Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
zoon van hans
ik heb sophos even geblokeerd en nu deed hij het wel en ik heb nu een kladblok bestandje op me hd gezet.
Inhoud van dat bestandje:
ComboFix 08-12-18.03 - Hans Klopper 2008-12-20 14:43:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1023.596
Gestart vanuit: c:\documents and settings\Hans Klopper\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hans Klopper\Application Data\inst.exe
c:\documents and settings\Hans Klopper\Bureaublad\Videos.url
c:\documents and settings\Hans Klopper\Favorieten\Videos.url
c:\documents and settings\Hans Klopper\Menu Start\Programma's\Videos.url
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\smdat32m.sys
c:\windows\system32\amidcxef.dll
c:\windows\system32\apeyilim.ini
c:\windows\system32\bitcometres.dll
c:\windows\system32\bqmdoopa.dll
c:\windows\system32\egalusin.ini
c:\windows\system32\hvhbkl.dll
c:\windows\system32\kexnifex.dll
c:\windows\system32\lgtrcqmr.dll
c:\windows\system32\miliyepa.dll
c:\windows\system32\nrogbg.dll
c:\windows\system32\omujajek.ini
c:\windows\system32\rmqcrtgl.ini
c:\windows\system32\timinebe.dll
c:\windows\system32\trrvjgbo.dll
c:\windows\system32\ugifodoz.ini
c:\windows\system32\UpMedia
c:\windows\system32\uyadejov.ini
c:\windows\system32\vtUonlME.dll
c:\windows\system32\xefinxek.ini
c:\windows\system32\xxywWoNe.dll
c:\windows\Tasks\ztmarqze.job
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-20 to 2008-12-20 ))))))))))))))))))))))))))))))
.
2008-12-20 14:55 . 2008-12-20 14:55 d——– C:\2379f28aa27eb768bd89ab12
2008-12-18 09:08 . 2008-12-19 22:38 dr-h—– c:\documents and settings\Hans Klopper\Onlangs geopend
2008-12-18 09:08 . 2008-12-18 09:08 d——– C:\CFLog
2008-12-16 08:15 . 2008-12-16 08:15 d——– c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-15 11:13 . 2008-12-15 11:13 d——– c:\program files\Trend Micro
2008-12-13 14:27 . 2008-12-13 14:27 d——– c:\program files\Common Files\INCA Shared
2008-12-13 14:27 . 2003-07-17 10:17 5,174 –a—— c:\windows\system32\nppt9x.vxd
2008-12-13 14:27 . 2005-01-01 01:43 4,682 –a—— c:\windows\system32\npptNT2.sys
2008-12-06 21:03 . 2008-12-06 21:35 d-a—— c:\documents and settings\All Users\Application Data\TEMP
2008-12-06 21:02 . 2008-12-18 09:06 d——– c:\program files\Clone2Go Video Converter Professional
2008-12-06 21:02 . 2008-12-12 15:56 d——– c:\documents and settings\Hans Klopper\Application Data\Clone2Go Video Converter Professional
2008-12-06 17:45 . 2008-12-06 17:45 d——– c:\program files\URUSoft
2008-12-03 08:42 . 2008-12-03 08:49 d——– c:\program files\VirtualDJ
2008-11-27 17:28 . 2008-11-29 19:29 d——– c:\program files\BitComet
2008-11-27 17:25 . 2008-11-27 17:40 d——– c:\program files\AltBinz
2008-11-25 20:49 . 2008-11-25 20:49 d——– c:\program files\PhotoFiltre
2008-11-25 18:18 . 2008-11-25 18:18 d——– c:\documents and settings\Hans Klopper\Display Pictures
2008-11-24 22:10 . 2008-11-30 22:22 d——– c:\program files\StuffPlug3
2008-11-23 16:21 . 2007-04-25 13:47 485,248 –a—— c:\windows\system32\drivers\rt2870.sys
2008-11-23 16:21 . 2008-11-23 16:21 21,419 –a—— c:\windows\system32\drivers\AegisP.sys
2008-11-23 16:20 . 2008-11-23 16:20 d——– c:\program files\Sitecom
2008-11-21 20:44 . 2008-11-21 20:44 d——– c:\program files\ImTOO
2008-11-21 20:33 . 2008-11-21 20:33 d——– c:\documents and settings\Hans Klopper\Application Data\ImTOO Software Studio
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 13:24 31 —-a-w c:\documents and settings\Hans Klopper\jagex_runescape_preferences.dat
2008-12-20 13:18 ——— d—–w c:\documents and settings\Hans Klopper\Application Data\Skype
2008-12-18 08:08 ——— d—–w c:\program files\Hitman Pro
2008-12-18 08:08 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 18:25 230,454 —-a-w C:\StiImg.dat
2008-12-16 07:18 ——— d—–w c:\program files\Common Files\Symantec Shared
2008-12-15 07:00 ——— d—–w c:\program files\SpywareBlaster
2008-12-13 16:32 ——— d—–w c:\documents and settings\Hans Klopper\Application Data\LimeWirePlus
2008-12-12 14:39 ——— d—–w c:\program files\VSO
2008-12-12 14:31 47,360 —-a-w c:\documents and settings\Hans Klopper\Application Data\pcouffin.sys
2008-12-12 14:31 ——— d—–w c:\documents and settings\Hans Klopper\Application Data\Vso
