTEN / DRIVERS =============== R0 kl1; Kl1, c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif; Kaspersky Lab Driver; c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL; c: \ program files \ superantispyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 AVP; Kaspersky Internet Security; C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r -> C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 Viewpoint Manager Service; Viewpoint Manager Service; c: \ program files \ oogpunt \ common \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM; c: \ program files \ superantispyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV; c: \ program files \ superantispyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Cuba se32.sys [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53, c: \ windows \ systematische M32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080] =============== Aangemaakt Laatste 30 ================ 2009-06-17 13:58 <DIR> - d ----- c: \ program files \ LSoft Technologies 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iPod 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iTunes ==================== Find3M ==================== ============= FINISH: 16:54:12.42 =============== TENZIJ UITDRUKKELIJK GEINSTRUEERD, DON'T POST THIS LOG. Indien daarom wordt verzocht, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Opstartapparaat: \ Device \ HarddiskVolume1 Installeer Datum: 5/12/2008 2:38:20 PM System Uptime: 6/24/2009 12:33:35 PM (4 uur geleden) Moederbord: http://www.abit.com.tw/ | | IP35 PRO (P35 + ICH9R) Processor: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz ==== Disk Scheidingsvlakken ========================= A: is Removable C: is vastgesteld (NTFS) - 128 GIB totaal 60.146 GIB gratis. D: is vastgesteld (NTFS) - 69 GIB totaal 60.479 GIB gratis. E: is CDROM (CDFS) F: is CDROM (CDFS) G: is vastgesteld (NTFS) - 245 GIB totaal 138.326 GIB gratis. H: is CDROM () I: is CDROM () J: is CDROM () K: is CDROM () ==== Handicap Apparaatbeheer objecten ============= Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beschrijving: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Fabrikant: Realtek Semiconductor Corp Naam: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Service: RTL8023xp Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beschrijving: MAC Bridge Miniport Device ID: ROOT \ MS_BRIDGEMP \ 0000 Fabrikant: Microsoft Naam: MAC Bridge Miniport PNP Device ID: ROOT \ MS_BRIDGEMP \ 0000 Service: BridgeMP ==== System Restore Points =================== RP202: 3/26/2009 6:14:01 PM - System Checkpoint RP203: 3/27/2009 9:06:08 PM - System Checkpoint RP204: 3/30/2009 12:43:20 PM - System Checkpoint RP205: 4/1/2009 5:11:23 PM - System Checkpoint RP206: 4/3/2009 3:31:49 PM - System Checkpoint RP207: 4/6/2009 11:30:33 AM - System Checkpoint RP208: 4/8/2009 1:48:55 AM - Verwijderde MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Geïnstalleerde MapleStory. RP210: 4/8/2009 2:00:33 AM - Verwijderde MapleStory. RP211: 4/8/2009 2:12:11 AM - Geïnstalleerde MapleStory. RP212: 4/9/2009 1:53:58 PM - System Checkpoint RP213: 4/11/2009 6:22:36 AM - System Checkpoint RP214: 4/14/2009 11:18:28 AM - System Checkpoint RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3.0 RP216: 4/18/2009 1:32:37 AM - System Checkpoint RP217: 4/21/2009 2:37:36 PM - System Checkpoint RP218: 4/22/2009 5:07:27 PM - System Checkpoint RP219: 4/24/2009 2:41:28 PM - System Checkpoint RP220: 4/25/2009 10:07:27 PM - System Checkpoint RP221: 4/28/2009 6:48:10 AM - Installed Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - System Checkpoint RP223: 5/3/2009 11:36:18 PM - System Checkpoint RP224: 5/5/2009 2:29:10 PM - System Checkpoint RP225: 5/6/2009 8:29:33 PM - System Checkpoint RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3.0 RP227: 5/7/2009 11:16:03 AM - de installatie van Windows XP WgaNotify. RP228: 5/9/2009 11:12:42 AM - System Checkpoint RP229: 5/10/2009 5:10:12 PM - System Checkpoint RP230: 5/11/2009 9:02:07 PM - System Checkpoint RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3.0 RP232: 5/14/2009 2:28:00 PM - Verwijderde ZU-ONLINE RP233: 5/15/2009 2:47:49 PM - System Checkpoint RP234: 5/17/2009 1:28:31 AM - System Checkpoint RP235: 5/17/2009 4:58:00 PM - Geïnstalleerde LG USB Modem driver RP236: 5/19/2009 11:34:48 AM - System Checkpoint RP237: 5/20/2009 12:47:48 PM - System Checkpoint RP238: 5/23/2009 10:08:08 AM - System Checkpoint RP239: 6/1/2009 10:03:10 AM - System Checkpoint RP240: 6/2/2009 10:03:30 AM - System Checkpoint RP241: 6/3/2009 11:47:56 AM - System Checkpoint RP242: 6/5/2009 11:10:53 PM - System Checkpoint RP243: 6/7/2009 2:46:24 PM - System Checkpoint RP244: 6/9/2009 11:32:41 AM - System Checkpoint RP245: 6/10/2009 5:52:30 PM - System Checkpoint RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3.0 RP247: 6/12/2009 12:14:34 PM - System Checkpoint RP248: 6/13/2009 1:12:33 PM - System Checkpoint RP249: 6/14/2009 9:20:14 PM - System Checkpoint RP250: 6/15/2009 9:53:46 PM - System Checkpoint RP251: 6/17/2009 12:27:01 AM - System Checkpoint RP252: 6/21/2009 7:28:06 PM - System Checkpoint RP253: 6/22/2009 8:08:50 PM - System Checkpoint RP254: 6/23/2009 2:54:41 PM - Verwijderde Garmin City Navigator Noord Amerika NT 2009 Update RP255: 6/23/2009 2:58:20 PM - Verwijderde palmOne RP256: 6/24/2009 3:58:18 PM - System Checkpoint ==== Geïnstalleerde programma's ====================== ==== Logboekinzage Berichten uit het verleden Week ======== ==== Einde van het bestand =========================== |
