Ga naar inhoud

Aanbevolen berichten

  • Reacties 27
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Kan je deze mappen manueel verwijderen ?

C:\Program Files\Network Associates

C:\Program Files\McAfee

C:\Program Files\Fichiers communs\McAfee

Zo niet, voer dan het volgende uit :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

De mappen zijn niet aanwezig in C: Program Files.

Hier volgt het logje van ComboFix

ComboFix 12-03-29.02 - pela 29/03/2012 21:05:07.1.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.511.207 [GMT 2:00]

Gestart vanuit: c:\documents and settings\pela\Bureau\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\pela\Application Data\PriceGong

c:\documents and settings\pela\Application Data\PriceGong\Data\1.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\a.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\b.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\c.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\d.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\e.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\f.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\g.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\h.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\i.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\J.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\k.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\l.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\m.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\n.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\o.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\p.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\q.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\r.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\s.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\t.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\u.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\v.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\w.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\x.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\y.xml

c:\documents and settings\pela\Application Data\PriceGong\Data\z.xml

c:\documents and settings\pela\Recent\UitwegenPosters_infodag.pdf

c:\documents and settings\pela\System

c:\documents and settings\pela\System\win_qs8.jqx

c:\documents and settings\pela\WINDOWS

c:\windows\bwUnin-7.2.0.157-8876480SL.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\IsUn0413.exe

c:\windows\system32\%SYSTE~1

c:\windows\system32\%SYSTE~1\Documents and Settings\pela\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD

c:\windows\system32\%SYSTE~1\Documents and Settings\pela\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\SETE0.tmp

c:\windows\system32\SETEC.tmp

c:\windows\system32\setting.ini

c:\windows\unin0413.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-29 ))))))))))))))))))))))))))))))

.

.

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\pela\Application Data\Malwarebytes

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-28 19:54 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-28 10:47 . 2012-03-28 10:47 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2012-03-28 10:47 . 2012-03-28 10:47 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-03-28 10:47 . 2012-03-28 10:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-03-28 10:47 . 2012-03-28 10:47 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-03-28 10:47 . 2012-03-28 10:47 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-03-28 10:47 . 2012-03-28 10:47 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-03-28 10:47 . 2012-03-28 10:47 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-03-28 10:47 . 2012-03-28 10:47 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-03-28 10:33 . 2012-03-28 10:33 388096 ----a-r- c:\documents and settings\pela\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-28 10:33 . 2012-03-28 10:33 -------- d-----w- c:\program files\Trend Micro

2012-03-27 22:30 . 2012-03-28 10:47 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2012-03-27 21:37 . 2008-09-29 06:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll

2012-03-27 21:35 . 2012-03-27 21:36 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2012-03-23 22:40 . 2012-03-23 22:40 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2100-04-08 09:45 . 2001-02-26 15:10 69632 ----a-w- c:\windows\system32\Lxasmdm.dll

2012-03-28 10:47 . 2008-09-29 07:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2012-03-27 14:38 . 2011-09-22 11:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-23 22:40 . 2010-04-25 19:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:58 . 2006-04-10 01:39 1860224 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-20 13:14 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2006-04-10 14:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-01-04 09:26 . 2010-03-09 20:06 236576 ------w- c:\windows\system32\MpSigStub.exe

2009-12-21 21:06 . 2009-12-21 21:05 16871432 -c--a-w- c:\program files\gimp-2.6.7-i686-setup.exe

2007-09-21 16:54 . 2007-10-11 15:01 1283286 -c--a-w- c:\program files\wrar371nl.exe

2007-02-22 17:23 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe

2007-02-22 17:10 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe.bak

2001-06-20 14:19 . 2001-06-19 14:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe

2007-06-21 16:38 . 2007-06-21 16:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 17:38 . 2007-06-21 17:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 17:38 . 2007-06-21 17:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 16:38 . 2007-06-21 16:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 16:39 . 2007-06-21 16:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 16:39 . 2007-06-21 16:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 17:39 . 2007-06-21 17:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 16:39 . 2007-06-21 16:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 17:40 . 2007-06-21 17:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2008-09-29 06:07 . 2012-03-27 21:37 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

.

c:\documents and settings\pela\Menu Démarrer\Programmes\Démarrage\

OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\

TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2009-10-31 1298432]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\EDQM\\European Pharmacopoeia 4th Edition 4.05\\LPLocal.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List\c:\windows\svcho.exe]

"DeleteFlag"= 1 (0x1)

"Start"= 4 (0x4)

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [28/03/2012 12:47 89624]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [18/12/2009 0:32 497856]

S1 MpKsl0a2f4e31;MpKsl0a2f4e31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys [?]