2008-12-09 06:35 ——— d—–w c:\program files\Java
2008-12-06 16:37 47,360 —-a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-27 16:41 ——— d–h–w c:\program files\InstallShield Installation Information
2008-11-27 16:22 ——— d—–w c:\program files\Unlocker
2008-11-24 21:10 ——— d—–w c:\program files\MSN Messenger
2008-11-16 18:25 ——— d—–w c:\program files\iTunes
2008-11-16 18:12 ——— d—–w c:\documents and settings\Hans Klopper\Application Data\Apple Computer
2008-11-16 18:12 ——— d—–w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 18:11 ——— d—–w c:\program files\iPod
2008-11-16 18:11 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-16 18:10 ——— d—–w c:\program files\Bonjour
2008-11-16 18:09 ——— d—–w c:\program files\QuickTime
2008-11-16 18:08 ——— d—–w c:\program files\Common Files\Apple
2008-11-16 17:59 ——— d—–w c:\program files\Apple Software Update
2008-11-16 17:58 ——— d—–w c:\documents and settings\All Users\Application Data\Apple
2008-11-16 17:16 ——— d—–w c:\documents and settings\Hans Klopper\Application Data\GeoVid
2008-11-16 17:15 ——— d—–w c:\program files\GeoVid
2008-11-16 17:15 ——— d—–w c:\program files\Common Files\GeoVid
2008-11-16 17:15 ——— d—–w c:\documents and settings\All Users\Application Data\GeoVid
2008-11-11 17:40 ——— d—–w c:\program files\Hema Album Software be-nl Advanced
2008-11-09 09:19 ——— d—–w c:\program files\Spybot - Search & Destroy
2008-11-04 07:26 ——— d—–w c:\program files\USB Disk Win98 Driver
2008-11-04 07:26 ——— d—–w c:\program files\LimeWire
2008-11-04 07:26 ——— d—–w c:\program files\AdorageI-GfxDatas
2008-11-04 07:26 ——— d—–w c:\documents and settings\Hans Klopper\Application Data\DNA
2008-11-04 07:26 ——— d—–w c:\documents and settings\Hans Klopper\Application Data\Azureus
2008-11-04 07:26 ——— d—–w c:\documents and settings\Hans Klopper\Application Data\Addax
2008-11-02 17:32 ——— d—–w c:\documents and settings\All Users\Application Data\Hema Album Software be-nl Advanced
2008-10-24 11:21 455,296 —-a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 05:57 ——— d—–w c:\program files\Microsoft Silverlight
2008-09-19 18:04 92,072 —-a-w c:\documents and settings\Hans Klopper\Application Data\GDIPFONTCACHEV1.DAT
2008-07-17 15:42 87,608 —-a-w c:\documents and settings\Hans Klopper\Application Data\ezpinst.exe
2008-06-12 20:49 57,086 —-a-w c:\documents and settings\Hans Klopper\Application Data\wklnhst.dat
2008-04-22 13:07 82 —-a-w c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2006-03-21 08:04 15,389 —-a-w c:\program files\Netsca
2008-09-16 22:12 62,612 –sha-w c:\windows\system32\besigaza.dll
2008-09-16 22:12 62,612 –sha-w c:\windows\system32\torelire.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“Skype”=“c:\program files\Skype\Phone\Skype.exe”
“NBJ”=“c:\program files\Ahead\Nero BackItUp\NBJ.exe”
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe”
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe”
“PCMService”=“c:\program files\Medion Home Cinema XL II\PowerCinema\PCMService.exe”
“PinnacleDriverCheck”=“c:\windows\system32\\PSDrvCheck.exe”
“Motive SmartBridge”=“c:\progra~1\CASEMA~1\SMARTB~1\MotiveSB.exe”
“CameraFixer”=“c:\windows\CameraFixer.exe”
“tsnpstd3”=“c:\windows\tsnpstd3.exe”
“snpstd3”=“c:\windows\vsnpstd3.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\HOMERunner.exe”
“SSBkgdUpdate”=“c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe”
“PaperPort PTD”=“c:\program files\ScanSoft\PaperPort\pptd40nt.exe”
“IndexSearch”=“c:\program files\ScanSoft\PaperPort\IndexSearch.exe”
“SetDefPrt”=“c:\program files\Brother\Brmfl05a\BrStDvPt.exe”
“ControlCenter2.0”=“c:\program files\Brother\ControlCenter2\brctrcen.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“Adobe Photo Downloader”=“c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“CHotkey”=“mHotkey.exe”
“ledpointer”=“CNYHKey.exe”
“PRISMSTA.EXE”=“PRISMSTA.EXE”
“nwiz”=“nwiz.exe”
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
“Picasa Media Detector”=“c:\program files\Picasa2\PicasaMediaDetector.exe”
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE
Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\WLANUtil.exe
“VIDC.MJPG”= Pvmjpg30.dll
“VIDC.PIM1”= pclepim1.dll
“MSACM.CEGSM”= mobilev.acm
“vidc.DIV3”= DivXc32.dll