|
#5
24 jun 2009, 14:05
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! Download ComboFix © by subs uit een van de onderstaande links. Wees er zeker boven op te slaan op de Desktop. Link # 1 Link # 2 ** Opmerking: Het is belangrijk dat het is opgeslagen rechtstreeks op uw bureaublad DO NOT loopt het nog niet! Opmerking: de onderstaande instructies zijn die speciaal voor deze gebruiker. Als u geen gebruiker, DO NOT Volg deze aanwijzingen als ze kunnen schade toebrengen aan de werking van uw systeem Verwijder deze bestanden / mappen, als volgt: 1. Ga naar Start > Rennen > Type Notepad.exe en klik op OK Kladblok te openen. Het moet worden Kladblok, Wordpad niet. 2. Kopieer de tekst in de onderstaande code vak door alle tekst en drukken Ctrl + C Code: Killall: DDS: uInternet Instellingen, ProxyOverride = *. lokale EB: (32683183-48a0-441b-A342-7c2a440a9478) - Geen bestand IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - c: \ program files \ Messenger \ msmsgs.exe DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver:: Viewpoint Manager Service map: c: \ program files \ oogpunt 4. Klik vervolgens op Bestand > Redden 5. Geef het bestand de naam CFScript.txt - Sla het bestand op uw bureaublad 6. Vervolgens sleept u de CFScript (houd de linker muisknop te slepen, terwijl het bestand) en de daling van het (laat de linker muisknop) in ComboFix.exe zoals je kunt zien in het screenshot hieronder. Belangrijk: Voer deze instructie zorgvuldig!  ComboFix zal beginnen uit te voeren, volg de instructies. Na een reboot (in geval er gevraagd om opnieuw op te starten), zal een log voor je. Post dat log (Combofix.txt) in je volgende antwoord. Opmerking: Niet muisklik ComboFix het venster terwijl het draait. Dat kan ertoe leiden dat uw systeem te bevriezen
__________________ |
|
#6
25 juni 2009, 08:45
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Muis 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command switches gebruikt:: c: \ documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access scannen gehandicapte * (Updated) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * ingeschakeld * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ program files \ oogpunt c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys C: \ Program Files \ Messenger \ msmsgs.exe c: \ program files \ oogpunt \ Common \ ViewpointService.exe c: \ program files \ oogpunt \ Common \ VistaBoot.sdll c: \ program files \ oogpunt \ Viewpoint Media Player \ AxMetaStream.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ ClassIDs.ini c: \ program files \ oogpunt \ Viewpoint Media Player \ ComponentMgr.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ MetaStreamID.ini c: \ program files \ oogpunt \ Viewpoint Media Player \ MtsAxInstaller.exe c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ AOLUserShell.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ Cursors.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ JpegReader.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ Mts3Reader.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ SceneComponent.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ SreeDMMX.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ SWFView.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ VETScriptInterpreter.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ VMPSpeech.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ NewComponents \ VMPVideo2.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ npViewpoint.dll c: \ program files \ oogpunt \ Viewpoint Media Player \ npViewpoint.xpt c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ Desktop.ini c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ Desktop.ini c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codecs \ 7zAES.dll c: \ windows \ system32 \ Codecs \ AES.dll c: \ windows \ system32 \ Codecs \ Branch.dll c: \ windows \ system32 \ Codecs \ BZip2.dll c: \ windows \ system32 \ Codecs \ Copy.dll c: \ windows \ system32 \ Codecs \ Deflate.dll c: \ windows \ system32 \ Codecs \ LZMA.dll c: \ windows \ system32 \ Codecs \ PPMd.dll c: \ windows \ system32 \ Codecs \ Rar29.dll c: \ windows \ system32 \ Codecs \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Formaten \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Manager Service ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( Bestanden Gemaakt van 2009-05-24 tot 2009-06-24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117,760 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75,048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345,600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585,216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81,920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ zondag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ Move Networks 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ documents and settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5,433,520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries worden niet weergegeven REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ valuta entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Adobe Gamma Loader.