System Security...virus

• 

  Wendy

  05-01-2009 19:41

  Hoi hoi,

  Ik heb hetzelfde probleem met het programma “virus” system security op mijn pc en als ik combofix download en draai op mijn pc geeft de Combofix het onderstaande aan. Wat te doen nu?

  Ik hoop dat iemand mij hermee kan helpen….

  Alvast bedankt

  Groeten Wendy

  ComboFix 09-01-05.02 - Jurgen 2009-01-05 18:28:26.2 - NTFSx86

  Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1535.986

  Gestart vanuit: c:\documents and settings\Jurgen\Bureaublad\ComboFix.exe

  .

  (((((((((((((((((((( Bestanden Gemaakt van 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))))

  .

  2009-01-05 16:16 . 2009-01-05 17:43 dr-h—– c:\documents and settings\Jurgen\Onlangs geopend

  2009-01-05 16:00 . 2009-01-05 16:00 d——– c:\documents and settings\All Users\Application Data\203252215

  2009-01-05 11:56 . 2009-01-05 15:51 dr-h—– c:\documents and settings\Wendy\Onlangs geopend

  2008-12-31 17:21 . 2008-12-31 17:21 664 –a—— c:\windows\system32\d3d9caps.dat

  2008-12-31 15:08 . 2008-12-31 15:28 8 –a—— c:\windows\system32\nvModes.dat

  2008-12-31 14:44 . 2008-12-31 14:44 489 –a—— c:\windows\system\Cmicnfg.ini

  2008-12-29 20:25 . 2009-01-05 16:06 d——– c:\program files\C3Basic

  2008-12-29 20:25 . 2003-04-18 16:29 44,544 –a—— c:\windows\system32\msxml4a.dll

  2008-12-29 20:06 . 2008-12-29 20:06 112,221 –a—— C:\clubdjpro.mp3

  2008-12-29 11:24 . 2008-12-29 11:24 244 –ah—– C:\sqmnoopt06.sqm

  2008-12-29 11:24 . 2008-12-29 11:24 232 –ah—– C:\sqmdata06.sqm

  2008-12-21 17:07 . 2008-12-21 17:53 d——– c:\documents and settings\Jurgen\Application Data\Mp3tag

  2008-12-21 16:34 . 2008-12-21 16:56 d——– c:\program files\MP3Gain

  2008-12-21 16:04 . 2008-12-21 16:04 d——– c:\documents and settings\All Users\Application Data\nView_Profiles

  2008-12-21 15:43 . 2008-12-21 15:43 d——– c:\documents and settings\All Users\Application Data\NVIDIA

  2008-12-17 11:43 . 2008-12-17 11:43 dr——- c:\documents and settings\LocalService\Mijn documenten

  2008-12-16 19:11 . 2008-12-16 19:11 d——– c:\program files\Alcohol Soft

  2008-12-16 19:11 . 2004-04-30 09:37 160,640 –a—— c:\windows\system32\drivers\a347bus.sys

  2008-12-16 19:11 . 2004-04-30 09:33 5,248 –a—— c:\windows\system32\drivers\a347scsi.sys

  2008-12-16 18:57 . 2008-12-16 18:57 245,760 ——— c:\windows\Setup1.exe

  2008-12-16 18:57 . 2008-12-16 18:57 73,216 –a—— c:\windows\ST6UNST.EXE

  2008-12-16 18:53 . 2008-12-16 18:53 d——– c:\program files\Amazon DVD Shrinker

  2008-12-16 18:52 . 2008-12-16 18:52 d——– c:\program files\Mp3tag

  2008-12-15 22:06 . 2008-12-15 22:06 d——– c:\documents and settings\Jurgen\Application Data\PC Suite

  2008-12-15 20:49 . 2008-12-15 20:49 d——– c:\program files\GrabIt

  2008-12-15 18:03 . 2008-12-15 18:04 d——– c:\documents and settings\Wendy\Application Data\PC Suite

  2008-12-15 18:03 . 2008-12-15 18:04 d——– c:\documents and settings\Wendy\Application Data\Nokia

  2008-12-15 18:03 . 2008-12-15 18:04 d——– c:\documents and settings\All Users\Application Data\PC Suite

  2008-12-15 18:02 . 2008-12-15 18:02 d——– c:\program files\Common Files\PCSuite

  2008-12-15 18:02 . 2008-12-15 18:02 d——– c:\program files\Common Files\Nokia

  2008-12-15 18:01 . 2008-12-15 18:01 d——– c:\program files\PC Connectivity Solution

  2008-12-15 18:01 . 2008-12-15 18:02 d——– c:\program files\Nokia

  2008-12-15 18:01 . 2008-12-15 18:01 d——– c:\program files\DIFX

  2008-12-15 18:01 . 2008-05-07 07:38 90,624 –a—— c:\windows\system32\nmwcdcls.dll

  2008-12-15 18:01 . 2007-09-17 15:53 21,632 –a—— c:\windows\system32\drivers\pccsmcfd.sys

