Ga naar inhoud

Systeemfout aangetroffen door NTVDM

Knoets
 Delen

Aanbevolen berichten

Knoets Nieuweling

Knoets

Geplaatst:
Geplaatst:

Bij het opstarten van Dos programma's krijg ik de foutmelding:

16-bits MS-DOS-subsysteem

systeemfout aangetroffen door NTVDM

Bij scannen via Malwarebytes vind die elke keer hetzelfde virus:

Malwarebytes Anti-Malware 1.60.0.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.01.02.02

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 7.0.5730.13

J.vd.B :: MEDION [administrator]

03/01/2012 9:10:32

mbam-log-2012-01-03 (09-10-32).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 209399

Verstreken tijd: 35 minuut/minuten, 17 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 1

HKLM\System\CurrentControlSet\Services\BITS|ImagePath (Hijack.WindowsUpdates) -> Slecht: (%fystemRoot%\System32\svchost.exe -k netsvcs) Goed: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Zal worden verwijderd tijdens het herstarten.

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Zowel in de veilige modus als windows vind dit virus

Als ik de Dos programma's in de veilige modus opstart gaat dit wel.

Dus duidelijk een virus waarschijnlijk !

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:38:04, on 03/01/2012

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\mnmsrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Fighters\sfus.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\CNYHKey.exe

C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe

C:\WINDOWS\system32\PRISMSTA.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Fighters\sfagent.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Garmin\gStart.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: PHPNukeDU - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\prxtbPHP0.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Elsevier Fiscaviewer] "c:\program files\elsevier\fiscaviewer\fiscaviewer.exe" /h

O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Dosprint.bat

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/QuickTimeInstaller.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137242278953

O17 - HKLM\System\CCS\Services\Tcpip\..\{8EE9EF01-28E9-4EA4-9734-B56AD1FAC4A8}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Support LogMeIn processes with quality assurance feedback (LMIGuardianSvc) - LogMeIn, Inc. - C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe

O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\kyzevek.html

O24 - Desktop Component 1: (no name) - C:\Program Files\MSN Gaming Zone\howysyhud.html

--

End of file - 13196 bytes

Ik hoop dat iemand mij hiermee kan helpen

Alvast bedankt

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O2 - BHO: PHPNukeDU - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\prxtbPHP0.dll (file missing)

O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\kyzevek.html

O24 - Desktop Component 1: (no name) - C:\Program Files\MSN Gaming Zone\howysyhud.html

Klik op 'Fix checked' om de items te verwijderen.

Registerdata gedetecteerd: 1

HKLM\System\CurrentControlSet\Services\BITS|ImagePath (Hijack.WindowsUpdates) -> Slecht: (%fystemRoot%\System32\svchost.exe -k netsvcs) Goed: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Zal worden verwijderd tijdens het herstarten.

Heb je de pc herstart na het uitvoeren van malwarebytes want dat is nodig om de besmetting te verwijderen.

Plaats een nieuw logje van hijackthis en een van malwarebytes.

Ik zie in het logje dat je het Service Pack 3 voor Windows XP nog niet hebt geinstalleerd.

Is daar een speciale reden voor?

Doe je regelmatig de Windows Updates?

Voor de veiligheid, stabiliteit en prestaties van Windows is het best om dit SP zo snel mogelijk te installeren.

Je kan het SP3 hier downloaden.

Link naar reactie
Delen op andere sites
Knoets Nieuweling

Knoets

Geplaatst:
  • Auteur
Geplaatst:

Kweezie

Ik heb inderdaad het systeem herstart na het uitvoeren van Malware, zowel in de veilige modus als onder windows.