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Opstarten [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Opstarten [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Microsoft Office.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ PSS \ Microsoft Office.lnkCommon Opstarten [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Engels \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] --- Andere Diensten / drivers In Memory --- * NewlyCreated * - SASDIFSV . Inhoud van de 'Geplande taken' map 2009-06-13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-24 c: \ windows \ Taken \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - WEZEN REMOVED - - - -- SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- Bijkomende Scan ------- . uStart Page = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xporteren naar Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net Rootkit scan 2009-06-24 19:25 Windows 5.1.2600 Service Pack 3 NTFS het scannen van verborgen processen ... het scannen van verborgen autostart items ... het scannen van verborgen bestanden ... scannen is voltooid verborgen bestanden: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED GRIFFIE SLEUTELS [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, D2, D9, C8, 28,51, af, b0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, e2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, dc, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, c9, 26, eb, A7, df, 4d, 25, c2, 62,83,25, da, EG, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, e4, F6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, b4, 61,82, bb, ab, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, E7, 8 D, 86,8 c, 21,01, worden, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1D, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, C8, 7e, 4a, D5, 24,8 d, 3a, 49, c4, b0, 18, ed, A7, 3f, 8d, 37, a4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, E1, ba, b1, f8, 68,02,77, c3, de, C6, 98,79, 54,2 c, FB, A7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, f8, 0F, F3, 83,6 c, 56,8 b, a0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 b, 89, c9, 6a, ea, f8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14 cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, A8, c4, f8, B9, 6b, C6, A2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, EB, bc, 2f, 6b, E1, 69,31, ac, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: FA, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 A, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | "yyyy" ¤ • € | U • Een ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Geladen Onder Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Afronding tijd: 2009-06-24 19:29 - machine werd herstart ComboFix-quarantaine-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 bytes vrij Post-Run: 67799437312 bytes vrij WindowsXP-KB310994-SP2-Pro-Bootdisk-NLD.exe [boot loader] timeout = 2 standaard = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ bootsect.dat = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn Huidige = 3 Standaard = 3 mislukt = 1 LastKnownGood = 4 Stelt = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25 juni 2009, 09:58
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! Verwijder deze bestanden / mappen, als volgt: 1. Ga naar Start > Rennen > Type Notepad.exe en klik op OK Kladblok te openen. Het moet worden Kladblok, Wordpad niet. 2. Kopieer de tekst in de onderstaande code vak door alle tekst en drukken Ctrl + C Code: Killall: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | "yyyy" ¤ • € | U • Een ~ *] 4. Klik vervolgens op Bestand > Redden 5. Geef het bestand de naam CFScript.txt - Sla het bestand op uw bureaublad 6. Vervolgens sleept u de CFScript (houd de linker muisknop te slepen, terwijl het bestand) en de daling van het (laat de linker muisknop) in ComboFix.exe zoals je kunt zien in het screenshot hieronder. Belangrijk: Voer deze instructie zorgvuldig! ComboFix zal beginnen uit te voeren, volg de instructies. Na een reboot (in geval er gevraagd om opnieuw op te starten), zal een log voor je. Post dat log (Combofix.txt) in je volgende antwoord. Opmerking: Niet muisklik ComboFix het venster terwijl het draait. Dat kan ertoe leiden dat uw systeem te bevriezen ---------- Ook laat het me weten hoe de computer nu. .
