Ga naar inhoud

Windows navigatie en cursor doen vreemd

Rooieborrels

Door Rooieborrels
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Heel vreemd.

Het bestand is niet te vinden, het staat ook nergens bij de opstarters en toch staat het bij de lopende processen :hmmmm:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Link naar reactie
Delen op andere sites
Rooieborrels Enthousiasteling

Rooieborrels

Geplaatst:
  • Auteur
Geplaatst:

Hierbij de log van combofix:

ComboFix 11-12-17.05 - gebruiker 18-12-2011 14:05:44.8.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1389 [GMT 1:00]

Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe

AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.exe.lnk

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-18 to 2011-12-18 ))))))))))))))))))))))))))))))

.

.

2011-12-14 08:59 . 2011-12-15 21:38 -------- d--h--r- c:\documents and settings\gebruiker\Onlangs geopend

2011-12-10 10:29 . 2008-03-20 11:34 21888 ----a-w- c:\windows\system32\drivers\aabed2.sys

2011-12-10 10:29 . 2011-12-10 10:29 -------- d-----w- c:\program files\ABN AMRO e.dentifier2

2011-12-10 10:28 . 2011-12-10 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2}

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:13 . 2001-09-07 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2007-05-03 15:21 186880 ------w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2007-05-03 14:47 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2001-09-07 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-12-07 20:16 . 2011-09-09 10:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"nwiz"="nwiz.exe" [2006-07-20 1519616]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DAP\\DAP.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"d:\\Battle for middle earth\\game.dat"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\All Users\\Documenten\\logivert\\ebt5\\catalogs\\Babywinkel (demo)\\previewbase\\usbwebserver8\\apache\\bin\\httpd_usbwv8.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 13:53 64288]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 20:39 95024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 16:52 1355968]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 11:15 1097728]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664]

S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [10-12-2011 11:29 21888]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 14:52 100480]

S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53]

.

2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]

.

2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-12-18 14:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f,

68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(828)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

Voltooingstijd: 2011-12-18 14:17:05

ComboFix-quarantined-files.txt 2011-12-18 13:17

ComboFix2.txt 2011-10-09 16:01

.

Pre-Run: 11.078.254.592 bytes beschikbaar

Post-Run: 11.230.728.192 bytes beschikbaar

.

- - End Of File - - B3F74A060419F4BC669A19B13B62E8F8

Link naar reactie
Delen op andere sites
Rooieborrels Enthousiasteling

Rooieborrels

Geplaatst:
  • Auteur
Geplaatst:

Avira gebruik ik inderdaad maar ik gebruik niets van trendmicro of Bitdefender en er zijn ook geen aanverwante programma's geinstalleerd. Ik heb dit middels een zoekopdracht ook nog eens gecontroleerd. Het kan zijn dat ik deze programma's in het verleden wel eens gebruikt heb maar de laatste tijd zeker niet.

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Bij nader inzien zijn er nog meer online virusscanners geinstalleerd. Ik zie bvb ook sporen van Eset, Panda en F-Secure

Kijk in IE eens bij extra (tools) of er niet een lijntje in staat om BitDefender te verwijderen (uninstall)?

Als dit zo is, mag je BitDefender op die manier verwijderen.

We gaan dus nog wat sleutelen in het hijackthis logje.

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -

Klik op 'Fix checked' om de items te verwijderen.

Maak dan een nieuw logje met hijackthis en een met combofix.

Link naar reactie
Delen op andere sites
Rooieborrels Enthousiasteling

Rooieborrels

Geplaatst:
  • Auteur
Geplaatst:

Het verwijderen van Bitdefender via IE is gelukt!

Hierbij de logs van Hijackthis en combofix:

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:23:35, on 19-12-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265730781890

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265730753062

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 9372 bytes

Combofix:

ComboFix 11-12-19.01 - gebruiker 19-12-2011 19:22:27.9.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1449 [GMT 1:00]

Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe

AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-19 to 2011-12-19 ))))))))))))))))))))))))))))))

.

.