S1 MpKsl0ef6b901;MpKsl0ef6b901;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys [?]

S1 MpKsl20c34174;MpKsl20c34174;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys [?]

S1 MpKsl467063f5;MpKsl467063f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys [?]

S1 MpKsl5180a6e8;MpKsl5180a6e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys [?]

S1 MpKsl61b8981d;MpKsl61b8981d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys [?]

S1 MpKsl782276dd;MpKsl782276dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys [?]

S1 MpKsla0cb60be;MpKsla0cb60be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys [?]

S1 MpKslb1566c0a;MpKslb1566c0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys [?]

S1 MpKslc4e04c54;MpKslc4e04c54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys [?]

S1 MpKslcc0e42ec;MpKslcc0e42ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys [?]

S1 MpKsld02ed186;MpKsld02ed186;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176]

S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [28/03/2012 12:47 87808]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04]

.

2011-12-26 c:\windows\Tasks\Nettoyage de disque.job

- c:\windows\system32\cleanmgr.exe [2006-04-10 02:33]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*Yahoo! Nederland

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} - hxxp://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

HKLM-Run-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE

AddRemove-European Pharmacopoeia 4th Edition 4.05 - c:\windows\IsUn0413.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-29 21:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(584)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2012-03-29 21:21:44

ComboFix-quarantined-files.txt 2012-03-29 19:21

.

Pre-Run: 133.005.803.520 octets libres

Post-Run: 134.260.322.304 octets libres

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

.

- - End Of File - - D3D8EDE3C938D83ECB17ED5C7B470089

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

Folder::

C:\Program Files\Network Associates

C:\Program Files\McAfee

C:\Program Files\Fichiers communs\McAfee

Driver::

mfetdi2k

mferkdet

mfevtp

DDS::

Trusted Zone: internet

Trusted Zone: mcafee.com

Firefox::

FF - ProfilePath - c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\

FF - prefs.js: browser.search.defaulturl –

FF - prefs.js: browser.search.selectedEngine –

FF - prefs.js: keyword.URL -

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Het nieuwe ComboFix logje:

ComboFix 12-03-29.02 - pela 29/03/2012 21:45:19.2.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.511.127 [GMT 2:00]

Gestart vanuit: c:\documents and settings\pela\Bureau\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\pela\Bureau\CFScript.txt

AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

FILE ::

"c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome.manifest

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images\dealplyIcon32.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences\defaults.js

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\install.rdf

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\chrome.manifest

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\components\acplus-autocomplete.js

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\babylon.css

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\mtstart.js

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\server.js

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js

c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\install.rdf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MFERKDET

-------\Legacy_MFETDI2K

-------\Legacy_MFEVTP

-------\Service_mferkdet

-------\Service_mfetdi2k

-------\Service_mfevtp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-29 ))))))))))))))))))))))))))))))

.

.

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\pela\Application Data\Malwarebytes

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-28 19:54 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-28 10:47 . 2012-03-28 10:47 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2012-03-28 10:47 . 2012-03-28 10:47 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-03-28 10:47 . 2012-03-28 10:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-03-28 10:47 . 2012-03-28 10:47 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-03-28 10:47 . 2012-03-28 10:47 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-03-28 10:47 . 2012-03-28 10:47 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-03-28 10:47 . 2012-03-28 10:47 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-03-28 10:47 . 2012-03-28 10:47 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-03-28 10:33 . 2012-03-28 10:33 388096 ----a-r- c:\documents and settings\pela\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-28 10:33 . 2012-03-28 10:33 -------- d-----w- c:\program files\Trend Micro

2012-03-27 22:30 . 2012-03-28 10:47 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2012-03-27 21:37 . 2008-09-29 06:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll

2012-03-27 21:35 . 2012-03-27 21:36 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2012-03-23 22:40 . 2012-03-23 22:40 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2100-04-08 09:45 . 2001-02-26 15:10 69632 ----a-w- c:\windows\system32\Lxasmdm.dll

2012-03-28 10:47 . 2008-09-29 07:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2012-03-27 14:38 . 2011-09-22 11:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-23 22:40 . 2010-04-25 19:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:58 . 2006-04-10 01:39 1860224 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-20 13:14 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2006-04-10 14:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-01-04 09:26 . 2010-03-09 20:06 236576 ------w- c:\windows\system32\MpSigStub.exe

2009-12-21 21:06 . 2009-12-21 21:05 16871432 -c--a-w- c:\program files\gimp-2.6.7-i686-setup.exe

2007-09-21 16:54 . 2007-10-11 15:01 1283286 -c--a-w- c:\program files\wrar371nl.exe

2007-02-22 17:23 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe

2007-02-22 17:10 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe.bak

2001-06-20 14:19 . 2001-06-19 14:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe

2007-06-21 16:38 . 2007-06-21 16:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 17:38 . 2007-06-21 17:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 17:38 . 2007-06-21 17:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 16:38 . 2007-06-21 16:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 16:39 . 2007-06-21 16:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 16:39 . 2007-06-21 16:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 17:39 . 2007-06-21 17:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 16:39 . 2007-06-21 16:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 17:40 . 2007-06-21 17:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2008-09-29 06:07 . 2012-03-27 21:37 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-29_19.17.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-29 19:57 . 2012-03-29 19:57 16384 c:\windows\Temp\Perflib_Perfdata_3b8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

.

c:\documents and settings\pela\Menu Démarrer\Programmes\Démarrage\

OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\

TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2009-10-31 1298432]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\EDQM\\European Pharmacopoeia 4th Edition 4.05\\LPLocal.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List\c:\windows\svcho.exe]

"DeleteFlag"= 1 (0x1)

"Start"= 4 (0x4)

.

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [18/12/2009 0:32 497856]

S1 MpKsl0a2f4e31;MpKsl0a2f4e31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys [?]

S1 MpKsl0ef6b901;MpKsl0ef6b901;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys [?]

S1 MpKsl20c34174;MpKsl20c34174;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys [?]

S1 MpKsl467063f5;MpKsl467063f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys [?]

S1 MpKsl5180a6e8;MpKsl5180a6e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys [?]

S1 MpKsl61b8981d;MpKsl61b8981d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys [?]

S1 MpKsl782276dd;MpKsl782276dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys [?]

S1 MpKsla0cb60be;MpKsla0cb60be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys [?]

S1 MpKslb1566c0a;MpKslb1566c0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys [?]

S1 MpKslc4e04c54;MpKslc4e04c54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys [?]

S1 MpKslcc0e42ec;MpKslcc0e42ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys [?]

S1 MpKsld02ed186;MpKsld02ed186;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04]

.

2011-12-26 c:\windows\Tasks\Nettoyage de disque.job

- c:\windows\system32\cleanmgr.exe [2006-04-10 02:33]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*Yahoo! Nederland

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} - hxxp://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-29 21:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(576)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(7788)

c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\WgaTray.exe

.

**************************************************************************

.

Voltooingstijd: 2012-03-29 22:03:41 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-29 20:03

ComboFix2.txt 2012-03-29 19:21

.

Pre-Run: 134.278.684.672 octets libres

Post-Run: 134.155.112.448 octets libres

.

- - End Of File - - 28C6F475FE3E84EFB070795031003040

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Link naar reactie
Delen op andere sites

Het nieuw logje van ComboFix:

ComboFix 12-03-29.02 - pela 30/03/2012 11:13:33.3.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.511.54 [GMT 2:00]

Gestart vanuit: c:\documents and settings\pela\Bureau\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\pela\Bureau\CFScript.txt

AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-30 ))))))))))))))))))))))))))))))

.

.

