Mededeling

**Steggel** · 16-03-08, 15:24

Je hebt 2 problemen op de computer.

Stap 1:Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

De 2e gaan we later doen.
Waarom is deze PC nog niet voorzien van XP SP2?

**cemmelih** · 16-03-08, 17:14

Sorry ik heb het al.
dit is het resultaat.

ComboFix 08-03-14.4 - Gungor 2008-03-16 16:04:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.579 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Gungor\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\outlook
C:\WINDOWS\BMa351b17e.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afvmfocr.ini
C:\WINDOWS\system32\byxxwxy.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\dkvmateg.dll
C:\WINDOWS\system32\drueacgo.ini
C:\WINDOWS\system32\erwxlygd.dll
C:\WINDOWS\system32\gtaeafif.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\kynuegor.ini
C:\WINDOWS\system32\mlfxosic.dll
C:\WINDOWS\system32\ogcaeurd.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\rcofmvfa.dll
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\rogeunyk.dll
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\tmnnqxmu.dll
C:\WINDOWS\system32\ulgugshp.dll
C:\WINDOWS\system32\vcebeits.dll
C:\WINDOWS\system32\vhekguua.dll
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\wrigxqng.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\ybpiuodv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\nm

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))
.

2008-03-16 15:38 . 2008-03-16 15:38 <DIR> d-------- C:\ComboFix[1]
2008-03-16 00:14 . 2008-03-16 00:14 <DIR> d-------- C:\Documents and Settings\Gungor\Application Data\Malwarebytes
2008-03-16 00:13 . 2008-03-16 00:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-03-15 23:41 . 2008-03-15 23:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-15 22:55 . 2008-03-15 23:51 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-15 22:55 . 2008-03-16 15:34 <DIR> d-------- C:\Documents and Settings\Gungor\Application Data\Spyware Terminator
2008-03-15 22:55 . 2008-03-15 23:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-03-15 22:55 . 2008-03-15 22:55 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-15 22:09 . 2008-03-15 22:09 <DIR> d---s---- C:\Documents and Settings\5174\UserData
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\Nsadmin.sfg.net\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\Nsadmin.sfg.net\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\jalema\_rpcs
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\8914\VeriSign
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\8914\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr-h----- C:\Documents and Settings\8914\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\8914\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\8914\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\8914\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\4238\VeriSign
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\4238\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr-h----- C:\Documents and Settings\4238\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\4238\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\4238\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\4238\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\2811\VeriSign
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\2811\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr-h----- C:\Documents and Settings\2811\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\2811\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\2811\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\2811\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\1778\VeriSign
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\1778\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr-h----- C:\Documents and Settings\1778\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\1778\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\1778\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\1778\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\1778\Favorieten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\1778\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\Nsadmin.sfg.net\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\Nsadmin.sfg.net\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\jalema\FrontPageTempDir
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\8914\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\8914\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\4238\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\4238\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\4091\Sjablonen
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr-h----- C:\Documents and Settings\4091\Onlangs geopend
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\4091\Netwerkprinteromgeving
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\4091\Mijn documenten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\4091\Menu Start
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\4091\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\4091\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\2811\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\2811\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\2529\VeriSign
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d---s---- C:\Documents and Settings\2529\UserData
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\2529\Sjablonen
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\2529\SapWorkDir
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr-h----- C:\Documents and Settings\2529\Onlangs geopend
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\2529\Netwerkprinteromgeving
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\2529\Menu Start
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\2529\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\2529\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\23844\VeriSign
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\23844\Sjablonen
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr-h----- C:\Documents and Settings\23844\Onlangs geopend
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\23844\Netwerkprinteromgeving
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\23844\Mijn documenten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\23844\Menu Start
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\23844\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\23844\Bureaublad
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d-------- C:\Documents and Settings\scanner\VeriSign
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d--h----- C:\Documents and Settings\scanner\Sjablonen
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr-h----- C:\Documents and Settings\scanner\Onlangs geopend
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d--h----- C:\Documents and Settings\scanner\Netwerkprinteromgeving
2008-03-15 22:05 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\scanner\Mijn documenten
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\scanner\Menu Start
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\scanner\Favorieten
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d-------- C:\Documents and Settings\scanner\Bureaublad
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d-------- C:\Documents and Settings\5174\VeriSign
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d--h----- C:\Documents and Settings\5174\Sjablonen
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr-h----- C:\Documents and Settings\5174\Onlangs geopend
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d--h----- C:\Documents and Settings\5174\Netwerkprinteromgeving
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\5174\Mijn documenten
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\5174\Menu Start
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\5174\Favorieten
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d-------- C:\Documents and Settings\5174\Bureaublad
2008-03-15 21:11 . 2008-03-15 21:11 16 --a------ C:\WINDOWS\system32\coh.cache
2008-03-15 20:36 . 2008-03-15 22:08 <DIR> d-------- C:\Program Files\Norton AntiVirus(2)
2008-03-15 20:31 . 2008-03-15 22:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec(2)
2008-03-15 19:21 . 2008-03-15 22:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-15 18:24 . 2008-03-15 22:10 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-03-15 18:06 . 2008-03-15 18:07 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-15 17:43 . 2008-03-16 00:17 77,824 --------- C:\WINDOWS\system32\kdcls.exe
2008-03-15 17:33 . 2008-03-15 23:54 <DIR> d-------- C:\Program Files\PokerRoom.com
2008-03-15 17:26 . 2008-03-15 17:26 298,496 --a------ C:\WINDOWS\system32\gebyx.dll.ren
2008-03-15 17:26 . 2008-03-15 17:26 63 --a------ C:\WINDOWS\system32\a062906c

