Ga naar inhoud

Security Suite virus


Aanbevolen berichten

Gelukt

(Heb overigens combofix weer in de veilige modus moeten laten lopen want hij deed het weer niet in de normale modus)

Combofix logje:

ComboFix 10-09-24.05 - 29416 26-09-2010 14:18:14.2.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2043.1730 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator.ACERTM\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator.ACERTM\Bureaublad\CFScript.txt

AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator.ACERTM\Local Settings\Application Data\qeicjqlbk

c:\program files\AskBarDis

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-26 to 2010-09-26 ))))))))))))))))))))))))))))))

.

2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2010-09-26 09:43 . 2010-09-26 09:43 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend

2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Menu Start

2010-09-26 09:43 . 2010-09-26 09:43 -------- d-----w- c:\documents and settings\LocalService\Bureaublad

2010-09-24 21:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-12 12:38 . 2010-09-24 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-12 12:26 . 2010-09-12 12:26 388096 ----a-r- c:\documents and settings\Administrator.ACERTM\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-12 12:26 . 2010-09-12 12:26 -------- d-----w- c:\program files\Trend Micro

2010-09-12 10:29 . 2010-09-12 10:29 -------- d-sh--w- c:\windows\ftpcache

2010-09-11 20:43 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-09-11 20:43 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-09-11 20:43 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-09-11 20:43 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-09-11 20:43 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-09-11 20:43 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-26 12:12 . 2008-12-02 15:51 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\SoftGrid Client

2010-09-26 12:11 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\DNA

2010-09-26 10:37 . 2009-04-29 13:57 -------- d-----w- c:\program files\DNA

2010-09-25 10:06 . 2008-12-01 13:50 -------- d-----w- c:\program files\Launch Manager

2010-09-24 17:27 . 2009-10-12 17:30 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\Microgaming

2010-09-16 15:36 . 2008-12-19 12:16 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\U3

2010-09-12 12:17 . 2004-08-04 11:00 726566 ----a-w- c:\windows\system32\perfh013.dat

2010-09-12 12:17 . 2004-08-04 11:00 206444 ----a-w- c:\windows\system32\perfc013.dat

2010-09-12 01:57 . 2010-07-20 18:19 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-31 11:56 . 2009-04-29 13:57 -------- d-----w- c:\program files\BitTorrent

2010-08-30 17:09 . 2009-04-29 13:57 -------- d-----w- c:\documents and settings\Administrator.ACERTM\Application Data\BitTorrent

2010-08-19 15:34 . 2008-12-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-09 08:37 . 2009-01-06 08:19 -------- d-----w- c:\program files\Foxit Software

2010-08-09 08:36 . 2009-01-06 09:32 -------- d-----w- c:\program files\Google

2010-08-04 17:41 . 2010-06-29 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-08-04 13:32 . 2008-12-01 15:47 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-01 07:51 . 2010-07-01 07:51 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2A6.tmp.exe

2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-29 21:48 . 2010-06-29 21:48 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb296.tmp.exe

2010-06-28 16:12 . 2010-06-28 16:12 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb27E.tmp.exe

.

------- Sigcheck -------

[-] 2008-11-21 . D9B2AA9ADACDE33FF18A010ADF2EBF18 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-08-05 53248]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-05 16862208]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-08-05 858632]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-05 1028096]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-05 13541376]

"nwiz"="nwiz.exe" [2008-08-05 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-05 86016]

"NGClient"="c:\program files\Symantec\Ghost\ngctw32.exe" [2005-11-28 440000]

"SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-12-13 316440]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280]

"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]

Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-1-11 429096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoPublishingWizard"= 0 (0x0)

"NoWebServices"= 0 (0x0)

"NoOnlinePrintsWizard"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\0\0]

"Script"=\\edu.sintlucas.nl\NETLOGON\DiscoPrinters.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logoff\1\0]

"Script"=\\edu.sintlucas.nl\NETLOGON\llogoff.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\0]