SP3 is niet geinstalleerd omdat dan waarschijnlijk de DOS programma's niet goed meer werken.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:45:05, on 05/01/2012

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\mnmsrvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Fighters\sfus.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe

C:\WINDOWS\system32\PRISMSTA.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Fighters\sfagent.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Garmin\gStart.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Elsevier Fiscaviewer] "c:\program files\elsevier\fiscaviewer\fiscaviewer.exe" /h

O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Dosprint.bat

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/QuickTimeInstaller.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137242278953

O17 - HKLM\System\CCS\Services\Tcpip\..\{8EE9EF01-28E9-4EA4-9734-B56AD1FAC4A8}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Support LogMeIn processes with quality assurance feedback (LMIGuardianSvc) - LogMeIn, Inc. - C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe

O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 12889 bytes

alwarebytes Anti-Malware 1.60.0.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.01.02.02

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 7.0.5730.13

J.vd.B :: MEDION [administrator]

05/01/2012 15:44:50

mbam-log-2012-01-05 (15-44-50).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 209590

Verstreken tijd: 30 minuut/minuten, 13 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 1

HKLM\System\CurrentControlSet\Services\BITS|ImagePath (Hijack.WindowsUpdates) -> Slecht: (%fystemRoot%\System32\svchost.exe -k netsvcs) Goed: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Zal worden verwijderd tijdens het herstarten.

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Zie het wel weer

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Blijkbaar lukt het malwarebytes niet om de besmetting te verwijderen, zelfs niet na een herstart.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Link naar reactie
Delen op andere sites
Knoets Nieuweling

Knoets

Geplaatst:
  • Auteur
Geplaatst:

Hierbij de file van combofix

ComboFix 12-01-06.03 - J.vd.B 12-01-07 10:50:38.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.2559.1644 [GMT 1:00]

Gestart vanuit: C:\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Documenten\Settings

c:\documents and settings\J.vd.B\Application Data\explorer

c:\documents and settings\J.vd.B\Application Data\explorer\hgakheg.dll

c:\documents and settings\J.vd.B\Application Data\PriceGong

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\1.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\a.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\b.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\c.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\d.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\e.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\f.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\g.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\h.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\i.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\J.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\k.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\l.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\m.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\n.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\o.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\p.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\q.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\r.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\s.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\t.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\u.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\v.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\w.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\x.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\y.xml

c:\documents and settings\J.vd.B\Application Data\PriceGong\Data\z.xml

c:\documents and settings\J.vd.B\Favorieten\Videos.url

c:\documents and settings\J.vd.B\WINDOWS

C:\System

c:\windows\command

c:\windows\command\EXTRACT.PIF

c:\windows\Fonts\acrsec.fon

c:\windows\help\wmplayer.bak

c:\windows\IsUn0413.exe

c:\windows\system\W32MAINT.DLL

c:\windows\system\W32MAINT.EXE

c:\windows\system\W32RBLD.DLL

c:\windows\system\W32RBLD.EXE

c:\windows\system\W3MONV75.DLL

c:\windows\system\W3MONV75.EXE

c:\windows\system32\1.txt

c:\windows\system32\2.txt

c:\windows\system32\alsndsys0.wav

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\helper.xml

c:\windows\system32\msjet40.dll.tmp

c:\windows\system32\Process.exe

c:\windows\system32\regdacl

c:\windows\system32\regdacl\doc\RegAudit.GIF

c:\windows\system32\regdacl\doc\RegAudit_e.htm

c:\windows\system32\regdacl\doc\RegDACL.GIF

c:\windows\system32\regdacl\doc\RegDACL_el.htm

c:\windows\system32\regdacl\doc\RegDACL_er1.htm

c:\windows\system32\regdacl\doc\RegDACL_er2.htm

c:\windows\system32\regdacl\doc\RegDACL_er3.htm

c:\windows\system32\regdacl\doc\RegDACLe.htm

c:\windows\system32\regdacl\doc\RegLast_e.htm

c:\windows\system32\regdacl\doc\RegOwner.GIF

c:\windows\system32\regdacl\doc\RegOwner_e.htm

c:\windows\system32\regdacl\doc\SMWNCV.cmd

c:\windows\system32\regdacl\Freeware_en.txt

c:\windows\system32\regdacl\Orderinfo.htm

c:\windows\system32\regdacl\RegToolsHelp.htm

c:\windows\system32\sqlunirl.dll.tmp

c:\windows\system32\SrchSTS.exe

c:\windows\system32\Temp

c:\windows\system32\Thumbs.db

c:\windows\system32\kspydoc.log . . . . konden niet verwijderd worden

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MZU_RK

-------\Service_MZU_RK

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-07 to 2012-01-07 ))))))))))))))))))))))))))))))

.

.

