"Dé grootste en gratis computerhelpdesk van Nederland"
rundll32.exe
- Onderwerp starter gerharda
- Startdatum
- Status
- Lid geworden
- 8 dec 2008
- Berichten
- 16.496
Kijk ff hier: http://www.helpmij.nl/forum/showthread.php?t=389661
http://www.leerwiki.nl/Wat_is_Combofix hier ook
http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden van deze site kun je combofix downloaden,lees wel goed de handleiding!
Dat wat je schrijft over die quad registry cleaner snap ik niet goed,daar heb ik je niet naartoe gestuurd, ik had je toch gelinkt naar de Symantec-site voor de verwijderingstool(FixSirc.com MS-Dos toepassing 74kb)? Die worden normaliter gratis beschikbaar gesteld (ik heb de fix zelf ook gedownload) en dan wordt er nooit een registry cleaner aangesmeerd.
In de laatste link van mijn vorige thread kun je in #4 rundll32.zip downloaden,dat heb ik n.l. zelf ook gedaan.
Je kunt ook Mbam draaien,downloaden via de link in mijn handtekening.
http://www.leerwiki.nl/Wat_is_Combofix hier ook
http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden van deze site kun je combofix downloaden,lees wel goed de handleiding!
Dat wat je schrijft over die quad registry cleaner snap ik niet goed,daar heb ik je niet naartoe gestuurd, ik had je toch gelinkt naar de Symantec-site voor de verwijderingstool(FixSirc.com MS-Dos toepassing 74kb)? Die worden normaliter gratis beschikbaar gesteld (ik heb de fix zelf ook gedownload) en dan wordt er nooit een registry cleaner aangesmeerd.
In de laatste link van mijn vorige thread kun je in #4 rundll32.zip downloaden,dat heb ik n.l. zelf ook gedaan.
Je kunt ook Mbam draaien,downloaden via de link in mijn handtekening.
Laatst bewerkt:
re
ComboFix 09-06-09.06 - Eigenaar 10-06-2009 21:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.703.354 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Eigenaar\Application Data\inst.exe
c:\documents and settings\Eigenaar\Application Data\QUAD Backups
c:\documents and settings\Eigenaar\Application Data\QUAD Backups\06.09.2009,21-50-29\HKEY_CLASSES_ROOT.reg
c:\documents and settings\Eigenaar\Application Data\QUAD Backups\06.09.2009,21-50-29\HKEY_CURRENT_USER.reg
c:\documents and settings\Eigenaar\Bureaublad\QUAD Registry Cleaner.lnk
c:\documents and settings\Eigenaar\Menu Start\Programma's\QUAD Utilities
c:\documents and settings\Eigenaar\Menu Start\Programma's\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\documents and settings\Eigenaar\Menu Start\Programma's\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\documents and settings\Eigenaar\Menu Start\Programma's\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\program files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))))
.
2009-06-10 01:01 . 2009-06-10 01:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-09 23:39 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 23:39 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 20:55 . 2009-06-09 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups
2009-06-08 17:11 . 2005-12-29 20:26 5376 ----a-w- c:\windows\system32\antiwpa.dll
2009-06-08 15:31 . 2009-06-08 15:31 -------- d-----w- C:\$WIN_NT$.~BT
2009-06-08 14:12 . 2009-06-08 14:12 -------- d-----w- c:\windows\system32\SeaPort
2009-06-08 12:48 . 2009-06-08 12:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-08 12:29 . 2008-04-14 20:32 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-08 10:36 . 2009-06-08 10:39 -------- d-----w- C:\Drivers Backup
2009-06-08 10:29 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-06-08 10:29 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-06-08 10:29 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-06-08 10:29 . 2009-06-08 10:42 -------- d-----w- c:\program files\Driver Magician
2009-06-08 09:45 . 2009-06-08 09:45 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Desktopicon
2009-06-08 09:45 . 2009-06-08 10:49 -------- d-----w- c:\program files\Unlocker
2009-06-06 11:39 . 2009-06-06 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-05 11:56 . 2009-06-05 11:56 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2009-06-05 11:55 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 11:55 . 2009-06-05 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 11:55 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 11:55 . 2009-06-05 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 16:05 . 2009-06-09 20:58 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2009-06-01 06:58 . 2009-06-01 06:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-01 06:51 . 2009-06-01 06:51 -------- d-sh--w- c:\documents and settings\Eigenaar\PrivacIE
2009-06-01 06:43 . 2009-06-01 06:43 -------- d-sh--w- c:\documents and settings\Eigenaar\IETldCache
2009-06-01 06:27 . 2009-06-10 01:08 -------- d-----w- c:\windows\ie8updates
2009-06-01 06:24 . 2009-06-01 06:24 -------- d-----w- c:\windows\ieakcust
2009-06-01 06:24 . 2009-06-01 06:28 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-01 06:21 . 2009-06-01 06:24 -------- dc-h--w- c:\windows\ie8
2009-06-01 06:19 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-01 05:05 . 2009-06-05 09:39 -------- d-----w- c:\program files\RegVac Registry Cleaner
2009-05-27 18:18 . 2009-05-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Genie-Soft
2009-05-27 18:13 . 2009-05-27 18:13 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Genie-Soft
2009-05-11 19:47 . 2009-05-11 19:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-05-11 19:46 . 2009-05-11 19:48 -------- d-----w- c:\documents and settings\Eigenaar\.housecall6.6
