Ga naar inhoud

AVG waarschuwingen setup.exe - trojan horse

Skytje
 Delen

Aanbevolen berichten

Skytje Groentje

Skytje

Geplaatst:
  • Auteur
Geplaatst:

thnx het is gelukt :D

Hierbij mijn combofix logje:

ComboFix 11-06-15.02 - XXX 15-06-2011 21:31:42.1.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.2046.1254 [GMT 2:00]

Gestart vanuit: c:\documents and settings\XXX\Bureaublad\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\XXX\Application Data\Adobe\plugs

c:\documents and settings\XXX\Application Data\Adobe\shed

c:\documents and settings\XXX\Application Data\FFSJ

c:\documents and settings\XXX\Application Data\FFSJ\FFSJ.cfg

c:\documents and settings\XXX\Application Data\SQLite3.dll

c:\program files\Downloaded Installers

c:\program files\Downloaded Installers\{3574C47D-F09D-4DDA-8DBD-031D246643F5}\setup.msi

c:\windows\Install

c:\windows\system\msvcr71.dll

c:\windows\system32\autorun.ini

c:\windows\system32\tmp.tmp

c:\windows\system32\WanPacket.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))

.

.

2011-06-12 17:49 . 2011-06-12 17:49 -------- d--h--r- c:\documents and settings\XXX\Onlangs geopend

2011-06-12 17:40 . 2011-06-12 17:40 -------- d-----w- c:\program files\CCleaner

2011-06-12 13:06 . 2011-06-12 13:06 -------- d-----w- c:\program files\SUPERANTISPYWARE

2011-06-12 12:16 . 2011-06-12 12:16 -------- d-----w- C:\FOUND.005

2011-06-12 12:06 . 2011-06-12 12:06 -------- d-----w- c:\documents and settings\XXX\Application Data\SUPERAntiSpyware.com

2011-06-12 12:06 . 2011-06-12 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-08 20:37 . 2011-06-08 20:37 388096 ----a-r- c:\documents and settings\XXX\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-08 20:37 . 2011-06-08 20:37 -------- d-----w- c:\program files\Trend Micro

2011-06-07 22:48 . 2011-06-07 22:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-06-04 16:37 . 2011-06-04 16:37 -------- d-----w- C:\$AVG

2011-06-04 16:36 . 2011-06-04 16:36 -------- d-----w- c:\documents and settings\XXX\Application Data\AVG10

2011-06-04 16:34 . 2011-06-04 16:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-06-04 16:32 . 2011-06-04 16:33 -------- d-----w- c:\program files\AVG

2011-06-04 16:30 . 2011-06-04 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-04 16:05 . 2011-06-04 16:05 -------- d-----w- c:\documents and settings\XXX\Application Data\Ysyhid

2011-06-04 16:05 . 2011-06-04 16:05 -------- d-----w- c:\documents and settings\XXX\Application Data\Evfop

2011-06-03 15:24 . 2011-06-03 15:24 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-03 14:39 . 2011-06-03 14:39 -------- d-----w- c:\documents and settings\NetworkService\Menu Start

2011-06-03 14:39 . 2011-06-03 14:39 -------- d-----w- c:\documents and settings\Default User\Tracing

2011-05-28 18:01 . 2011-05-28 18:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-27 16:47 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe

2011-05-26 19:08 . 2011-05-26 19:08 -------- d-----w- C:\FOUND.004

2011-05-25 21:41 . 2011-05-25 21:41 -------- d-----w- C:\FOUND.003

2011-05-24 22:02 . 2011-05-24 22:02 -------- d-----w- C:\FOUND.002

2011-05-24 21:28 . 2011-05-24 21:29 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

2011-05-22 15:36 . 2005-10-31 16:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll

2011-05-22 15:31 . 2011-05-22 15:31 -------- d-----w- c:\windows\system32\autorun

2011-05-20 19:45 . 2011-05-20 19:45 -------- d-----w- c:\program files\Free Window Registry Repair

2011-05-20 19:04 . 2011-05-20 19:04 -------- d-----w- c:\documents and settings\XXX\Local Settings\Application Data\PackageAware

2011-05-20 18:13 . 2011-05-20 18:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer

2011-05-20 13:43 . 2011-05-20 13:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-05-19 21:51 . 2011-05-19 21:51 31864 ----a-w- C:\symlcsv1.exe