2012-01-07 07:52 . 2012-01-07 07:53 -------- d-----w- C:\sUBs

2012-01-05 15:44 . 2012-01-05 15:58 -------- d-----w- c:\documents and settings\J.vd.B\Application Data\ICAClient

2012-01-05 15:43 . 2012-01-05 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix

2012-01-05 15:41 . 2012-01-05 15:41 -------- d-----w- c:\program files\Common Files\Citrix

2012-01-05 15:41 . 2012-01-05 15:44 -------- d-----w- c:\documents and settings\J.vd.B\Local Settings\Application Data\Citrix

2012-01-05 15:41 . 2012-01-05 15:44 -------- d-----w- c:\program files\Citrix

2012-01-05 15:39 . 2012-01-05 15:40 -------- d-----w- c:\documents and settings\J.vd.B\Application Data\Download Manager

2012-01-04 09:33 . 2012-01-04 09:33 -------- d-----w- c:\program files\RoosRoos Loon 2011

2012-01-03 13:52 . 2012-01-04 14:58 -------- d-----w- c:\documents and settings\J.vd.B\Local Settings\Application Data\SecondLife

2012-01-03 13:51 . 2012-01-03 14:00 -------- d-----w- c:\program files\SecondLifeViewer

2012-01-03 09:37 . 2012-01-03 09:37 388096 ----a-r- c:\documents and settings\J.vd.B\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-03 09:37 . 2012-01-03 09:37 -------- d-----w- c:\program files\Trend Micro

2011-12-22 20:27 . 2012-01-06 14:41 -------- d--h--r- c:\documents and settings\J.vd.B\Onlangs geopend

2011-12-21 16:28 . 2012-01-02 08:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-21 16:28 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-21 16:26 . 2011-12-21 16:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-21 16:23 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-12-20 18:50 . 2011-12-20 18:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-12-20 18:48 . 2011-12-20 18:48 -------- d-----w- c:\program files\AVG

2011-12-20 18:45 . 2012-01-07 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-12-18 10:45 . 2011-12-18 10:45 -------- d-----w- c:\program files\iPod

2011-12-18 10:45 . 2011-12-18 10:46 -------- d-----w- c:\program files\iTunes

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-16 13:09 . 2010-09-20 09:32 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-12-16 13:09 . 2010-09-20 09:32 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-12-16 13:09 . 2010-09-20 09:32 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-12-16 13:09 . 2010-09-20 09:32 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-11-10 04:54 . 2010-04-20 06:09 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27 . 2010-01-07 07:48 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C4631FF-5CC8-4EBC-A0DF-34C92291759E}]

2011-12-22 10:36 83904 ----a-w- c:\program files\Citrix\ICA Client\IEInterceptor.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-05-28 401493]

"gStart"="c:\garmin\gStart.exe" [2005-07-25 1896448]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]

"Elsevier Fiscaviewer"="c:\program files\elsevier\fiscaviewer\fiscaviewer.exe" [2011-04-15 2823168]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PRISMSTA.EXE"="PRISMSTA.EXE START" [X]

"CHotkey"="mHotkey.exe" [2003-06-27 506368]

"ledpointer"="CNYHKey.exe" [2003-06-27 5798912]

"PCMService"="c:\program files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [2003-06-24 61440]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]

"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-28 394240]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-10 7311360]

"nwiz"="nwiz.exe" [2005-12-10 1519616]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Cmaudio"="cmicnfg.cpl" [2003-09-12 2244608]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]

"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\redirector.exe" [2011-12-22 128960]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2004-08-03 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"!CleanupNetMeetingDispDriver"="msconf.dll" [2004-08-03 69632]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

Dosprint.bat [2009-6-25 153]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\WINDOWS\\system\\W3DBSMGR.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\SecondLifeViewer\\SLVoice.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [11-06-29 05:18 66776]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [07-08-29 09:57 33824]

R2 LMIGuardianSvc;Support LogMeIn processes with quality assurance feedback;c:\program files\LogMeIn Ignition\LMIGuardianSvc.exe [10-10-19 16:24 374160]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [10-01-27 11:22 12856]

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [02-09-20 17:29 53248]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [10-10-21 13:44 189064]

R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [10-10-21 13:44 1130120]

R3 mr8980;Digital Wireless Camera;c:\windows\system32\drivers\mr8980.sys [09-10-02 13:04 69632]

R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [03-06-12 07:47 24704]

R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [03-09-10 12:22 362688]

R3 SNCP106;PC Camera (6009 CIF);c:\windows\system32\drivers\sncp106.sys [04-06-24 12:25 243712]

R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S1 e30cbd74;e30cbd74;c:\windows\system32\drivers\e30cbd74.sys --> c:\windows\system32\drivers\e30cbd74.sys [?]