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 19:25 . 2008-09-24 13:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-10 19:25 . 2008-04-14 19:27 -------- d-----w- c:\program files\Spyware Doctor
2009-06-10 19:24 . 2007-10-17 13:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 05:19 . 2009-01-28 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-06-10 01:09 . 2007-10-17 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 21:09 . 2007-10-17 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-08 17:37 . 2008-02-07 17:06 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\CopyToDvd
2009-06-08 17:37 . 2008-02-06 21:06 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Vso
2009-06-05 15:13 . 2007-11-22 18:34 -------- d-----w- c:\program files\Common Files\SchijfBewaker
2009-06-04 10:00 . 2008-02-04 12:12 16 ----a-w- c:\windows\popcinfo.dat
2009-05-15 09:41 . 2009-03-10 20:01 317104 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-13 05:06 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 18:50 . 2009-05-11 18:50 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\IObit
2009-05-11 18:39 . 2009-05-11 18:39 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\licenses
2009-05-11 18:39 . 2009-05-11 18:39 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\PCMM2009
2009-05-11 16:24 . 2009-05-06 16:47 -------- d-----w- c:\program files\Can You See What I See - NL
2009-05-11 16:24 . 2009-05-06 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-05-11 16:22 . 2008-12-01 13:06 -------- d-----w- c:\program files\HOTALBUMMyBOX
2009-05-11 16:22 . 2009-05-11 11:55 -------- d-----w- c:\program files\PHPNukeDU
2009-05-11 13:56 . 2009-05-11 13:56 -------- d-----w- c:\program files\Lavalys
2009-05-08 12:29 . 2009-05-08 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFish
2009-05-08 12:28 . 2009-05-08 12:28 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\BigFish
2009-05-07 15:34 . 2004-08-04 12:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 16:41 . 2009-05-06 16:41 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\PlayFirst
2009-05-06 16:21 . 2009-05-06 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MonteCristo
2009-05-03 07:32 . 2009-05-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-05-02 07:53 . 2007-11-12 15:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-02 07:48 . 2009-05-02 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-04-28 11:38 . 2009-01-18 20:07 -------- d-----w- c:\program files\LimeWireTurbo
2009-04-26 12:08 . 2009-04-26 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-04-20 16:31 . 2009-01-04 14:26 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\cerasus.media
2009-04-19 19:51 . 2004-08-04 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 05:27 . 2004-08-04 12:00 87488 ----a-w- c:\windows\system32\perfc013.dat
2009-04-17 05:27 . 2004-08-04 12:00 502412 ----a-w- c:\windows\system32\perfh013.dat
2009-04-15 14:55 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 19:20 . 2009-04-01 19:20 62009 ----a-w- c:\windows\system32\wpfb_vtdisp.dll
2009-03-29 20:40 . 2009-03-29 20:40 4 ----a-w- c:\windows\sbsystem.dat
2009-03-12 19:42 . 2007-10-13 10:34 69920 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-05-18 17:01 . 2008-05-18 17:01 32545464 ----a-w- c:\program files\Nokia_PC_Suite_rel_6_86_9_3_dut_web.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 12:12 1164600 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2007-11-30 915096]
YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2007-6-11 79488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWireTurbo\\LimeWireTurbo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6881:TCP"= 6881:TCP:192.168.2.178/255.255.255.255:Enabled:azureus
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [28-1-2009 11:59 15172]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3-4-2008 12:52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3-4-2008 12:52 20560]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [1-4-2009 21:19 90112]
R4 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys --> c:\windows\system32\drivers\pctfw2.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6-2-2009 19:08 533360]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [28-1-2009 23:45 30272]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-17 19:07]
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
HKCU-Run-QUAD Windows service - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
HKCU-Run-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 21:34
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-343818398-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9627700A-A5A9-1A4D-824F-C811FCCB92B1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjpemdngnlfecdmfjaghlmiepdbcmmhlb"=hex:61,61,00,00
"bbjpemdngnlfecdmfjbgelanimlkagajecem"=hex:61,61,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\Programmable]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\TypeLib]
@DACL=(02 0000)
@="{5F226421-415D-408D-9A09-0DCD94E25B48}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\VersionIndependentProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\antiwpa.dll
- - - - - - - > 'lsass.exe'(696)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Voltooingstijd: 2009-06-10 21:37
ComboFix-quarantined-files.txt 2009-06-10 19:37
Pre-Run: 31.453.401.088 bytes beschikbaar
Post-Run: 31.966.343.168 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Windows Setup"
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
249 --- E O F --- 2009-06-10 01:09
Hallo heb bovenstaande allemaal gedaan en hier is mijn combofix log.