2011-05-19 21:48 . 2011-05-19 21:48 -------- d-----w- C:\FOUND.001

2011-05-19 19:49 . 2011-05-19 19:49 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2011-05-18 22:00 . 2011-05-18 22:00 -------- d-----w- c:\documents and settings\XXX\Application Data\Malwarebytes

2011-05-18 21:59 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-18 21:59 . 2011-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-18 21:59 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-18 21:59 . 2011-05-18 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-18 21:54 . 2011-05-18 21:54 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-05-18 21:54 . 2011-05-18 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 21:26 . 2011-04-03 12:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-09-02 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256]

"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 3080704]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-03-31 225280]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 08:32 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816]

"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]

"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-02 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-14 233936]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Documents and Settings\\XXX\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

"c:\\Program Files\\PPStream\\PPStream.exe"=

"c:\\Program Files\\PPStream\\PPSAP.exe"=

"c:\\Program Files\\PPSGame\\PPSGame.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"27075:TCP"= 27075:TCP:BitComet 27075 TCP

"27075:UDP"= 27075:UDP:BitComet 27075 UDP

"18453:TCP"= 18453:TCP:BitComet 18453 TCP

"18453:UDP"= 18453:UDP:BitComet 18453 UDP

"1247:TCP"= 1247:TCP:@xpsp2res.dll,-22009

.

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31-7-2008 20:45 20616]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9-9-2010 0:39 691696]

R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1-8-2008 15:55 143467]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16-9-2010 14:06 80896]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2-7-2008 14:58 26248]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30-11-2005 5:28 1097472]

S2 mlorugno;IP Traffic Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [2-9-2004 13:00 14336]

S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [25-8-2005 20:10 509312]

S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24-8-2005 7:07 692992]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5-11-2010 16:09 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22-6-2010 18:01 21248]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

mlorugno

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.bing.com/

uInternet Settings,ProxyOverride = local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Verzenden via Bericht(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

IE: Verzenden via Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

Trusted Zone: security_PPStream.exe

FF - ProfilePath - c:\documents and settings\XXX\Application Data\Mozilla\Firefox\Profiles\hutknvp9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com

FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: browser.startup.homepage - hxxps://www.facebook.com

FF - user.js: browser.startup.page - 1

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

HKU-Default-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe

MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-15 21:38

Windows 5.1.2600 Service Pack 2 FAT NTAPI

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(7908)

c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

c:\windows\system32\MSNChatHook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\MSVCR71.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\BsMobileSDK.dll

c:\windows\system32\BsLangInDepRes.dll

c:\windows\system32\Bs2Res.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\acer\Empowering Technology\ePower\SysHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\windows\system32\Ati2evxx.exe

c:\acer\Empowering Technology\admServ.exe

c:\windows\eHome\ehmsas.exe

c:\windows\RTHDCPL.EXE

c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\Common Files\Teleca Shared\logger.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

c:\windows\system32\wscntfy.exe

c:\docume~1\HOCHI~1\LOCALS~1\Temp\RtkBtMnt.exe

c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-15 21:41:01 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-15 19:41

.

Pre-Run: 15.776.153.600 bytes beschikbaar

Post-Run: 16.892.755.968 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - B84297E927D0CDBD4F6E9E77F8AE5732

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

file::

C:\FOUND.001

C:\FOUND.002

C:\FOUND.003

C:\FOUND.004

C:\FOUND.005

folder::

c:\documents and settings\All Users\Application Data\MFAData

c:\documents and settings\XXX\Application Data\Ysyhid

c:\documents and settings\XXX\Application Data\Evfop

firefox::

FF - ProfilePath - c:\documents and settings\XXX\Application Data\Mozilla\Firefox\Profiles\hutknvp9.default\

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
Skytje Groentje

Skytje

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-06-15.04 - XXX 16-06-2011 21:09:51.2.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.2046.1317 [GMT 2:00]

Gestart vanuit: c:\documents and settings\XXX\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\XXX\Bureaublad\CFScript.txt

.

FILE ::

"C:\FOUND.001"

"C:\FOUND.002"

"C:\FOUND.003"

"C:\FOUND.004"

"C:\FOUND.005"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\MFAData

c:\documents and settings\All Users\Application Data\MFAData\logs\avgInfoCollector.log

c:\documents and settings\All Users\Application Data\MFAData\logs\avgInfoCollector.log.lock

c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110604-163016.log

c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-171803.log

c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-173522.log

c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-184808.log

c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-185319.log

c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-190001.log

c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-190255.log

c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-191113.log

c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110604-163016.log

c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-171803.log

c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-173522.log

c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-184808.log

c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-185319.log

c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-190001.log

c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-190255.log

c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-191113.log

c:\documents and settings\All Users\Application Data\MFAData\mfaurlconf.ini

c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\dm_marketing_message-hi.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_LinkScanner.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_Smart-Scanning.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_Social-Networking.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Toolbar_wotoolbar.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\dm_marketing_message-nl.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\Installation-Page_LinkScanner.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\Installation-Page_Smart-Scanning.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\Installation-Page_Social-Networking.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\Toolbar_wotoolbar.html

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\LinkScanner-style.css

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\LinkScanner.jpg

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\OK.png

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Smart-Scanning.jpg

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\SmartScanning-style.css

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Social-Networking.jpg

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\SocialNetworking-style.css

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Toolbar-Selected.jpg

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Toolbar-Unselected.jpg

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\ToolbarSelected-style.css

c:\documents and settings\All Users\Application Data\MFAData\mkt\res\ToolbarUnselected-style.css

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10antirkx1382nz.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10antivirx1382ma.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10avgx1382xa.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10avisx1382nr.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10basex1382xu.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10emailsx1382yx.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10guix1382xn.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10idatx1382lv.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10idpx1382fj.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10lng_nlx1382ke.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10lng_usx1382jy.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10onlnscx1382qy.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10rdstx1382wo.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10resshldx1382va.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10srchsrfx1382zb.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10sshttpbx1382ji.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10tdidrvx1382ir.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10tuneupx1382oc.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10update2x1382pr.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10updatex1382tm.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10xplx1382qx.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10free_lic8mi.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10free_mis36lo.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10free_mps31xa.bin

c:\documents and settings\All Users\Application Data\MFAData\pack\bins\w10corex1511ik.bin

c:\documents and settings\All Users\Application Data\MFAData\public_installation_log.xml

c:\documents and settings\All Users\Application Data\MFAData\state.dat

c:\documents and settings\XXX\Application Data\Evfop

c:\documents and settings\XXX\Application Data\Ysyhid

c:\documents and settings\XXX\Application Data\Ysyhid\aghu.dat

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-16 to 2011-06-16 ))))))))))))))))))))))))))))))

.

.

2011-06-12 17:49 . 2011-06-12 17:49 -------- d--h--r- c:\documents and settings\XXX\Onlangs geopend

2011-06-12 17:40 . 2011-06-12 17:40 -------- d-----w- c:\program files\CCleaner

2011-06-12 13:06 . 2011-06-12 13:06 -------- d-----w- c:\program files\SUPERANTISPYWARE

2011-06-12 12:16 . 2011-06-12 12:16 -------- d-----w- C:\FOUND.005

2011-06-12 12:06 . 2011-06-12 12:06 -------- d-----w- c:\documents and settings\XXX\Application Data\SUPERAntiSpyware.com

2011-06-12 12:06 . 2011-06-12 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-08 20:37 . 2011-06-08 20:37 388096 ----a-r- c:\documents and settings\XXX\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-08 20:37 . 2011-06-08 20:37 -------- d-----w- c:\program files\Trend Micro

2011-06-07 22:48 . 2011-06-07 22:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-06-04 16:37 . 2011-06-04 16:37 -------- d-----w- C:\$AVG

2011-06-04 16:36 . 2011-06-04 16:36 -------- d-----w- c:\documents and settings\XXX\Application Data\AVG10

2011-06-04 16:34 . 2011-06-04 16:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-06-04 16:32 . 2011-06-04 16:33 -------- d-----w- c:\program files\AVG

2011-06-03 15:24 . 2011-06-03 15:24 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-03 14:39 . 2011-06-03 14:39 -------- d-----w- c:\documents and settings\NetworkService\Menu Start

2011-06-03 14:39 . 2011-06-03 14:39 -------- d-----w- c:\documents and settings\Default User\Tracing

2011-05-28 18:01 . 2011-05-28 18:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-27 16:47 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe

2011-05-26 19:08 . 2011-05-26 19:08 -------- d-----w- C:\FOUND.004

2011-05-25 21:41 . 2011-05-25 21:41 -------- d-----w- C:\FOUND.003

2011-05-24 22:02 . 2011-05-24 22:02 -------- d-----w- C:\FOUND.002

2011-05-24 21:28 . 2011-05-24 21:29 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

2011-05-22 15:36 . 2005-10-31 16:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll

2011-05-22 15:31 . 2011-05-22 15:31 -------- d-----w- c:\windows\system32\autorun

2011-05-20 19:45 . 2011-05-20 19:45 -------- d-----w- c:\program files\Free Window Registry Repair

2011-05-20 19:04 . 2011-05-20 19:04 -------- d-----w- c:\documents and settings\XXX\Local Settings\Application Data\PackageAware

2011-05-20 18:13 . 2011-05-20 18:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer

2011-05-20 13:43 . 2011-05-20 13:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-05-19 21:51 . 2011-05-19 21:51 31864 ----a-w- C:\symlcsv1.exe

2011-05-19 21:48 . 2011-05-19 21:48 -------- d-----w- C:\FOUND.001

2011-05-19 19:49 . 2011-05-19 19:49 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2011-05-18 22:00 . 2011-05-18 22:00 -------- d-----w- c:\documents and settings\XXX\Application Data\Malwarebytes

2011-05-18 21:59 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-18 21:59 . 2011-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-18 21:59 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-18 21:59 . 2011-05-18 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-18 21:54 . 2011-05-18 21:54 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-05-18 21:54 . 2011-05-18 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 21:26 . 2011-04-03 12:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256]

"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 3080704]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-03-31 225280]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 08:32 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816]

"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]

"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-02 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-14 233936]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Documents and Settings\\XXX\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

"c:\\Program Files\\PPStream\\PPStream.exe"=

"c:\\Program Files\\PPStream\\PPSAP.exe"=

"c:\\Program Files\\PPSGame\\PPSGame.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"27075:TCP"= 27075:TCP:BitComet 27075 TCP

"27075:UDP"= 27075:UDP:BitComet 27075 UDP

"18453:TCP"= 18453:TCP:BitComet 18453 TCP

"18453:UDP"= 18453:UDP:BitComet 18453 UDP

"1247:TCP"= 1247:TCP:@xpsp2res.dll,-22009

.

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31-7-2008 20:45 20616]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9-9-2010 0:39 691696]

R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1-8-2008 15:55 143467]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16-9-2010 14:06 80896]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2-7-2008 14:58 26248]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30-11-2005 5:28 1097472]

S2 mlorugno;IP Traffic Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [2-9-2004 13:00 14336]

S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [25-8-2005 20:10 509312]

S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24-8-2005 7:07 692992]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5-11-2010 16:09 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22-6-2010 18:01 21248]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

mlorugno

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.bing.com/

uInternet Settings,ProxyOverride = local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Verzenden via Bericht(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

IE: Verzenden via Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

Trusted Zone: security_PPStream.exe

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\XXX\Application Data\Mozilla\Firefox\Profiles\hutknvp9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: browser.startup.homepage - hxxps://www.facebook.com

FF - user.js: browser.startup.page - 1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-16 21:14

Windows 5.1.2600 Service Pack 2 FAT NTAPI

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\igfxdev.dll

.

Voltooingstijd: 2011-06-16 21:15:33

ComboFix-quarantined-files.txt 2011-06-16 19:15

ComboFix2.txt 2011-06-15 19:41

.

Pre-Run: 17.075.961.856 bytes beschikbaar

Post-Run: 17.049.944.064 bytes beschikbaar

.

- - End Of File - - 9E820690808959EC23624C6DA2DAA753

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:
het is gelukt om de mappen te verwijderen incl. in de prullenbak. ik zie nog wel found.000 moet ik die ook verwijderen?
Die mag ook weg, ja ... dat is de eerste van de reeks !

En hoe staat het nu met de werking van de PC en de foutmeldingen ?

Link naar reactie
Delen op andere sites
Skytje Groentje

Skytje

Geplaatst:
  • Auteur
Geplaatst:

die map heb ik nu ook verwijderd. ik denk dat mijn laptop nu wel zo goed als malware vrij is! laptop is nog steeds traag, maar dat was het al een tijdje dus denk niet perse een malware probleem. google geeft nu ook geen redirects meer, al paar dagen geen foutmeldingen gekregen en het blijkt dat ik nu weer mijn firefox homepage kan veranderen!

Kan ik nu het beste weer AVG op zetten?

thnx voor de hulp :)

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

En dan kan je AVG opnieuw downloaden en installeren.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.