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 18:13 --------- d-----w C:\Documents and Settings\Gungor\Application Data\LimeWirePlus
2008-03-14 18:55 --------- d-----w C:\Program Files\Absolute Poker
2008-02-22 22:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-18 22:45 --------- d-----w C:\Documents and Settings\Gungor\Application Data\Microgaming
2008-02-10 13:43 --------- d-----w C:\Documents and Settings\Gungor\Application Data\vlc
2008-02-10 13:40 --------- d-----w C:\Program Files\VideoLAN
2008-01-28 22:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 22:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-26 22:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-25 18:45 --------- d-----w C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Application Data\LimeWirePlus
2008-01-25 18:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-25 18:30 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 18:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 16:51 --------- d-----w C:\Program Files\Universal
2008-01-25 15:01 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-24 18:58 --------- d-----w C:\Program Files\SopCast
2008-01-24 16:31 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-01-24 15:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\T6
2008-01-23 16:41 --------- d-----w C:\Program Files\DVDVideoSoft
2008-01-20 22:06 --------- d-----w C:\Program Files\Java
2008-01-20 22:04 --------- d-----w C:\Program Files\Common Files\Java
2008-01-18 13:24 --------- d-----w C:\Program Files\MSN Messenger
2008-01-17 17:07 --------- d-----w C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Application Data\Microsoft Web Folders
2007-02-02 10:20 658 ------w C:\Documents and Settings\All Users\I-FourCServerActivation.bin
2004-07-10 10:05 40,960 ----a-w C:\Program Files\ZDWlan.dll
2004-07-10 10:05 393,216 ----a-w C:\Program Files\ZDWlan.exe
2004-06-29 12:14 196,608 ----a-w C:\Program Files\dot1x_dll.dll
2004-06-16 10:31 23,649 ----a-w C:\Program Files\ZDMLa.INI
2004-06-16 10:28 45,116 ----a-w C:\Program Files\ZDMLu.INI
2004-05-21 14:42 229,376 ----a-w C:\Program Files\ZDBRGAPP.EXE
2004-05-11 09:18 1,091 ----a-w C:\Program Files\ZDWlan.INI
2004-03-05 14:01 253,952 ----a-w C:\Program Files\openssl.exe
2004-03-05 14:00 827,392 ----a-w C:\Program Files\libeay32.dll
2004-03-05 14:00 155,648 ----a-w C:\Program Files\ssleay32.dll
2003-04-21 13:09 245,408 ----a-w C:\Program Files\UNICOWS.DLL
2003-02-21 19:42 348,160 ----a-w C:\Program Files\msvcr71.dll
2000-04-06 19:13 995,383 ----a-w C:\Program Files\MFC42.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB16EA5-ED5D-45D7-8091-44ADAF4799BF}]
C:\WINDOWS\System32\gebyx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 13:00 13312]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-03 17:01 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-15 22:55 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 13:00 13312]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdcls.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxwxy]
byxxwxy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-03-15 22:55]
S3 s3legacy;s3legacy;C:\WINDOWS\System32\DRIVERS\s3legacy.sys [2001-08-17 22:57]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys

S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\System32\ZDBRGSYS.SYS [2004-06-30 13:54]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-15 20:03:25 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Gungor.job"
- C:\PROGRA~1\NORTON~1\Navw32.exep/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 16:08:49
Windows 5.1.2600 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\wdfmgr.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-16 16:12:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 15:12:16

**Steggel** · 16-03-08, 17:15

Dit is volgens mij de inhoud van C:\boot.ini

Is er ook nog C:\ComboFix.txt

**cemmelih** · 16-03-08, 17:20

uuh ik zou het niet weten dit kwam eruit op kladblok verder niets

**Steggel** · 16-03-08, 17:22

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\gebyx.dll.ren
C:\WINDOWS\system32\kdcls.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB16EA5-ED5D-45D7-8091-44ADAF4799BF}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=""

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxwxy]

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

**cemmelih** · 16-03-08, 17:34

dit is eruit gekomen

ComboFix 08-03-14.4 - Gungor 2008-03-16 16:25:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.566 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Gungor\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gungor\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\WINDOWS\system32\gebyx.dll.ren
C:\WINDOWS\system32\kdcls.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebyx.dll.ren
C:\WINDOWS\system32\kdcls.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))
.

2008-03-16 15:38 . 2008-03-16 15:38 <DIR> d-------- C:\ComboFix[1]
2008-03-16 00:14 . 2008-03-16 00:14 <DIR> d-------- C:\Documents and Settings\Gungor\Application Data\Malwarebytes
2008-03-16 00:13 . 2008-03-16 00:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-03-15 23:41 . 2008-03-15 23:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-15 22:55 . 2008-03-16 16:16 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-15 22:55 . 2008-03-16 16:16 <DIR> d-------- C:\Documents and Settings\Gungor\Application Data\Spyware Terminator
2008-03-15 22:55 . 2008-03-15 23:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-03-15 22:55 . 2008-03-15 22:55 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-15 22:09 . 2008-03-15 22:09 <DIR> d---s---- C:\Documents and Settings\5174\UserData
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\Nsadmin.sfg.net\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\Nsadmin.sfg.net\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\jalema\_rpcs
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\8914\VeriSign
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\8914\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr-h----- C:\Documents and Settings\8914\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\8914\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\8914\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\8914\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\4238\VeriSign
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\4238\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr-h----- C:\Documents and Settings\4238\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\4238\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\4238\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\4238\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\2811\VeriSign
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\2811\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr-h----- C:\Documents and Settings\2811\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\2811\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\2811\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\2811\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\1778\VeriSign
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\1778\Sjablonen
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr-h----- C:\Documents and Settings\1778\Onlangs geopend
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d--h----- C:\Documents and Settings\1778\Netwerkprinteromgeving
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\1778\Mijn documenten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\1778\Menu Start
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\1778\Favorieten
2008-03-15 22:07 . 2008-03-15 22:07 <DIR> d-------- C:\Documents and Settings\1778\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\Nsadmin.sfg.net\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\Nsadmin.sfg.net\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\jalema\FrontPageTempDir
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\8914\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\8914\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\4238\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\4238\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\4091\Sjablonen
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr-h----- C:\Documents and Settings\4091\Onlangs geopend
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\4091\Netwerkprinteromgeving
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\4091\Mijn documenten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\4091\Menu Start
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\4091\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\4091\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\2811\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\2811\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\2529\VeriSign
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d---s---- C:\Documents and Settings\2529\UserData
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\2529\Sjablonen
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\2529\SapWorkDir
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr-h----- C:\Documents and Settings\2529\Onlangs geopend