Er is helaas nog niets veranderd en bij die symantec scan heeft ie geen worms o.i.d gevonden.
Had de bijlage gezelezen van combofix wat ik moest doen.
Nou de pc doet het nog alleen die rundll.exe nog steeds niet weet het ook niet meer.
Hoor wel weer van u
Gr
ComboFix 09-06-09.06 - Eigenaar 10-06-2009 21:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.703.354 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Eigenaar\Application Data\inst.exe
c:\documents and settings\Eigenaar\Application Data\QUAD Backups
c:\documents and settings\Eigenaar\Application Data\QUAD Backups\06.09.2009,21-50-29\HKEY_CLASSES_ROOT.reg
c:\documents and settings\Eigenaar\Application Data\QUAD Backups\06.09.2009,21-50-29\HKEY_CURRENT_USER.reg
c:\documents and settings\Eigenaar\Bureaublad\QUAD Registry Cleaner.lnk
c:\documents and settings\Eigenaar\Menu Start\Programma's\QUAD Utilities
c:\documents and settings\Eigenaar\Menu Start\Programma's\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\documents and settings\Eigenaar\Menu Start\Programma's\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\documents and settings\Eigenaar\Menu Start\Programma's\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\program files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))))
.
2009-06-10 01:01 . 2009-06-10 01:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-09 23:39 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 23:39 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 20:55 . 2009-06-09 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups
2009-06-08 17:11 . 2005-12-29 20:26 5376 ----a-w- c:\windows\system32\antiwpa.dll
2009-06-08 15:31 . 2009-06-08 15:31 -------- d-----w- C:\$WIN_NT$.~BT
2009-06-08 14:12 . 2009-06-08 14:12 -------- d-----w- c:\windows\system32\SeaPort
2009-06-08 12:48 . 2009-06-08 12:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-08 12:29 . 2008-04-14 20:32 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-08 10:36 . 2009-06-08 10:39 -------- d-----w- C:\Drivers Backup
2009-06-08 10:29 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-06-08 10:29 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-06-08 10:29 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-06-08 10:29 . 2009-06-08 10:42 -------- d-----w- c:\program files\Driver Magician
2009-06-08 09:45 . 2009-06-08 09:45 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Desktopicon
2009-06-08 09:45 . 2009-06-08 10:49 -------- d-----w- c:\program files\Unlocker
2009-06-06 11:39 . 2009-06-06 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-05 11:56 . 2009-06-05 11:56 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2009-06-05 11:55 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 11:55 . 2009-06-05 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 11:55 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 11:55 . 2009-06-05 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 16:05 . 2009-06-09 20:58 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2009-06-01 06:58 . 2009-06-01 06:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-01 06:51 . 2009-06-01 06:51 -------- d-sh--w- c:\documents and settings\Eigenaar\PrivacIE
2009-06-01 06:43 . 2009-06-01 06:43 -------- d-sh--w- c:\documents and settings\Eigenaar\IETldCache
2009-06-01 06:27 . 2009-06-10 01:08 -------- d-----w- c:\windows\ie8updates
2009-06-01 06:24 . 2009-06-01 06:24 -------- d-----w- c:\windows\ieakcust
2009-06-01 06:24 . 2009-06-01 06:28 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-01 06:21 . 2009-06-01 06:24 -------- dc-h--w- c:\windows\ie8
2009-06-01 06:19 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-01 05:05 . 2009-06-05 09:39 -------- d-----w- c:\program files\RegVac Registry Cleaner
2009-05-27 18:18 . 2009-05-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Genie-Soft
2009-05-27 18:13 . 2009-05-27 18:13 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Genie-Soft
2009-05-11 19:47 . 2009-05-11 19:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-05-11 19:46 . 2009-05-11 19:48 -------- d-----w- c:\documents and settings\Eigenaar\.housecall6.6
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 19:25 . 2008-09-24 13:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-10 19:25 . 2008-04-14 19:27 -------- d-----w- c:\program files\Spyware Doctor
2009-06-10 19:24 . 2007-10-17 13:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 05:19 . 2009-01-28 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-06-10 01:09 . 2007-10-17 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 21:09 . 2007-10-17 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-08 17:37 . 2008-02-07 17:06 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\CopyToDvd
2009-06-08 17:37 . 2008-02-06 21:06 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Vso
2009-06-05 15:13 . 2007-11-22 18:34 -------- d-----w- c:\program files\Common Files\SchijfBewaker
2009-06-04 10:00 . 2008-02-04 12:12 16 ----a-w- c:\windows\popcinfo.dat
2009-05-15 09:41 . 2009-03-10 20:01 317104 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-13 05:06 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 18:50 . 2009-05-11 18:50 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\IObit
2009-05-11 18:39 . 2009-05-11 18:39 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\licenses
2009-05-11 18:39 . 2009-05-11 18:39 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\PCMM2009
2009-05-11 16:24 . 2009-05-06 16:47 -------- d-----w- c:\program files\Can You See What I See - NL
2009-05-11 16:24 . 2009-05-06 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-05-11 16:22 . 2008-12-01 13:06 -------- d-----w- c:\program files\HOTALBUMMyBOX
2009-05-11 16:22 . 2009-05-11 11:55 -------- d-----w- c:\program files\PHPNukeDU
2009-05-11 13:56 . 2009-05-11 13:56 -------- d-----w- c:\program files\Lavalys
2009-05-08 12:29 . 2009-05-08 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFish
2009-05-08 12:28 . 2009-05-08 12:28 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\BigFish
2009-05-07 15:34 . 2004-08-04 12:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 16:41 . 2009-05-06 16:41 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\PlayFirst
2009-05-06 16:21 . 2009-05-06 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MonteCristo
2009-05-03 07:32 . 2009-05-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-05-02 07:53 . 2007-11-12 15:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-02 07:48 . 2009-05-02 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-04-28 11:38 . 2009-01-18 20:07 -------- d-----w- c:\program files\LimeWireTurbo
2009-04-26 12:08 . 2009-04-26 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-04-20 16:31 . 2009-01-04 14:26 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\cerasus.media
2009-04-19 19:51 . 2004-08-04 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 05:27 . 2004-08-04 12:00 87488 ----a-w- c:\windows\system32\perfc013.dat
2009-04-17 05:27 . 2004-08-04 12:00 502412 ----a-w- c:\windows\system32\perfh013.dat
2009-04-15 14:55 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 19:20 . 2009-04-01 19:20 62009 ----a-w- c:\windows\system32\wpfb_vtdisp.dll
2009-03-29 20:40 . 2009-03-29 20:40 4 ----a-w- c:\windows\sbsystem.dat
2009-03-12 19:42 . 2007-10-13 10:34 69920 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-05-18 17:01 . 2008-05-18 17:01 32545464 ----a-w- c:\program files\Nokia_PC_Suite_rel_6_86_9_3_dut_web.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 12:12 1164600 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2007-11-30 915096]
YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2007-6-11 79488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWireTurbo\\LimeWireTurbo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6881:TCP"= 6881:TCP:192.168.2.178/255.255.255.255:Enabled:azureus
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [28-1-2009 11:59 15172]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3-4-2008 12:52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3-4-2008 12:52 20560]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [1-4-2009 21:19 90112]
R4 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys --> c:\windows\system32\drivers\pctfw2.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6-2-2009 19:08 533360]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [28-1-2009 23:45 30272]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-17 19:07]
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
HKCU-Run-QUAD Windows service - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
HKCU-Run-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 21:34
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-343818398-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9627700A-A5A9-1A4D-824F-C811FCCB92B1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjpemdngnlfecdmfjaghlmiepdbcmmhlb"=hex:61,61,00,00
"bbjpemdngnlfecdmfjbgelanimlkagajecem"=hex:61,61,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\Programmable]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\TypeLib]
@DACL=(02 0000)
@="{5F226421-415D-408D-9A09-0DCD94E25B48}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\VersionIndependentProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\antiwpa.dll
- - - - - - - > 'lsass.exe'(696)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Voltooingstijd: 2009-06-10 21:37
ComboFix-quarantined-files.txt 2009-06-10 19:37
Pre-Run: 31.453.401.088 bytes beschikbaar
Post-Run: 31.966.343.168 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Windows Setup"
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
249 --- E O F --- 2009-06-10 01:09
Hallo heb bovenstaande allemaal gedaan en hier is mijn combofix log.
Er is helaas nog niets veranderd en bij die symantec scan heeft ie geen worms o.i.d gevonden.
Had de bijlage gezelezen van combofix wat ik moest doen.
Nou de pc doet het nog alleen die rundll.exe nog steeds niet weet het ook niet meer.
Hoor wel weer van u
Gr
Laatst bewerkt:
- Status