  2008-12-15 18:00 . 2008-12-15 18:00 d——– c:\documents and settings\All Users\Application Data\Installations

  2008-12-13 14:49 . 2008-12-13 14:51 d——– c:\program files\ClubDJ Pro

  2008-12-13 14:49 . 1999-03-24 00:06 1,046,288 –a—— c:\windows\system32\msjet35.dll

  2008-12-13 14:49 . 1996-11-08 00:48 368,912 –a—— c:\windows\system32\vbar332.dll

  2008-12-13 14:49 . 1998-06-17 23:00 89,360 –a—— c:\windows\system32\Vb5db.dll

  2008-12-13 14:49 . 1997-01-12 23:00 37,136 –a—— c:\windows\system32\MSJINT35.DLL

  2008-12-13 14:49 . 1996-12-02 17:44 24,336 –a—— c:\windows\system32\MSJTER35.DLL

  2008-12-10 10:59 . 2008-12-10 11:05 d——– c:\program files\Yahoo!

  2008-12-10 10:59 . 2008-12-10 11:00 d——– c:\program files\CCleaner

  2008-12-07 18:40 . 2008-12-07 18:40 244 –ah—– C:\sqmnoopt05.sqm

  2008-12-07 18:40 . 2008-12-07 18:40 232 –ah—– C:\sqmdata05.sqm

  2008-12-07 18:30 . 2008-12-07 18:30 244 –ah—– C:\sqmnoopt04.sqm

  2008-12-07 18:30 . 2008-12-07 18:30 232 –ah—– C:\sqmdata04.sqm

  .

  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  2009-01-05 17:06 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP

  2009-01-05 16:44 17,408 —-a-w c:\windows\system32\drivers\USBCRFT.SYS

  2009-01-05 16:32 ——— d—–w c:\program files\Spyware Doctor

  2008-12-31 23:48 ——— d—–w c:\documents and settings\Jurgen\Application Data\dvdcss

  2008-12-30 13:53 ——— d—–w c:\documents and settings\Jurgen\Application Data\GrabIt

  2008-12-18 10:09 ——— d—–w c:\program files\Java

  2008-12-16 17:55 2,572 —-a-w c:\windows\WINDVDBOOTRECDOE.sys

  2008-12-02 18:29 ——— d—–w c:\documents and settings\Wendy\Application Data\LimeWirePlus

  2008-11-25 15:34 ——— d—–w c:\program files\LimeWire Plus

  2008-11-25 15:34 ——— d—–w c:\documents and settings\Jurgen\Application Data\LimeWirePlus

  2008-11-20 20:54 ——— d—–w c:\program files\Common Files\Adobe

  2008-11-17 19:44 ——— d—–w c:\program files\Windows Media Connect 2

  2008-11-16 15:28 ——— d—–w c:\documents and settings\Jurgen\Application Data\vlc

  2008-11-14 15:41 ——— d—–w c:\program files\QWARE

  2008-11-13 10:24 ——— d—–w c:\documents and settings\Wendy\Application Data\Nero

  2008-11-13 08:01 ——— d—–w c:\documents and settings\Jurgen\Application Data\Nero

  2008-11-13 07:55 ——— d—–w c:\program files\Common Files\Nero

  2008-11-13 07:51 ——— d—–w c:\program files\Nero

  2008-11-13 07:51 ——— d—–w c:\documents and settings\All Users\Application Data\Nero

  2008-11-12 17:15 ——— d—–w c:\program files\VideoLAN

  2008-11-11 19:52 ——— d—–w c:\program files\FTDv3.8

  2008-11-10 06:42 ——— d—–w c:\program files\MSXML 4.0

  2008-11-10 04:43 410,984 —-a-w c:\windows\system32\deploytk.dll

  2008-11-09 10:29 ——— d—–w c:\program files\HP

  2008-11-09 10:29 ——— d—–w c:\program files\Hewlett-Packard

  2008-11-09 10:28 ——— d—–w c:\documents and settings\All Users\Application Data\HP Product Assistant

  2008-11-09 10:21 ——— d—–w c:\program files\LimewirePlus

  2008-11-09 10:07 ——— d—–w c:\documents and settings\All Users\Application Data\HP

  2008-11-09 10:05 ——— d—–w c:\program files\Common Files\HP

  2008-11-09 10:00 ——— d—–w c:\program files\Common Files\Hewlett-Packard

  2008-11-09 09:41 ——— d—–w c:\program files\Windows Live

  2008-11-09 09:36 ——— d—–w c:\program files\MSECache

  2008-11-09 08:39 ——— d—–w c:\program files\Microsoft.NET

  2008-11-09 08:39 ——— d—–w c:\program files\Microsoft ActiveSync

  2008-11-09 08:22 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller

  2008-11-09 08:19 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller

  2008-11-09 08:04 ——— d–h–w c:\program files\InstallShield Installation Information

  2008-11-09 07:58 19,915 —-a-w c:\windows\system32\drivers\AegisP.sys

  2008-11-09 07:57 ——— d—–w c:\documents and settings\All Users\Application Data\Bluetooth