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\2529\Netwerkprinteromgeving
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\2529\Menu Start
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\2529\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\2529\Bureaublad
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\23844\VeriSign
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\23844\Sjablonen
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr-h----- C:\Documents and Settings\23844\Onlangs geopend
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d--h----- C:\Documents and Settings\23844\Netwerkprinteromgeving
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\23844\Mijn documenten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\23844\Menu Start
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> dr------- C:\Documents and Settings\23844\Favorieten
2008-03-15 22:06 . 2008-03-15 22:06 <DIR> d-------- C:\Documents and Settings\23844\Bureaublad
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d-------- C:\Documents and Settings\scanner\VeriSign
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d--h----- C:\Documents and Settings\scanner\Sjablonen
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr-h----- C:\Documents and Settings\scanner\Onlangs geopend
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d--h----- C:\Documents and Settings\scanner\Netwerkprinteromgeving
2008-03-15 22:05 . 2008-03-15 22:07 <DIR> dr------- C:\Documents and Settings\scanner\Mijn documenten
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\scanner\Menu Start
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\scanner\Favorieten
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d-------- C:\Documents and Settings\scanner\Bureaublad
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d-------- C:\Documents and Settings\5174\VeriSign
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d--h----- C:\Documents and Settings\5174\Sjablonen
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr-h----- C:\Documents and Settings\5174\Onlangs geopend
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d--h----- C:\Documents and Settings\5174\Netwerkprinteromgeving
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\5174\Mijn documenten
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\5174\Menu Start
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> dr------- C:\Documents and Settings\5174\Favorieten
2008-03-15 22:05 . 2008-03-15 22:05 <DIR> d-------- C:\Documents and Settings\5174\Bureaublad
2008-03-15 21:11 . 2008-03-15 21:11 16 --a------ C:\WINDOWS\system32\coh.cache
2008-03-15 20:36 . 2008-03-15 22:08 <DIR> d-------- C:\Program Files\Norton AntiVirus(2)
2008-03-15 20:31 . 2008-03-15 22:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec(2)
2008-03-15 19:21 . 2008-03-15 22:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-15 18:24 . 2008-03-15 22:10 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-03-15 18:06 . 2008-03-15 18:07 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-15 17:33 . 2008-03-15 23:54 <DIR> d-------- C:\Program Files\PokerRoom.com
2008-03-15 17:26 . 2008-03-15 17:26 63 --a------ C:\WINDOWS\system32\a062906c
2008-03-15 16:18 . 2008-03-15 16:18 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-03-15 16:18 . 2008-03-15 22:11 <DIR> d-------- C:\Program Files\Replay Media Catcher

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 18:13 --------- d-----w C:\Documents and Settings\Gungor\Application Data\LimeWirePlus
2008-03-14 18:55 --------- d-----w C:\Program Files\Absolute Poker
2008-02-22 22:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-18 22:45 --------- d-----w C:\Documents and Settings\Gungor\Application Data\Microgaming
2008-02-10 13:43 --------- d-----w C:\Documents and Settings\Gungor\Application Data\vlc
2008-02-10 13:40 --------- d-----w C:\Program Files\VideoLAN
2008-01-28 22:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 22:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-26 22:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-25 18:45 --------- d-----w C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Application Data\LimeWirePlus
2008-01-25 18:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-25 18:30 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 18:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 16:51 --------- d-----w C:\Program Files\Universal
2008-01-25 15:01 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-24 18:58 --------- d-----w C:\Program Files\SopCast
2008-01-24 16:31 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-01-24 15:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\T6
2008-01-23 16:41 --------- d-----w C:\Program Files\DVDVideoSoft
2008-01-20 22:06 --------- d-----w C:\Program Files\Java
2008-01-20 22:04 --------- d-----w C:\Program Files\Common Files\Java
2008-01-18 13:24 --------- d-----w C:\Program Files\MSN Messenger
2008-01-17 17:07 --------- d-----w C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Application Data\Microsoft Web Folders
2007-02-02 10:20 658 ------w C:\Documents and Settings\All Users\I-FourCServerActivation.bin
2004-07-10 10:05 40,960 ----a-w C:\Program Files\ZDWlan.dll
2004-07-10 10:05 393,216 ----a-w C:\Program Files\ZDWlan.exe
2004-06-29 12:14 196,608 ----a-w C:\Program Files\dot1x_dll.dll
2004-06-16 10:31 23,649 ----a-w C:\Program Files\ZDMLa.INI
2004-06-16 10:28 45,116 ----a-w C:\Program Files\ZDMLu.INI
2004-05-21 14:42 229,376 ----a-w C:\Program Files\ZDBRGAPP.EXE
2004-05-11 09:18 1,091 ----a-w C:\Program Files\ZDWlan.INI
2004-03-05 14:01 253,952 ----a-w C:\Program Files\openssl.exe
2004-03-05 14:00 827,392 ----a-w C:\Program Files\libeay32.dll
2004-03-05 14:00 155,648 ----a-w C:\Program Files\ssleay32.dll
2003-04-21 13:09 245,408 ----a-w C:\Program Files\UNICOWS.DLL
2003-02-21 19:42 348,160 ----a-w C:\Program Files\msvcr71.dll
2000-04-06 19:13 995,383 ----a-w C:\Program Files\MFC42.DLL
.

