Ga naar inhoud

bestantivirus2011.exe


Aanbevolen berichten

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

  • Reacties 39
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

momenteel lijkt het goed te gaan, maar de pc stond de hele nacht op

ik heb de indruk dat het bij het opstarten slechtst is, nl alle programma's die geladne moetne worden rechtsonder in beeld naast de klok. en dan ook nog dat op het bureaublad de helft van de icoontjes ontbreekt (afbeeldingetje kan niet gevonden worden)

maar ik zal de pc even heropstarten en kom dan met meer nieuws...

---------- Post toegevoegd om 08:51 ---------- Vorige post was om 08:45 ----------

ik zal de combofix eerst doen vooraleer herop te starten

---------- Post toegevoegd om 08:58 ---------- Vorige post was om 08:51 ----------

enkel antivurssen tijdje uitschakelen, of ook de firewalls?

Link naar reactie
Delen op andere sites

met de combo bezig

(gister op t werk gaf iemand de tip om met systeemherstel te proberen, kan dat een oplossing zijn? enige probleem: in bureau-acc ontbreekt die functie, net als defragmentatie. let wel: dit heeft niets met dit virus te maken, want was daarvoor al eens weggeraakt)

Link naar reactie
Delen op andere sites

Log van combofix: (ter info: snelheid is nog niet helemaal ok hoor, loopt nog af en toe even vast, waarna plots alle commando's ineens uitgevoerd worden)

ComboFix 11-03-24.03 - Emperor 25/03/2011 9:39.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.268 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk

c:\program files\autorun.inf

c:\program files\Setup.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))

.

.

2011-03-24 17:37 . 2011-03-25 08:58 1409 ----a-w- c:\windows\QTFont.for

2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes

2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools

2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security

2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools

2011-03-23 17:53 . 2011-03-24 17:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr

2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software

2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe

2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe

2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe

2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe

2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe

2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe

1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe

1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL

1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL

1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE

1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856]

"Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]

"Spyware Doctor"="c:\documents and settings\Emperor\Bureaublad\sdsetup_revwire207.exe" [2011-03-23 512992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]

"nwiz"="nwiz.exe" [2005-09-22 1519616]

"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]

"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]

"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]

"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269]

"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]

"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]

"PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344]

"CHotkey"="mHotkey.exe" [2004-06-03 549376]

"ledpointer"="CNYHKey.exe" [2003-07-21 5577216]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]

"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]

"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-09-08 3730832]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\

Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152]

Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A]

LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784]

Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\NetMeeting\\Conf.exe"=

"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544]

R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]

R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928]

S0 rseb;rseb; [x]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664]

S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15]

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job

- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job

- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

HKLM-Run-SCM - c:\program files\silver crest memory adapter tools2.93\scma.exe

AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-25 09:58

Windows 5.1.2600 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2011-03-25 10:05:40

ComboFix-quarantined-files.txt 2011-03-25 09:05

.

Pre-Run: 11.879.088.128 bytes beschikbaar

Post-Run: 25.404.387.328 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 84FAC238AD86A753212A90D1F456FB47

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Driver::

rseb

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Vraagje : die Babylon-toolbar heb je die bewust geïnstalleerd ?

Link naar reactie
Delen op andere sites

Kan het zijn dat combo automatisch de pc opnieuw heeft opgestart?

Heb het in gang gezet, ben een paar uur weg geweest en ik kom terug en zie mijn inlogscherm.

Bij verder in windows opstarten komt er opnieuw een blauw combo venstertje.

Die Babylon wilde ik ooit eens gebruiken als een vertaalprogramma. Die toolbar is met het programma meegekomen. Heb het trouwens nooit gebruikt, want online oplossingen bleken veel beter vertalingen te geven.

Zou dit toolbar ook een probl kunnen zijn misschien?

Link naar reactie
Delen op andere sites

Zou die resten van Babylon toch willen verwijderen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Babylon Client"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Nog niet bezig aan bestanden van Babylon.

ondertussen 4u later en nog steeds blauwe scherm van combo met daarin: Log rapport wordt voorbereid - Start geen andere programma's tot ComboFix klaar is.

Is het normaal dat die log nog steeds niet klaar is?

(van zodra ik kan, of je opnieuw reageert, zal ik die resten van Babylon ook aanpakken)

Link naar reactie
Delen op andere sites

Combo is toch beëindigd. (had de indruk dat avast die tegenhield: was terug opgesprongen bij heropstarten. Heb die uitgezet toen ik een waarschuwing van avast voor combofix kreeg, en toen schoot combo in gang).

Hieronder de logfile (nog niet je raad over babylon opgevolgd, dat doe ik zo meteen):

ComboFix 11-03-24.03 - Emperor 25/03/2011 12:15:49.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.493 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Emperor\Bureaublad\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_rseb

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))

.

.

2011-03-24 17:37 . 2011-03-25 11:32 1409 ----a-w- c:\windows\QTFont.for

2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes

2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools

2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security

2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools

2011-03-23 17:53 . 2011-03-25 14:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr

2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software

2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe

2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe

2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe

2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe

2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe

2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe

1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe

1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL

1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL

1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE

1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-03-25_08.58.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-03-25 11:35 . 2011-03-25 11:35 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856]

"Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]

"Spyware Doctor"="c:\documents and settings\Emperor\Bureaublad\sdsetup_revwire207.exe" [2011-03-23 512992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]

"nwiz"="nwiz.exe" [2005-09-22 1519616]

"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]

"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]

"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]

"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269]

"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]

"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]

"PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344]

"CHotkey"="mHotkey.exe" [2004-06-03 549376]

"ledpointer"="CNYHKey.exe" [2003-07-21 5577216]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]

"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]

"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-09-08 3730832]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\

Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152]

Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A]

LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784]

Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\NetMeeting\\Conf.exe"=

"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544]

R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]

R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664]

S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job

- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job

- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-25 15:38

Windows 5.1.2600 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2324)

c:\windows\system32\msi.dll

c:\windows\system32\AcSignIcon.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll

c:\program files\Babylon\Babylon-Pro\Captlib.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\CA\eTrust Antivirus\InoRpc.exe

c:\program files\CA\eTrust Antivirus\InoRT.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\PC Tools Security\pctsSvc.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\windows\mHotkey.exe

c:\windows\CNYHKey.exe

c:\program files\Microsoft ActiveSync\wcescomm.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe

.

**************************************************************************

.

Voltooingstijd: 2011-03-25 22:48:56 - machine werd herstart

ComboFix-quarantined-files.txt 2011-03-25 21:48

ComboFix2.txt 2011-03-25 09:05

.

Pre-Run: 25.418.760.192 bytes beschikbaar

Post-Run: 25.122.717.696 bytes beschikbaar

.

- - End Of File - - 6CC13661BB32C76F05DCFDD31C18BDA6

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.