__________________ |
|
#8
25 juni 2009, 16:17
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Muis 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command switches gebruikt:: c: \ documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access scannen gehandicapte * (Updated) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * gehandicapten * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Bestanden Gemaakt van 2009-05-25 tot 2009-06-25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117,760 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75,048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345,600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585,216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33,808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213,520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861,448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81,920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ zondag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ documents and settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5,433,520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ Userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ cache \ Services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ Ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries worden niet weergegeven REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ valuta entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Adobe Gamma Loader.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Opstarten [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Opstarten [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Microsoft Office.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ PSS \ Microsoft Office.lnkCommon Opstarten [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Engels \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Inhoud van de 'Geplande taken' map 2009-06-13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-25 c: \ windows \ Taken \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Bijkomende Scan ------- . uStart Page = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xporteren naar Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net Rootkit scan 2009-06-25 19:11 Windows 5.1.2600 Service Pack 3 NTFS het scannen van verborgen processen ... het scannen van verborgen autostart items ... het scannen van verborgen bestanden ... scannen is voltooid verborgen bestanden: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED GRIFFIE SLEUTELS [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, D2, D9, C8, 28,51, af, b0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, e2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, dc, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, c9, 26, eb, A7, df, 4d, 25, c2, 62,83,25, da, EG, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, e4, F6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, b4, 61,82, bb, ab, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, E7, 8 D, 86,8 c, 21,01, worden, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1D, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, C8, 7e, 4a, D5, 24,8 d, 3a, 49, c4, b0, 18, ed, A7, 3f, 8d, 37, a4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, E1, ba, b1, f8, 68,02,77, c3, de, C6, 98,79, 54,2 c, FB, A7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, f8, 0F, F3, 83,6 c, 56,8 b, a0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 b, 89, c9, 6a, ea, f8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14 cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, A8, c4, f8, B9, 6b, C6, A2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, EB, bc, 2f, 6b, E1, 69,31, ac, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: FA, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 A, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | "yyyy" ¤ • € | U • Een ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Geladen Onder Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Afronding tijd: 2009-06-25 19:14 - machine werd herstart ComboFix-quarantaine-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 bytes vrij Post-Run: 67883995136 bytes vrij Huidige = 3 Standaard = 3 mislukt = 1 LastKnownGood = 4 Stelt = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25 juni 2009, 18:13
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! Sorry dat ik iets vergeten. Verwijder deze bestanden / mappen, als volgt: 1. Ga naar Start > Rennen > Type Notepad.exe en klik op OK Kladblok te openen. Het moet worden Kladblok, Wordpad niet. 2. Kopieer de tekst in de onderstaande code vak door alle tekst en drukken Ctrl + C Code: Killall: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ UserData \ LocalSystem \ Components \ h-€ | "yyyy" ¤ • € | U • Een ~ *] 4. Klik vervolgens op Bestand > Redden 5. Geef het bestand de naam CFScript.txt - Sla het bestand op uw bureaublad 6. Vervolgens sleept u de CFScript (houd de linker muisknop te slepen, terwijl het bestand) en de daling van het (laat de linker muisknop) in ComboFix.exe zoals je kunt zien in het screenshot hieronder. Belangrijk: Voer deze instructie zorgvuldig! ComboFix zal beginnen uit te voeren, volg de instructies. Na een reboot (in geval er gevraagd om opnieuw op te starten), zal een log voor je. Post dat log (Combofix.txt) in je volgende antwoord. Opmerking: Niet muisklik ComboFix het venster terwijl het draait. Dat kan ertoe leiden dat uw systeem te bevriezen ---------- Ook laat het me weten hoe de computer nu. .
__________________ |
|
#10
26 jun 2009, 00:59
| |||
| |||
| Besmet met MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Muis 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command switches gebruikt:: c: \ documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access scannen gehandicapte * (Updated) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * gehandicapten * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Bestanden Gemaakt van 2009-05-26 tot 2009-06-26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117,760 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75,048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345,600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585,216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33,808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213,520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861,448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81,920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ zondag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ documents and settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5,433,520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ Userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ cache \ Services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ Ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries worden niet weergegeven REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ valuta entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Adobe Gamma Loader.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Opstarten [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Opstarten [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Microsoft Office.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ PSS \ Microsoft Office.lnkCommon Opstarten [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Engels \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Inhoud van de 'Geplande taken' map 2009-06-13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-26 c: \ windows \ Taken \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Bijkomende Scan ------- . uStart Page = hxxp: / / google.com / IE: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xporteren naar Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net Rootkit scan 2009-06-26 03:54 Windows 5.1.2600 Service Pack 3 NTFS het scannen van verborgen processen ... het scannen van verborgen autostart items ... het scannen van verborgen bestanden ... scannen is voltooid verborgen bestanden: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED GRIFFIE SLEUTELS [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, D2, D9, C8, 28,51, af, b0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, e2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, dc, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, c9, 26, eb, A7, df, 4d, 25, c2, 62,83,25, da, EG, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, e4, F6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, b4, 61,82, bb, ab, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, E7, 8 D, 86,8 c, 21,01, worden, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1D, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, C8, 7e, 4a, D5, 24,8 d, 3a, 49, c4, b0, 18, ed, A7, 3f, 8d, 37, a4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, E1, ba, b1, f8, 68,02,77, c3, de, C6, 98,79, 54,2 c, FB, A7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, f8, 0F, F3, 83,6 c, 56,8 b, a0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 b, 89, c9, 6a, ea, f8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14 cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, A8, c4, f8, B9, 6b, C6, A2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, EB, bc, 2f, 6b, E1, 69,31, ac, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: FA, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 A, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | "yyyy" ¤ • € | U • Een ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Geladen Onder Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (672) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Voltooiingstijdstip: 2009-06-26 3:57 - machine werd herstart ComboFix-quarantaine-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 bytes vrij Post-Run: 67888648192 bytes vrij Huidige = 3 Standaard = 3 mislukt = 1 LastKnownGood = 4 Stelt = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
|
| |
| Bladwijzers |
Gelijkaardige Draden | ||||
| Draad | Thread Starter | Forum | Antwoorden | Last Post |
| Probleem met Trojan Horse Downloader Generic 9 | OGB | Virus, spyware & Security | 7 | 21 november 2009 13:06 |
| Multi Desktop applicatie? | Haun | Algemene programmatuurnoot Chat | 6 | 31 mrt 2009 01:30 |
| Heur Trojan Generic | kathymer | Virus, spyware & Security | 10 | 29 nov 2008 12:58 |
| Besmet met Heur.trojan.generic Please Help | ruffryder2k7 | Virus, spyware & Security | 17 | 6 nov 2008 10:39 |
| Bent u in staat om te synchroniseren een generieke mp3 speler [niet een iPod] met iTunes? | reyrey_angulo | Geluid, Speakers & MP3 Spelers | 1 | 18 mrt 2007 15:39 |
| Thread Tools | |
| |