"Script"=\\edu.sintlucas.nl\netlogon\logon_script.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\1]

"Script"=\\edu.sintlucas.nl\netlogon\connect_printer.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\0\2]

"Script"=regedit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\1\0]

"Script"=\\edu.sintlucas.nl\NETLOGON\llogin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1645522239-562591055-839522115-3611\Scripts\Logon\2\0]

"Script"=regedit.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"57349:TCP"= 57349:TCP:Pando Media Booster

"57349:UDP"= 57349:UDP:Pando Media Booster

R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\GhMon.sys [28-11-2005 18:35 6560]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 20:19 13592]

S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [28-11-2005 18:36 199264]

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [1-12-2008 17:48 152192]

S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [1-12-2008 17:48 24064]

S2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Express\Client\EQSharedEngine.exe [19-2-2007 16:44 1521192]

S2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [9-12-2006 20:04 128832]

S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [28-11-2005 18:36 199264]

S2 gupdate1ca701517d126cc;Google Updateservice (gupdate1ca701517d126cc);c:\program files\Google\Update\GoogleUpdate.exe [28-11-2009 12:25 133104]

S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [5-2-2010 17:28 742144]

S2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [28-11-2005 19:26 440000]

S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [11-1-2010 13:09 104488]

S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11-1-2010 13:10 93736]

S2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [13-12-2007 20:02 549912]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [28-2-2007 10:38 91008]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [20-11-2008 13:50 80784]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 14:49 227232]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1-12-2008 15:22 39072]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [11-1-2010 13:09 23928]

S3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftFSXP.sys [13-12-2007 20:02 565784]

S3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplayxp.sys [13-12-2007 20:01 149144]

S3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftVolXP.sys [13-12-2007 20:01 15896]

S3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [13-12-2007 20:02 205848]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [1-12-2008 17:52 14976]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]

2008-06-02 08:32 81920 ----a-w- c:\windows\system32\aetsprov.dll

.

Inhoud van de 'Gedeelde Taken' map

2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 10:25]

2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-09-25 c:\windows\Tasks\New scan.job

- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-01-11 11:08]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR

IE: Add to Windows &Live Favorites - Welcome to Windows Live

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll

DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://cas.edu.sintlucas.nl/auth/taweb.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab

DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://cas.edu.sintlucas.nl/auth/CCALogin.CAB

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-26 14:21

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]

"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-329068152-220523388-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,61,ee,4c,ad,73,02,4a,ad,15,cd,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(824)

c:\windows\system32\aetgina1.dll

.

Voltooingstijd: 2010-09-26 14:22:35

ComboFix-quarantined-files.txt 2010-09-26 12:22

ComboFix2.txt 2010-09-26 10:42

Pre-Run: 24.227.610.624 bytes beschikbaar

Post-Run: 24.272.211.968 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D5332A0E7E44F3E9FA20F171435D6859

HiJack logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:24:14, on 26-9-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [softGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

O4 - Global Startup: Sophos AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.bio.uu.nl/~cpio/modules/awswaxd.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://cas.edu.sintlucas.nl/auth/taweb.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228218961597

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://cas.edu.sintlucas.nl/auth/CCALogin.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl

O17 - HKLM\Software\..\Telephony: DomainName = edu.sintlucas.nl

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = edu.sintlucas.nl

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Express\Client\EQSharedEngine.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate1ca701517d126cc) (gupdate1ca701517d126cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe

O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe

O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe

O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--

End of file - 10450 bytes

Link naar reactie
Delen op andere sites

  • Reacties 23
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

IK had voor combofix al geen meldingen meer maar die askdisbar (ofzoiets) die kon ik steeds niet vinden om te verwijderen dus ik neem aan dat die nu wel verwijderd is :)

Moet ik nu nog meer dingen doen?

(combofix ed. verwijderen?)

In ieder geval al heel erg bedankt!

Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.