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\pela\Application Data\Malwarebytes

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-28 19:54 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-28 10:47 . 2012-03-28 10:47 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2012-03-28 10:47 . 2012-03-28 10:47 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-03-28 10:47 . 2012-03-28 10:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-03-28 10:47 . 2012-03-28 10:47 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-03-28 10:47 . 2012-03-28 10:47 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-03-28 10:47 . 2012-03-28 10:47 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-03-28 10:47 . 2012-03-28 10:47 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-03-28 10:47 . 2012-03-28 10:47 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-03-28 10:33 . 2012-03-28 10:33 388096 ----a-r- c:\documents and settings\pela\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-28 10:33 . 2012-03-28 10:33 -------- d-----w- c:\program files\Trend Micro

2012-03-27 22:30 . 2012-03-28 10:47 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2012-03-27 21:37 . 2008-09-29 06:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll

2012-03-27 21:35 . 2012-03-27 21:36 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2012-03-23 22:40 . 2012-03-23 22:40 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2100-04-08 09:45 . 2001-02-26 15:10 69632 ----a-w- c:\windows\system32\Lxasmdm.dll

2012-03-28 10:47 . 2008-09-29 07:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2012-03-27 14:38 . 2011-09-22 11:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-23 22:40 . 2010-04-25 19:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:58 . 2006-04-10 01:39 1860224 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-20 13:14 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2006-04-10 14:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-01-04 09:26 . 2010-03-09 20:06 236576 ------w- c:\windows\system32\MpSigStub.exe

2009-12-21 21:06 . 2009-12-21 21:05 16871432 -c--a-w- c:\program files\gimp-2.6.7-i686-setup.exe

2007-09-21 16:54 . 2007-10-11 15:01 1283286 -c--a-w- c:\program files\wrar371nl.exe

2007-02-22 17:23 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe

2007-02-22 17:10 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe.bak

2001-06-20 14:19 . 2001-06-19 14:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe

2007-06-21 16:38 . 2007-06-21 16:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 17:38 . 2007-06-21 17:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 17:38 . 2007-06-21 17:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 16:38 . 2007-06-21 16:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 16:39 . 2007-06-21 16:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 16:39 . 2007-06-21 16:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 17:39 . 2007-06-21 17:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 16:39 . 2007-06-21 16:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 17:40 . 2007-06-21 17:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2008-09-29 06:07 . 2012-03-27 21:37 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-29_19.17.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-30 09:03 . 2012-03-30 09:03 16384 c:\windows\Temp\Perflib_Perfdata_778.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

.

c:\documents and settings\pela\Menu Démarrer\Programmes\Démarrage\

OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\

TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2009-10-31 1298432]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\EDQM\\European Pharmacopoeia 4th Edition 4.05\\LPLocal.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List\c:\windows\svcho.exe]

"DeleteFlag"= 1 (0x1)

"Start"= 4 (0x4)

.

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [18/12/2009 0:32 497856]

S1 MpKsl0a2f4e31;MpKsl0a2f4e31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys [?]

S1 MpKsl0ef6b901;MpKsl0ef6b901;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys [?]

S1 MpKsl20c34174;MpKsl20c34174;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys [?]

S1 MpKsl467063f5;MpKsl467063f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys [?]

S1 MpKsl5180a6e8;MpKsl5180a6e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys [?]

S1 MpKsl61b8981d;MpKsl61b8981d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys [?]

S1 MpKsl782276dd;MpKsl782276dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys [?]

S1 MpKsla0cb60be;MpKsla0cb60be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys [?]

S1 MpKslb1566c0a;MpKslb1566c0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys [?]

S1 MpKslc4e04c54;MpKslc4e04c54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys [?]

S1 MpKslcc0e42ec;MpKslcc0e42ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys [?]

S1 MpKsld02ed186;MpKsld02ed186;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04]

.

2011-12-26 c:\windows\Tasks\Nettoyage de disque.job

- c:\windows\system32\cleanmgr.exe [2006-04-10 02:33]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*Yahoo! Nederland

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} - hxxp://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-30 11:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(568)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3568)

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-03-30 11:30:02

ComboFix-quarantined-files.txt 2012-03-30 09:29

ComboFix2.txt 2012-03-29 20:03

ComboFix3.txt 2012-03-29 19:21

.

Pre-Run: 134.114.217.984 octets libres

Post-Run: 134.135.853.056 octets libres

.

- - End Of File - - 627CE92C60EA418CB6E3FA9C07FB9E77

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.