Ga naar inhoud

Virus?!


Aanbevolen berichten

  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Dan is het nu tijd om Malwarebytes te installeren in die "veilige modus" en te bekijken of je die daar kan laten scannen. Zo dit lukt, daarna het logje ervan posten.

Nope, het lukt niet. Xp antivirus 2012 blokkeert elk programma, ook in de veilige modus.

Link naar reactie
Delen op andere sites

Start de PC nog eens opnieuw op in "veilige modus met netwerkverbinding". Download dan Combofix, maar hernoem het bestand combofix.exe in scan.exe ... en probeer dan of scannen wél lukt.

Combofix installeren doe je als volgt :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Het is gelukt. Het programma heeft wel maar 5 minuten nodig gehad terwijl dat er stond dat er normaal 10 min voor nodig waren. Dit is het logje:

ComboFix 11-06-17.04 - klant 19/06/2011 16:55:45.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3033.2726 [GMT 2:00]

Gestart vanuit: K:\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira FireWall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\SubtitleWorkshop4.exe

c:\documents and settings\klant\Application Data\Local

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\smallville.706.hdtv.xvid.notv_tvddlhotspot_ns.avi.ddr

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\1681792482157_5140.mp4.ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\smallville.706.hdtv.xvid.notv_tvddlhotspot_ns.avi

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Smallville.S06E12.DVDRip.XviD-WAT_tvddl.net_ns.avi.ddp

c:\documents and settings\klant\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\smallville.s07e02.hdtv.xvid-2hd_tvddlhotspot_ns.avi.ddp

c:\documents and settings\klant\Application Data\PriceGong

c:\documents and settings\klant\Application Data\PriceGong\Data\1.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\a.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\b.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\c.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\d.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\e.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\f.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\g.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\h.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\i.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\J.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\k.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\l.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\m.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\n.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\o.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\p.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\q.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\r.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\s.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\t.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\u.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\v.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\w.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\x.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\y.xml

c:\documents and settings\klant\Application Data\PriceGong\Data\z.xml

c:\documents and settings\klant\Local Settings\Application Data\etf.exe

c:\documents and settings\klant\Menu Start\Programma's\Opstarten\OpenOffice.org 3.3 .lnk

c:\documents and settings\Q-Force\Application Data\PriceGong

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Q-Force\Application Data\PriceGong\Data\z.xml

c:\program files\INSTALL.LOG

c:\program files\WinPCap

c:\program files\WinPCap\LICENSE

C:\setup.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-19 to 2011-06-19 ))))))))))))))))))))))))))))))

.

.

2011-06-18 14:16 . 2011-06-18 14:16 388096 ----a-r- c:\documents and settings\klant\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-18 14:16 . 2011-06-18 14:16 -------- d-----w- c:\program files\Trend Micro

2011-06-17 21:04 . 2011-06-18 06:28 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-17 18:09 . 2011-06-17 18:09 -------- d-----w- c:\program files\iPod

2011-06-17 18:09 . 2011-06-17 18:09 -------- d-----w- c:\program files\iTunes

2011-06-17 18:02 . 2011-06-17 18:02 -------- d-----w- c:\program files\Safari

2011-06-09 18:08 . 2011-06-18 19:26 -------- d--h--r- c:\documents and settings\klant\Onlangs geopend

2011-06-03 06:50 . 2011-06-03 06:50 -------- d-----w- c:\program files\Acoustica Shared Effects

2011-06-03 06:50 . 2001-09-28 15:00 164864 ----a-w- c:\program files\UNWISE.EXE

2011-06-03 06:49 . 2011-06-09 18:03 -------- d-----w- c:\program files\Acoustica Beatcraft

2011-05-24 15:13 . 2011-05-24 15:13 -------- d-----w- c:\documents and settings\klant\Application Data\OpenCandy

2011-05-24 14:14 . 2011-05-24 14:14 -------- d-----w- c:\program files\Application Updater

2011-05-24 14:14 . 2011-05-24 14:14 -------- d-----w- c:\program files\YouTube Downloader Toolbar

2011-05-23 17:18 . 2011-05-23 17:18 -------- d-----w- c:\program files\Audacity

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 10:07 . 2011-05-08 08:43 664 ----a-w- c:\documents and settings\Q-Force\Local Settings\Application Data\d3d9caps.tmp

2011-05-08 19:55 . 2011-05-08 19:55 695578 ----a-w- c:\windows\system32\unins000.exe

2011-05-02 15:31 . 2009-08-19 11:21 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:05 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:05 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:05 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-15 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-10-01 00:11 . 2010-12-29 18:21 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe

2011-04-30 06:51 . 2011-04-03 13:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-27 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-21 129536]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-21 163328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-21 138752]

"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^klant^Menu Start^Programma's^Opstarten^OpenOffice.org 3.0 .lnk]

path=c:\documents and settings\klant\Menu Start\Programma's\Opstarten\OpenOffice.org 3.0 .lnk

backup=c:\windows\pss\OpenOffice.org 3.0 .lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2010-09-14 16:59 64104 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-09-21 09:59 163328 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-09-21 10:00 129536 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-09-21 09:59 138752 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2010-09-14 17:00 19576424 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-11-13 11:31 247144 ----a-w- c:\documents and settings\klant\Mijn documenten\tomtom\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\winver.exe"=

"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [8/07/2010 15:52 102856]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [8/07/2010 15:52 79432]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 14:00 14336]

S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [8/07/2010 15:52 539304]

S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [8/07/2010 15:52 339624]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/07/2010 15:52 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8/07/2010 15:52 421032]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [6/05/2011 17:33 393112]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 2:33 821664]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 1:10 483688]

S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\klant\Mijn documenten\tomtom\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/08/2009 13:44 1691480]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 11336]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27/11/2009 23:32 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27/11/2009 23:32 8320]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 21:37 4640000]

S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2/12/2009 22:23 554344]

S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2/12/2009 22:23 211432]

S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2/12/2009 22:23 20584]

S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2/12/2009 22:23 18280]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 1:10 209768]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [18/10/2009 18:48 544768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-Q-9DB517AA92364-klant.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-08 02:44]

.

2011-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2011-03-02 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-02-27 19:34]

.

2011-06-18 c:\windows\Tasks\User_Feed_Synchronization-{BF9AA81C-97A4-4A0F-8E19-A29E76DBF7B4}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

2011-06-19 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-08-19 20:18]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=hompag

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\klant\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\klant\Application Data\Mozilla\Firefox\Profiles\9dq5ccpy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64505

FF - prefs.js: network.proxy.type - 1

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

HKCU-Run-AdobeBridge - (no file)

MSConfigStartUp-Google Update - c:\documents and settings\klant\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe

AddRemove-myxoftdssdj_is1 - d:\benjamin\DSS DJ\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-19 16:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2011-06-19 17:00:04

ComboFix-quarantined-files.txt 2011-06-19 15:00

.

Pre-Run: 21.813.846.016 bytes beschikbaar

Post-Run: 22.100.467.712 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5F212DFB9AB78D983C448233DE2757B9

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\Application Updater

Firefox::

FF - ProfilePath - c:\documents and settings\klant\Application Data\Mozilla\Firefox\Profiles\9dq5ccpy.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\Application Updater

Firefox::

FF - ProfilePath - c:\documents and settings\klant\Application Data\Mozilla\Firefox\Profiles\9dq5ccpy.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Mijn pc werkt terug perfect, ik heb nergens last meer van,... Moet ik dit nu nog doen of niet?

Link naar reactie
Delen op andere sites

sorry dat het zolang duurde !

Maar dit is het nieuwe logje:

ComboFix 11-06-22.01 - klant 22/06/2011 21:16:57.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3033.2221 [GMT 2:00]

Gestart vanuit: K:\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\klant\Bureaublad\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira FireWall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Application Updater

c:\program files\Application Updater\ApplicationUpdater.exe

c:\program files\Application Updater\config.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_Application_Updater

-------\Legacy_Application_Updater

-------\Service_Application Updater

-------\Service_Application Updater

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-22 to 2011-06-22 ))))))))))))))))))))))))))))))

.

.

2011-06-19 18:42 . 2011-04-14 16:57 713376 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe

2011-06-19 17:20 . 2011-06-19 17:20 -------- d-----w- c:\documents and settings\klant\Application Data\Malwarebytes

2011-06-19 17:20 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-19 17:20 . 2011-06-19 17:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-19 17:19 . 2011-06-19 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-19 17:19 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-18 14:16 . 2011-06-18 14:16 388096 ----a-r- c:\documents and settings\klant\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-18 14:16 . 2011-06-18 14:16 -------- d-----w- c:\program files\Trend Micro

2011-06-17 21:04 . 2011-06-18 06:28 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-17 18:09 . 2011-06-17 18:09 -------- d-----w- c:\program files\iPod

2011-06-17 18:09 . 2011-06-17 18:09 -------- d-----w- c:\program files\iTunes

2011-06-17 18:02 . 2011-06-17 18:02 -------- d-----w- c:\program files\Safari

2011-06-09 18:08 . 2011-06-22 19:11 -------- d--h--r- c:\documents and settings\klant\Onlangs geopend

2011-06-03 06:50 . 2011-06-03 06:50 -------- d-----w- c:\program files\Acoustica Shared Effects

2011-06-03 06:50 . 2001-09-28 15:00 164864 ----a-w- c:\program files\UNWISE.EXE

2011-06-03 06:49 . 2011-06-09 18:03 -------- d-----w- c:\program files\Acoustica Beatcraft

2011-05-24 15:13 . 2011-05-24 15:13 -------- d-----w- c:\documents and settings\klant\Application Data\OpenCandy

2011-05-24 14:14 . 2011-05-24 14:14 -------- d-----w- c:\program files\YouTube Downloader Toolbar

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 10:07 . 2011-05-08 08:43 664 ----a-w- c:\documents and settings\Q-Force\Local Settings\Application Data\d3d9caps.tmp

2011-05-02 15:31 . 2009-08-19 11:21 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:05 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:05 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:05 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-15 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-10-01 00:11 . 2010-12-29 18:21 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe

2011-04-14 16:57 . 2011-06-19 18:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-06-19_14.58.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-22 19:24 . 2011-06-22 19:24 16384 c:\windows\temp\Perflib_Perfdata_894.dat

+ 2011-06-22 19:24 . 2011-06-22 19:24 16384 c:\windows\temp\Perflib_Perfdata_514.dat

+ 2011-06-17 18:10 . 2011-06-19 19:27 380928 c:\windows\Installer\{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}\iTunesIco.exe

- 2011-06-17 18:10 . 2011-06-17 18:10 380928 c:\windows\Installer\{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}\iTunesIco.exe

+ 2011-06-19 19:43 . 2011-06-19 19:43 9472000 c:\windows\Installer\85d482.msi

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-27 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-21 129536]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-21 163328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-21 138752]

"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^klant^Menu Start^Programma's^Opstarten^OpenOffice.org 3.0 .lnk]

path=c:\documents and settings\klant\Menu Start\Programma's\Opstarten\OpenOffice.org 3.0 .lnk

backup=c:\windows\pss\OpenOffice.org 3.0 .lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2010-09-14 16:59 64104 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-09-21 09:59 163328 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-09-21 10:00 129536 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-09-21 09:59 138752 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2010-09-14 17:00 19576424 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-11-13 11:31 247144 ----a-w- c:\documents and settings\klant\Mijn documenten\tomtom\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\winver.exe"=

"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1039:TCP"= 1039:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [8/07/2010 15:52 102856]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 14:00 14336]

R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [8/07/2010 15:52 539304]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [8/07/2010 15:52 339624]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/07/2010 15:52 136360]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8/07/2010 15:52 421032]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 2:33 821664]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/06/2011 19:20 366640]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 1:10 483688]

R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\klant\Mijn documenten\tomtom\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [8/07/2010 15:52 79432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/06/2011 19:19 22712]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2/12/2009 22:23 554344]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2/12/2009 22:23 211432]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2/12/2009 22:23 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2/12/2009 22:23 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 1:10 209768]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/08/2009 13:44 1691480]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 11336]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27/11/2009 23:32 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27/11/2009 23:32 8320]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 21:37 4640000]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [18/10/2009 18:48 544768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-Q-9DB517AA92364-klant.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-08 02:44]

.

2011-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2011-03-02 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-02-27 19:34]

.

2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{BF9AA81C-97A4-4A0F-8E19-A29E76DBF7B4}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

2011-06-22 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-08-19 20:18]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=hompag

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\klant\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\klant\Application Data\Mozilla\Firefox\Profiles\9dq5ccpy.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64505

FF - prefs.js: network.proxy.type - 4

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-22 21:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(1080)

c:\program files\Avira\AntiVir Desktop\avsda.dll

.

- - - - - - - > 'explorer.exe'(2440)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\brss01a.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Brother\Brmfcmon\BrMfcmon.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\HP\Digital Imaging\bin\hpqgalry.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Avira\AntiVir Desktop\usrreq.exe

c:\program files\Avira\AntiVir Desktop\checkt.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-22 21:28:01 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-22 19:27

ComboFix2.txt 2011-06-19 15:00

.

Pre-Run: 21.301.190.656 bytes beschikbaar

Post-Run: 21.188.730.880 bytes beschikbaar

.

- - End Of File - - 48E7D66753C1C2D76028B204867317C9

Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.