S2 EDFVMYVW;EDFVMYVW; [x]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11-04-26 11:08 135664]

S3 15k9r0.sys;15k9r0.sys;\??\c:\windows\system32\drivers\15k9r0.sys --> c:\windows\system32\drivers\15k9r0.sys [?]

S3 ASINDIS5;ASINDIS5 Protocol Driver;c:\windows\system32\ASINDIS5.sys [05-04-20 10:29 16302]

S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [02-09-20 17:27 77824]

S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [02-09-20 17:41 77824]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11-04-26 11:08 135664]

S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [08-07-10 02:13 99592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 10:08]

.

2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 10:08]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Settings,ProxyOverride = *.local

uCustomizeSearch =

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{8EE9EF01-28E9-4EA4-9734-B56AD1FAC4A8}: NameServer = 192.168.0.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\J.vd.B\Application Data\Mozilla\Firefox\Profiles\dtwbtq6r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.aadeurne.nl

FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: TradeManager-Plugin: {4D144BC3-23FB-47de-90C5-63CCB0139CCF} - %profile%\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

FF - Ext: ThreeShips Helper Extension: {9e1d7c80-43d1-11db-b0de-0800200c9a66} - %profile%\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{DB9D7A78-A76C-4BF2-97C6-258925EE1542} - (no file)

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

ShellExecuteHooks-{7B3EE512-B06E-455C-B4E9-D9241A4D5372} - (no file)

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

AddRemove-Evw2Uninstall - c:\windows\IsUn0413.exe

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

AddRemove-Postbank Girotel Zakelijk - 4.0 - c:\windows\IsUn0413.exe

AddRemove-Postbank Girotel Zakelijk - 4.1 - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-07 11:13

Windows 5.1.2600 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\*t*i*nW¬~è*ÿ_*a*u*t*o*_*f*i*l*e*\shell]

@="open"

.

[HKEY_LOCAL_MACHINE\software\Classes\*t*i*nW¬~è*ÿ_*a*u*t*o*_*f*i*l*e*\shell\open\command]

@="c:\\PROGRA~1\\QUICKT~1\\QuickTimePlayer.exe \"%1\""

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(604)

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(6108)

c:\windows\system32\msls31.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\msi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\brss01a.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

c:\windows\System32\nvsvc32.exe

c:\windows\System32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\mHotkey.exe

c:\windows\CNYHKey.exe

c:\windows\system32\PRISMSTA.EXE

c:\windows\system32\RunDll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-07 11:30:26 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-07 10:30

ComboFix2.txt 2012-01-07 07:53

.

Pre-Run: 39,980,642,304 bytes beschikbaar

Post-Run: 40,205,533,184 bytes beschikbaar

.

- - End Of File - - EA3E5397F8225C0E7B9FE62DFDE05F73

Ik hoop dat je hier mee verder kunt ?

Alvast bedankt

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Ga naar start - uitvoeren, typ regedit en druk enter.

Ga naar de registersleutel HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS

Kijk naar de waarde van ImagePath

Als daar staat %fystemRoot% , dubbelklik je op ImagePath , wijzig %fystemRoot% in %SystemRoot% en klik OK.

Sluit de registereditor en herstart de pc.

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Driver::

e30cbd74.sys

EDFVMYVW

15k9r0.sys

File::

c:\windows\system32\drivers\e30cbd74.sys

c:\windows\system32\drivers\15k9r0.sys

Firefox::

FF - ProfilePath - c:\documents and settings\J.vd.B\Application Data\Mozilla\Firefox\Profiles\dtwbtq6r.default\

FF - prefs.js: browser.search.defaulturl -

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van malwarebytes.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.