“vidc.DIV4”= DivXc32f.dll
“msacm.divxa32”= DivXa32.acm
@=“service”
@=“”
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\Program Files\\LimeWire\\LimeWire.exe”=
“c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe”=
“c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe”=
“c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe”=
“c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\LimeWire Plus\\LimeWire.exe”=
“c:\\Program Files\\DNA\\btdna.exe”=
“c:\\Program Files\\SopCast\\adv\\SopAdver.exe”=
“c:\\Program Files\\SopCast\\SopCast.exe”=
“c:\\Documents and Settings\\Hans Klopper\\Bureaublad\\2142\\BF2142.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\MSN Messenger\\msnmsgr.exe”=
“c:\\Program Files\\MSN Messenger\\livecall.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\Program Files\\BitComet\\BitComet.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
“7857:TCP”= 7857:TCP:ppLive
“6779:UDP”= 6779:UDP:ppLive
“4884:TCP”= 4884:TCP:ppLive
“3638:UDP”= 3638:UDP:ppLive
“26736:TCP”= 26736:TCP:BitComet 26736 TCP
“26736:UDP”= 26736:UDP:BitComet 26736 UDP
“16108:TCP”= 16108:TCP:BitComet 16108 TCP
“16108:UDP”= 16108:UDP:BitComet 16108 UDP
“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015
“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016
“500:UDP”= 500:UDP:@xpsp2res.dll,-22017
“11043:TCP”= 11043:TCP:BitComet 11043 TCP
“11043:UDP”= 11043:UDP:BitComet 11043 UDP
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe
R2 PPPoEService;PPPoE Service;c:\progra~1\Casema\WANADO~1\app\pppoeservice.exe
R2 SAVAdminService;Sophos Anti-Virus status reporter;“c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe”
R2 SAVService;Sophos Anti-Virus;“c:\program files\Sophos\Sophos Anti-Virus\SavService.exe”
R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys
S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys
S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\DRIVERS\K320bus.sys
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\DRIVERS\K320mdfl.sys
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\DRIVERS\K320mdm.sys
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\K320mgmt.sys
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\K320obex.sys
S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\DRIVERS\ntspppoe.sys
S3 NTSVPN;Efficient Networks Enternet VPN LAN Miniport Driver;c:\windows\system32\DRIVERS\ntsvpn.sys
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\DRIVERS\PhTVTune.sys
S3 RAWESR;RAWESR;\??\c:\progra~1\Casema\WANADO~1\app\RAWESR.SYS
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys
\Shell\AutoRun\command - O:\LaunchU3.exe
.
Inhoud van de ‘Gedeelde Taken’ map
2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{15a1e0eb-173c-4d2c-bd0b-825ad5fcd9c1} - (no file)
BHO-{a7e6881a-95d0-4ac2-a75e-a18572274546} - c:\windows\system32\nrogbg.dll
BHO-{C5198CD9-CD18-4112-AD22-2FB9CABB7C38} - (no file)
BHO-{CABE92F2-CA51-4231-B8DC-6E8FCC6DF8A4} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Octoshape Streaming Services - c:\documents and settings\Hans Klopper\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
HKLM-Run-CPMa308084b - c:\windows\system32\mefirabi.dll
Notify-WRNotifier - (no file)
Notify-xxywWoNe - (no file)
.
——- Bijkomende Scan ——-
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.startpagina.nl/
uSearch Bar = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to AMV Convert Tool… - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
O16 -: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 14:55:34
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
c:\windows\system32\MRT.exe 17593280 bytes executable
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘winlogon.exe’(680)
c:\windows\system32\Ati2evxx.dll
.
———————— Andere Aktieve Processen ————————
.
c:\norman\npm\bin\elogsvc.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Voltooingstijd: 2008-12-20 15:10:44 - machine werd herstart
ComboFix-quarantined-files.txt 2008-12-20 14:09:25
Pre-Run: 15.369.887.744 bytes beschikbaar
Post-Run: 15,224,356,864 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /fastdetect /NoExecute=OptIn
316 — E O F — 2008-12-20 14:08:04
Is dit goed of moet hij nog een keertje lopen?
groetjes