  2008-11-09 07:55 ——— d—–w c:\program files\USB Wireless Keyboard Driver

  2008-11-09 07:52 ——— d—–w c:\program files\IVT Corporation

  2008-11-09 07:40 938,200 —-a-w c:\program files\chpintel_inf7x.exe

  2008-11-09 07:39 26,664,064 —-a-w c:\program files\bt_ms6869winxp.exe

  2008-11-08 22:04 ——— d—–w c:\program files\Common Files\PC Tools

  2008-11-08 22:04 ——— d—–w c:\documents and settings\All Users\Application Data\PC Tools

  2008-11-08 22:03 160,792 —-a-w c:\windows\system32\drivers\pctfw2.sys

  2008-11-08 21:57 ——— d—–w c:\documents and settings\Jurgen\Application Data\PC Tools

  2008-11-08 21:51 ——— d—–w c:\program files\X10 Hardware

  2008-11-08 21:51 ——— d—–w c:\program files\Common Files\X10

  2008-11-08 21:50 ——— d—–w c:\program files\Intel

  2008-11-08 21:39 ——— d—–w c:\program files\RALINK

  2008-11-08 21:39 ——— d—–w c:\program files\Common Files\InstallShield

  2008-11-08 21:34 ——— d—–w c:\program files\microsoft frontpage

  2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll

  2008-10-16 20:33 826,368 —-a-w c:\windows\system32\wininet.dll

  2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll

  2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll

  2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll

  2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll

  2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll

  2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe

  2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll

  2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll

  2008-10-16 13:06 268,648 —-a-w c:\windows\system32\mucltui.dll

  2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll

  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  REGEDIT4

  “CTFMON.EXE”=“c:\windows\system32\ctfmon.exe”

  “IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe”

  “NvCplDaemon”=“c:\windows\system32\NvCpl.dll”

  “ISTray”=“c:\program files\Spyware Doctor\pctsTray.exe”

  “HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”

  “NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe”

  “NBKeyScan”=“c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

  “LWBMOUSE”=“c:\program files\QWARE\Wheel Mouse\Ver.5.3\MOUSE32A.EXE”

  “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

  “SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”

  “NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”

  “1932103512”=“c:\documents and settings\All Users\Application Data\203252215\1932103512.exe”

  “Dit”=“Dit.exe”

  “nwiz”=“nwiz.exe”

  “Snelkoppeling naar eigenschappenvenster voor High Definition Audio”=“HDAudPropShortcut.exe”

  “CHotkey”=“mHotkey.exe”

  “ledpointer”=“CNYHKey.exe”

  “AGRSMMSG”=“AGRSMMSG.exe”

  “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”

  c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

  BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe

  HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

  Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

  Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe

  “%windir%\\system32\\sessmgr.exe”=

  “%windir%\\Network Diagnostic\\xpnetdiag.exe”=

  “c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe”=

  “c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=

  “c:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=

  “c:\\Program Files\\LimeWire Plus\\LimeWire.exe”=

  R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys

  R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys

  R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys

  R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys

  R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe

  S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS

  — Other Services/Drivers In Memory —

  eregistered* - mchInjDrv

  .

  Inhoud van de ‘Gedeelde Taken’ map

  2009-01-05 c:\windows\Tasks\HPpromotions journeysoftware.job

  - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

  .

  .

  ——- Bijkomende Scan ——-

  .

  uStart Page = hxxp://www.google.nl/

  LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net

  Rootkit scan 2009-01-05 18:30:57

  Windows 5.1.2600 Service Pack 3 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond

  verborgen bestanden: 0

  **************************************************************************

  .

  ——————— DLLs Geladen onder Lopende Processen ———————

  - - - - - - - > ‘winlogon.exe’(960)

  c:\windows\system32\gpkcsp.dll

  c:\windows\system32\gpkrsrc.dll

  - - - - - - - > ‘winlogon.exe’(2028)

  c:\windows\system32\gpkcsp.dll

  c:\windows\system32\gpkrsrc.dll

  - - - - - - - > ‘lsass.exe’(1016)

  c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

  .

  Voltooingstijd: 2009-01-05 18:32:26

  ComboFix-quarantined-files.txt 2009-01-05 17:32:17

  ComboFix2.txt 2009-01-05 17:22:39

  Pre-Run: 44.477.919.232 bytes beschikbaar

  Post-Run: 44,423,958,528 bytes beschikbaar

  207 — E O F — 2008-12-18 10:10:18

  Rapporteren
• 

  huib

  05-01-2009 20:26

  Hoi Wendy,

  Doe wat Teaser je vroeg:

  >>>En loop dan alle stappen even door die in het eerste bericht hier op de pagina staat<<<

  Deze link dus:

  http://antivirus.prikpagina.nl/read.php?f=123&i=186977&t=186977

  Helemaal uitvoeren;)

  Succes,

  Huib:)

  Rapporteren