((((((((((((((((((((((((((((( [email protected]_16.11.57.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-16 14:33:26 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-16 15:08:30 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-16 14:33:26 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2008-03-16 15:08:30 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2008-03-16 14:33:26 1,425,408 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-16 15:08:30 1,425,408 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-18 15:54:50 37,896 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-16 15:14:14 37,896 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-18 15:54:50 50,702 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-03-16 15:14:15 50,702 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-01-18 15:54:50 305,454 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-16 15:14:15 305,454 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-18 15:54:50 357,894 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-03-16 15:14:15 357,894 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 13:00 13312]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-03 17:01 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 13:00 13312]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-03-15 22:55]
S3 s3legacy;s3legacy;C:\WINDOWS\System32\DRIVERS\s3legacy.sys [2001-08-17 22:57]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys

S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\System32\ZDBRGSYS.SYS [2004-06-30 13:54]

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-15 20:03:25 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Gungor.job"
- C:\PROGRA~1\NORTON~1\Navw32.exep/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 16:28:55
Windows 5.1.2600 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\wdfmgr.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-16 16:33:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 15:33:05
ComboFix2.txt 2008-03-16 15:12:33

**Steggel** · 16-03-08, 18:40

Dat ziet er goed uit.

Post nog even een nieuw log van hijackthis.
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O17 - HKLM\System\CCS\Services\Tcpip\..\{EFAA3FE3-E9EB-43EB-9115-D4950A5FC8BC}: NameServer = 85.255.114.52,85.255.112.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.52 85.255.112.129
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.52 85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.52 85.255.112.129

Klik op 'Fix checked' om de items te verwijderen.

Als je problemen hebt met de internet verbinding, voer dan het volgende uit:
Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".

Ga naar Start -> Uitvoeren en tik in "cmd"
Druk op enter.
Daarna tik je in: ipconfig /flushdns
Druk op enter.
Sluit het venster.

Post vervolgens nog een nieuw log van hijackthis.

**cemmelih** · 16-03-08, 18:40

het is gelukt . bedankt

**cemmelih** · 16-03-08, 18:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:59, on 16-3-2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4889 bytes
nieuw l;og

**Steggel** · 16-03-08, 18:54

2e probleem is nu ook opgelost.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Download Java Runtime Environment (JRE) 6u5.

Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 5".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement", en klik op Continue.
De pagina zal herladen.
Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 5 en bewaar het op je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

**cemmelih** · 16-03-08, 19:05

ok gedaan en dan?

**Steggel** · 16-03-08, 19:26

Zijn er nog problemen?

**cemmelih** · 16-03-08, 20:44

nee bedankt

**cemmelih** · 16-03-08, 20:45

waar kan ik een norton antivirus vinden? met keygen en alles erop en eraan.

Mededeling

kan niet verwijderen:S gebyx.bll ??

kan niet verwijderen:S gebyx.bll ??

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment