Ga naar inhoud

conhost.exe

roelonzo
 Delen

Aanbevolen berichten

roelonzo Groentje

roelonzo

Geplaatst:
Geplaatst:

Hallo beste forumleden,

Sinds vandaag is mijn pc aan het trippen, conhost.exe gebruikt soms tot 99% CPU....

Ik heb een Malwarebytes scan gedaan maar die zegt dat niks geinfecteerd is...

Ik heb hem zelfs nog ge-update vandaag.

kunnen jullie me verder helpen ?

hier alvast een DDS rapportje:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16

Run by Roel at 19:08:17 on 2011-08-28

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.673 [GMT 2:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe 4

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

svchost.exe 4

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\mc76395.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\TEMP\conhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/home?AF=14542

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: : {614fc85d-ca23-47db-cee4-4cee6e1b9456} - c:\windows\system32\tgwsaflx.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe

mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe

mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex

StartupFolder: c:\docume~1\roel\menust~1\progra~1\opstar~1\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 193.109.184.72 193.109.184.75

TCP: Interfaces\{22F914DF-2C1C-446E-A6F9-52611E930C97} : DhcpNameServer = 193.109.184.72 193.109.184.75

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\roel\application data\mozilla\firefox\profiles\cmjbxl9n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\system32\svchost.exe -k netsvcs [2009-5-20 14336]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-11 366640]

R2 MemChecker;Memory checker;c:\windows\mc76395.exe [2011-2-11 172956]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-5-20 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-11 22712]

R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?]

R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-20 1684736]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-5-20 966912]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-20 232872]

S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-3-21 39040]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-13 11520]

.

=============== Created Last 30 ================

.

2011-08-28 14:53:58 -------- d-----w- c:\documents and settings\roel\application data\Sammsoft

2011-08-28 14:53:46 -------- d-----w- c:\program files\Ask.com

2011-08-28 14:53:42 -------- d-----w- c:\documents and settings\roel\local settings\application data\AskToolbar

2011-08-28 14:53:26 -------- d-----w- c:\program files\ARO 2011

2011-08-28 12:28:28 -------- d-----w- c:\program files\PC Tools Security

2011-08-28 12:28:28 -------- d-----w- c:\program files\common files\PC Tools

2011-08-28 12:26:40 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-08-27 21:44:41 -------- d-----w- c:\windows\SxsCaPendDel

2011-08-26 12:56:10 -------- d-----w- c:\documents and settings\roel\local settings\application data\Sony

2011-08-26 12:54:51 -------- d-----w- c:\program files\common files\Sony Shared

2011-08-26 12:54:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-26 12:46:28 -------- d-----w- c:\program files\Sony Media Go Install

2011-08-26 12:43:17 -------- d-----w- c:\documents and settings\roel\local settings\application data\Downloaded Installations

2011-08-26 12:42:08 -------- d-----w- c:\documents and settings\all users\application data\Sony Corporation

2011-08-26 12:42:07 -------- d-----w- c:\program files\Sony

2011-08-02 08:22:05 -------- d--h--w- c:\windows\PIF

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:18:34 670208 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:18:34 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-06-20 17:44:48 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-06-06 11:35:33 1859072 ----a-w- c:\windows\system32\win32k.sys

2009-10-02 20:23:02 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat

het bestand door een ander proces wordt gebruikt.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D8D555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d937b0]; MOV EAX, [0x89d9382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DE0650]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89DC23B8]

5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DA5028]

\Driver\iaStor[0x89DCB818] -> IRP_MJ_CREATE -> 0x89D8D555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; STD ; CLD ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x620; }

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 19:10:16.42 ===============

Is malwarebytes wel een goeie virusscanner ? normaalgesproken zou ie het toch gewoon moeten vinden ?

Ik hoor het wel,

Alvast bedankt voor de hulp :top:

Roel.

Link naar reactie
Delen op andere sites
Asus Grootmeester

Asus

Geplaatst:
Geplaatst:

Download HijackThis (klik er op).

1. Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

2. Klik op de snelkoppeling om HijackThis te starten.

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd.

3. Plak nu het HJT-logje in je volgende bericht hier op het forum door de CTRL en V-toets.

Belangrijke opmerkingen :

° Krijg je een melding "For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

° Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Extra info :

Dit (klik er op) filmpje kan je helpen om een HijackThis logje te plaatsen, net als deze (klik er op) handleiding.

Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou door het ganse proces.

Link naar reactie
Delen op andere sites
roelonzo Groentje

roelonzo

Geplaatst:
  • Auteur
Geplaatst:

Ow dat was snel :-)

hier het rapportje van HJT

Bedankt voor je snelle reactie.

Roel.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:23:45 PM, on 28/08/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\mc76395.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {614FC85D-CA23-47DB-CEE4-4CEE6E1B9456} - c:\windows\system32\tgwsaflx.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe -rem

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'Default user')

O4 - .DEFAULT User Startup: haal.exe (User 'Default user')

O4 - .DEFAULT User Startup: laocle.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Memory checker (MemChecker) - Unknown owner - C:\WINDOWS\mc76395.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--

End of file - 9532 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop MemChecker

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete MemChecker

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {614FC85D-CA23-47DB-CEE4-4CEE6E1B9456} - c:\windows\system32\tgwsaflx.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - .DEFAULT User Startup: haal.exe (User 'Default user')

O4 - .DEFAULT User Startup: laocle.exe (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder Ask Toolbar of Ask.com bij Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files\Ask.com

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
roelonzo Groentje

roelonzo

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

Ik heb dit geprobeerd zoals je zei maar conhost blijft vervelend doen...

hier de logs:

Malwarebytes' Anti-Malware 1.51.1.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 7594

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

28/08/2011 10:12:49 PM

mbam-log-2011-08-28 (22-12-49).txt

Scantype: Snelle scan

Objecten gescand: 160952

Verstreken tijd: 6 minuut/minuten, 52 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:14:37 PM, on 28/08/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {614FC85D-CA23-47DB-CEE4-4CEE6E1B9456} - c:\windows\system32\tgwsaflx.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe -rem

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'Default user')

O4 - .DEFAULT User Startup: haal.exe (User 'Default user')

O4 - .DEFAULT User Startup: laocle.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--

End of file - 8548 bytes

groeten,

Roel.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
roelonzo Groentje

roelonzo

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-08-28.01 - Roel 29/08/2011 8:43.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.1648 [GMT 2:00]

Running from: c:\documents and settings\Roel\Bureaublad\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\NetworkService\Application Data\Adobe\AdobeUpdate .exe

c:\documents and settings\NetworkService\Application Data\Adobe\plugs

c:\documents and settings\Roel\Application Data\Adobe\plugs

c:\documents and settings\Roel\Application Data\Adobe\shed

c:\documents and settings\Roel\Application Data\Beyxu

c:\documents and settings\Roel\Application Data\Beyxu\yxeb.roa

c:\windows\system32\Thumbs.db

c:\windows\TEMP\conhost.exe

.

.

\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive3 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive4 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive5 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive6 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive7 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive8 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive9 - Bootkit Whistler was found and disinfected

.

\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive3 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive4 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive5 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive6 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive7 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive8 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive9 - Bootkit Whistler was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))

.

.

2011-08-28 17:22 . 2011-08-28 17:22 388096 ----a-r- c:\documents and settings\Roel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-28 17:22 . 2011-08-28 17:22 -------- d-----w- c:\program files\Trend Micro

2011-08-28 14:54 . 2011-08-28 19:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar

2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\documents and settings\Roel\Application Data\Sammsoft

2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\program files\Ask.com

2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\AskToolbar

2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\program files\ARO 2011

2011-08-28 12:28 . 2011-08-28 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-08-28 12:26 . 2011-08-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-08-27 21:44 . 2011-08-28 06:10 -------- d-----w- c:\windows\SxsCaPendDel

2011-08-26 12:56 . 2011-08-26 12:56 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Sony

2011-08-26 12:54 . 2011-08-26 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared

2011-08-26 12:54 . 2011-08-26 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-26 12:46 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony Media Go Install

2011-08-26 12:43 . 2011-08-26 12:55 -------- d-----w- c:\documents and settings\Roel\Application Data\Sony

2011-08-26 12:43 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Downloaded Installations

2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation

2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony

2011-08-02 08:22 . 2011-08-02 08:22 -------- d--h--w- c:\windows\PIF

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-15 13:29 . 2009-05-20 12:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2009-05-20 12:34 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 17:52 . 2011-02-11 13:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2011-02-11 13:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2009-05-20 10:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:18 . 2009-05-20 12:34 670208 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:18 . 2009-05-20 12:34 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-06-20 17:44 . 2009-05-20 12:34 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-06-06 11:35 . 2009-05-20 12:34 1859072 ----a-w- c:\windows\system32\win32k.sys

2009-10-02 20:23 . 2009-10-02 20:22 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]

2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]

@="{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}"

[HKEY_CLASSES_ROOT\CLSID\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]

2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-02 273544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-26 240288]

.

c:\documents and settings\Roel\Menu Start\Programma's\Opstarten\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

.

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

haal.exe [2011-3-9 154331]

laocle.exe [2011-2-3 153680]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"52964:TCP"= 52964:TCP:@xpsp2res.dll,-22009

.

R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [20/05/2009 2:34 PM 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2011 3:10 PM 366640]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 3:38 AM 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2011 3:10 PM 22712]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/05/2009 4:09 PM 1684736]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2009 4:10 PM 966912]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [20/05/2009 5:06 PM 232872]

S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/03/2009 7:35 PM 39040]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/04/2010 4:30 PM 11520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

kdxcqejy

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

.

2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-213511399-2898973907-1583842945-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

2011-08-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-213511399-2898973907-1583842945-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

2011-08-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-07-29 20:05]

.

.

------- Supplementary Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 193.109.184.72 193.109.184.75

FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Support.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-SRS Premium Sound - c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-08-29 08:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat

het bestand door een ander proces wordt gebruikt.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

Completion time: 2011-08-29 08:58:49

ComboFix-quarantined-files.txt 2011-08-29 06:58

.

Pre-Run: 16,252,792,832 bytes beschikbaar

Post-Run: 19,362,729,984 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 39C0C5206FE62F23583AD83311CCB690

Ik denk dat het nu wel gelukt is :-)

Hartelijk bedankt voor je hulp.

Hoe wist je trouwens in post #5 welke regeltjes ik moest aanvinken bij hijack this ? of is dit moeilijk om uit te leggen aan een noob zoals mij ?

groeten,

Roel.

---------- Post toegevoegd om 09:18 ---------- Vorige post was om 09:06 ----------

hmm nee ik heb te vroeg victorie gekraaid... conhost.exe staat nog altijd bovenaan mijn processen met 98% CPU gebruik

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\Ask.com\UpdateTask.exe

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::

c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar

c:\program files\Ask.com

c:\documents and settings\Roel\Local Settings\Application Data\AskToolbar

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\En hanced Storage]

Firefox::

FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Download TDSSKiller.zip en plaats het op je bureaublad.

Pak de bestanden uit.

Open een kladblokbestand.

Kopieer onderstaande code in dit kladblokbestand.

Code:

@ECHO OFF

TDSSKiller.exe -l report.txt -v

DEL %0

Ga naar Bestand - Opslaan als.

Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.

Bij "Bestandsnaam" zet je: start.bat

Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).

Klik op de knop Opslaan.

Dubbelklik op start.bat

Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.

Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt.

Herstart daarna je computer.

Na de herstart maak je een nieuw logje met Combofix en deze post je ook hier in dit topic ter controle.

Link naar reactie
Delen op andere sites
roelonzo Groentje

roelonzo

Geplaatst:
  • Auteur
Geplaatst:

Het lukte me niet om een rapportje te maken van TDSSkiller, ik heb het EXE bestand wel uitgevoerd en het programma had 1 rootkit infection gevonden en gemaakt. daarna opgestart en een combofix scan gedaan.

hier de log van combofix :

ComboFix 11-08-28.01 - Roel 29/08/2011 10:48:21.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.1293 [GMT 2:00]

Running from: c:\documents and settings\Roel\Bureaublad\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))

.

.

2011-08-29 07:42 . 2011-08-29 07:42 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Temp

2011-08-29 07:29 . 2011-08-29 07:29 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Solid State Networks

2011-08-28 17:22 . 2011-08-28 17:22 388096 ----a-r- c:\documents and settings\Roel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-28 17:22 . 2011-08-28 17:22 -------- d-----w- c:\program files\Trend Micro

2011-08-28 14:53 . 2011-08-29 08:36 -------- d-----w- c:\documents and settings\Roel\Application Data\Sammsoft

2011-08-28 12:28 . 2011-08-28 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-08-28 12:26 . 2011-08-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-08-27 21:44 . 2011-08-28 06:10 -------- d-----w- c:\windows\SxsCaPendDel

2011-08-26 12:56 . 2011-08-26 12:56 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Sony

2011-08-26 12:54 . 2011-08-26 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared

2011-08-26 12:54 . 2011-08-26 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-26 12:46 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony Media Go Install

2011-08-26 12:43 . 2011-08-26 12:55 -------- d-----w- c:\documents and settings\Roel\Application Data\Sony

2011-08-26 12:43 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Downloaded Installations

2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation

2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony

2011-08-02 08:22 . 2011-08-02 08:22 -------- d--h--w- c:\windows\PIF

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-15 13:29 . 2009-05-20 12:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2009-05-20 12:34 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 17:52 . 2011-02-11 13:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2011-02-11 13:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2009-05-20 10:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:18 . 2009-05-20 12:34 670208 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:18 . 2009-05-20 12:34 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-06-20 17:44 . 2009-05-20 12:34 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-06-06 11:35 . 2009-05-20 12:34 1859072 ----a-w- c:\windows\system32\win32k.sys

2009-10-02 20:23 . 2009-10-02 20:22 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-29_06.54.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-29 08:34 . 2011-08-29 08:34 16384 c:\windows\Temp\Perflib_Perfdata_748.dat

+ 2009-05-20 12:34 . 2011-08-29 08:38 93752 c:\windows\system32\perfc013.dat

- 2009-05-20 12:34 . 2011-08-29 06:45 93752 c:\windows\system32\perfc013.dat

+ 2009-05-20 12:34 . 2011-08-29 08:38 73980 c:\windows\system32\perfc009.dat

- 2009-05-20 12:34 . 2011-08-29 06:45 73980 c:\windows\system32\perfc009.dat

+ 2008-04-14 00:10 . 2008-04-15 12:00 96512 c:\windows\system32\drivers\atapi.sys

- 2008-04-14 00:10 . 2008-04-13 22:10 96512 c:\windows\system32\drivers\atapi.sys

+ 2009-05-23 09:18 . 2011-08-29 08:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

- 2009-05-23 09:18 . 2011-08-29 06:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

+ 2009-05-23 09:18 . 2011-08-29 08:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-05-23 09:18 . 2011-08-29 06:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-05-20 12:34 . 2011-08-29 08:38 514470 c:\windows\system32\perfh013.dat

- 2009-05-20 12:34 . 2011-08-29 06:45 514470 c:\windows\system32\perfh013.dat

- 2009-05-20 12:34 . 2011-08-29 06:45 446348 c:\windows\system32\perfh009.dat

+ 2009-05-20 12:34 . 2011-08-29 08:38 446348 c:\windows\system32\perfh009.dat

- 2009-05-23 09:18 . 2011-08-29 06:42 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-05-23 09:18 . 2011-08-29 08:13 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-29 07:36 . 2011-08-29 07:36 2309120 c:\windows\Installer\2eb4e7.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]

2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]

@="{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}"

[HKEY_CLASSES_ROOT\CLSID\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]

2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-02 273544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-26 240288]

.

c:\documents and settings\Roel\Menu Start\Programma's\Opstarten\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

.

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

haal.exe [2011-3-9 154331]

laocle.exe [2011-2-3 153680]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"52964:TCP"= 52964:TCP:@xpsp2res.dll,-22009

.

R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [20/05/2009 2:34 PM 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2011 3:10 PM 366640]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 3:38 AM 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2011 3:10 PM 22712]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/05/2009 4:09 PM 1684736]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2009 4:10 PM 966912]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [20/05/2009 5:06 PM 232872]

S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/03/2009 7:35 PM 39040]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/04/2010 4:30 PM 11520]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 76519709

*Deregistered* - 76519709

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

kdxcqejy

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

.

2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-213511399-2898973907-1583842945-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

2011-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-213511399-2898973907-1583842945-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

.

------- Supplementary Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 193.109.184.72 193.109.184.75

FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Support.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-08-29 10:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2980)

c:\windows\system32\tgwsaflx.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-08-29 10:56:44

ComboFix-quarantined-files.txt 2011-08-29 08:56

ComboFix2.txt 2011-08-29 08:20

ComboFix3.txt 2011-08-29 06:58

.

Pre-Run: 19,370,962,944 bytes beschikbaar

Post-Run: 19,381,702,656 bytes beschikbaar

.

- - End Of File - - CC32B6098C2CAE3BD51CEE36DF3B4626

Als ik zoek naar conhost.exe dat vind mijn pc 1 bestandje "conhost.exe.vir" in de map C:\Qoobox\Quarantine\C\Windows\Temp

Nogmaals bedankt voor de hulp !

Roel.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.