2011-12-14 08:59 . 2011-12-19 17:23 -------- d--h--r- c:\documents and settings\gebruiker\Onlangs geopend

2011-12-10 10:29 . 2008-03-20 11:34 21888 ----a-w- c:\windows\system32\drivers\aabed2.sys

2011-12-10 10:29 . 2011-12-10 10:29 -------- d-----w- c:\program files\ABN AMRO e.dentifier2

2011-12-10 10:28 . 2011-12-10 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2}

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:13 . 2001-09-07 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2007-05-03 15:21 186880 ------w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2007-05-03 14:47 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2001-09-07 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-12-07 20:16 . 2011-09-09 10:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-18_13.14.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-19 17:34 . 2011-12-19 17:34 16384 c:\windows\temp\Perflib_Perfdata_8c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"nwiz"="nwiz.exe" [2006-07-20 1519616]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DAP\\DAP.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"d:\\Battle for middle earth\\game.dat"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\All Users\\Documenten\\logivert\\ebt5\\catalogs\\Babywinkel (demo)\\previewbase\\usbwebserver8\\apache\\bin\\httpd_usbwv8.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 13:53 64288]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 20:39 95024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 16:52 1355968]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 11:15 1097728]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664]

S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [10-12-2011 11:29 21888]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 14:52 100480]

S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53]

.

2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]

.

2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-19 19:33

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f,

68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(828)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(3780)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSNL.DLL

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2011-12-19 19:38:25

ComboFix-quarantined-files.txt 2011-12-19 18:38

ComboFix2.txt 2011-12-18 13:17

ComboFix3.txt 2011-10-09 16:01

.

Pre-Run: 11.097.739.264 bytes beschikbaar

Post-Run: 11.317.653.504 bytes beschikbaar

.

- - End Of File - - 3C1AF31097359AB20AC23C83ABF7108F

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2}

File::

c:\documents and settings\gebruiker\local settings\Temp\ldiskl.sys

driver::

ldiskl

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites
Rooieborrels Enthousiasteling

Rooieborrels

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-12-20.01 - gebruiker 20-12-2011 13:59:41.10.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1377 [GMT 1:00]

Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\gebruiker\Bureaublad\CFScript.txt

AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

FILE ::

"c:\documents and settings\gebruiker\local settings\Temp\ldiskl.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2}

c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2}\1043.MST

c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2}\ABN AMRO e.dentifier2 software.msi

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ldiskl

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-20 to 2011-12-20 ))))))))))))))))))))))))))))))

.

.

2011-12-14 08:59 . 2011-12-20 12:55 -------- d--h--r- c:\documents and settings\gebruiker\Onlangs geopend

2011-12-10 10:29 . 2008-03-20 11:34 21888 ----a-w- c:\windows\system32\drivers\aabed2.sys

2011-12-10 10:29 . 2011-12-10 10:29 -------- d-----w- c:\program files\ABN AMRO e.dentifier2

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:13 . 2001-09-07 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2007-05-03 15:21 186880 ------w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2007-05-03 14:47 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2001-09-07 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-12-07 20:16 . 2011-09-09 10:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-18_13.14.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-20 13:13 . 2011-12-20 13:13 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"nwiz"="nwiz.exe" [2006-07-20 1519616]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DAP\\DAP.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"d:\\Battle for middle earth\\game.dat"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\All Users\\Documenten\\logivert\\ebt5\\catalogs\\Babywinkel (demo)\\previewbase\\usbwebserver8\\apache\\bin\\httpd_usbwv8.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 13:53 64288]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 20:39 95024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 16:52 1355968]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 11:15 1097728]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664]

S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [10-12-2011 11:29 21888]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 14:52 100480]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53]

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-12-20 14:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f,

68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(832)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(2612)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSNL.DLL

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\msiexec.exe

c:\windows\system32\rundll32.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Voltooingstijd: 2011-12-20 14:22:14 - machine werd herstart

ComboFix-quarantined-files.txt 2011-12-20 13:22

ComboFix2.txt 2011-12-19 18:38

ComboFix3.txt 2011-12-18 13:17

ComboFix4.txt 2011-10-09 16:01

.

Pre-Run: 11.024.310.272 bytes beschikbaar

Post-Run: 11.158.351.872 bytes beschikbaar

.

- - End Of File - - C7979358911918D7EAEE83C13197B6D7

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.