rasdlg.dll --> virus?

[kape]

Ben je al iets verder gekomen met deze laatste suggesties ?

[kroegieboy]

Het is nog niet opgelost.

Hier is weer een Hijack log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:25:25, on 17/06/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe

C:\Program Files\Lexmark 4800 Series\lxdemon.exe

C:\Program Files\Lexmark 4800 Series\lxdeamon.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Helsen Craig\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Users\Helsen Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

F:\Programs\Virus\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [ECenter] "C:\Dell\E-Center\EULALauncher.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun

O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"

O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Helsen Craig\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - Startup: Dropbox.lnk = C:\Users\Helsen Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe

O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Network List-service (netprofm) - Unknown owner - C:\Program Files\webserv\webserv.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--

End of file - 11902 bytes

[kape]

In één van je logjes staat de volgende map c:\program files\Program Files en er bestaat ook nog de normale C:\Program Files. Zitten er in die eerste map nog andere mappen of bestanden ? En zo ja, dewelke ?

[kroegieboy]

Ik heb maar een map namelijk C:\Program Files, ik heb geen map die c:\program files\Program Files heet.

Ik vraag me wel af wat het probleem is dat mijn computer ineens zo traag gaat en die foutmelding geeft.

[kweezie wabbit]

Heb je de instructies van bericht nr 10 uitgevoerd?

Kan je dan een nieuw logje maken met combofix?

[kape]

Kijk eens in bericht 7. Daar zitten een massa items in de map c:\program files\Program Files, maar de inhoud ervan is inderdaad verwijderd. Dat zou kunnen verklaren waarom je die nu niet meer terug kan vinden. Werken alle programma's in de standaardmap C:\Program Files nog naar behoren. Probeer het bvb. eens met Adobe Reader ?

[kroegieboy]

Mijn adobe reader werkt inderdaad niet meer.

Hier vind je combofix logje

ComboFix 12-06-19.03 - 20/06/2012 13:53:21.7.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.32.1043.18.3325.1868 [GMT 2:00]

Gestart vanuit: c:\users\Helsen Craig\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-20 to 2012-06-20 ))))))))))))))))))))))))))))))

.

.

2012-06-20 12:06 . 2012-06-20 12:06 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-06-20 12:06 . 2012-06-20 12:06 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-06-20 12:06 . 2012-06-20 12:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-20 12:06 . 2012-06-20 12:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-06-20 11:48 . 2012-06-20 11:48 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E450C223-6A43-419F-9C54-0267AB7725EA}\offreg.dll

2012-06-20 11:35 . 2012-06-20 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-20 11:12 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E450C223-6A43-419F-9C54-0267AB7725EA}\mpengine.dll

2012-06-19 06:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 06:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 06:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 06:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 06:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-19 06:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 06:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 06:50 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 06:50 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-18 10:15 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-18 10:09 . 2012-06-18 10:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-18 10:09 . 2012-06-18 10:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-14 06:00 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 06:00 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 06:00 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 05:59 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 05:59 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 10:02 . 2012-02-10 11:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2407B8C-074D-4616-9130-91D4D6B45E8F}\gapaengine.dll

2012-06-13 05:52 . 2012-06-13 05:52 -------- d-----w- c:\users\Helsen Craig\AppData\Local\Macromedia

2012-06-04 16:00 . 2012-06-04 16:00 -------- d-----w- c:\users\Helsen Craig\AppData\Roaming\Nitro PDF

2012-06-04 15:58 . 2012-06-04 15:58 -------- d-----w- c:\users\Helsen Craig\AppData\Roaming\Downloaded Installations

2012-06-04 13:18 . 2012-06-04 13:18 -------- d-----w- c:\users\Helsen Craig\AppData\Roaming\Softland

2012-05-29 10:47 . 2012-05-29 10:47 -------- d-----w- c:\program files\DLLSuite

2012-05-26 09:35 . 2012-05-26 09:35 -------- d-----w- c:\program files\Dropbox

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-13 05:50 . 2012-04-08 09:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-13 05:50 . 2011-05-18 06:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-03-30 12:39 . 2012-05-09 09:20 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39 . 2012-05-09 09:20 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-06-18 10:09 . 2011-04-30 11:52 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Helsen Craig\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Helsen Craig\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Helsen Craig\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"BitTorrent DNA"="c:\users\Helsen Craig\Program Files\DNA\btdna.exe" [2009-10-07 323392]

"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-14 4452352]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]

"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]

"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]

"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

.

c:\users\Helsen Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Helsen Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 257224]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 05:50]

.

2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:27]

.

2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:27]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 195.130.131.4 195.130.130.132

FF - ProfilePath - c:\users\Helsen Craig\AppData\Roaming\Mozilla\Firefox\Profiles\umcsnnbu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScriptFile

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-20 14:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2903741933-786871626-3413285085-1000\Software\SecuROM\License information*]

"datasecu"=hex:61,7c,3c,da,ed,04,56,95,e7,30,2f,c6,c4,53,5a,83,c3,0a,c9,84,53,

95,bb,27,9d,84,7a,2c,5b,77,87,4e,4a,88,fb,ee,4d,8e,f1,65,91,be,03,8d,df,19,\

"rkeysecu"=hex:de,80,47,dd,85,c1,24,a9,44,62,e5,b6,6a,47,72,a1

.

Voltooingstijd: 2012-06-20 14:23:03

ComboFix-quarantined-files.txt 2012-06-20 12:22

ComboFix2.txt 2012-05-29 10:32

ComboFix3.txt 2011-06-15 11:25

ComboFix4.txt 2010-04-01 11:42

.

Pre-Run: 377.251.168.256 bytes beschikbaar

Post-Run: 380.964.810.752 bytes beschikbaar

.

- - End Of File - - F7842401895BECE59DE7ACDCD2273CC8

[kweezie wabbit]

De instructies zijn blijkbaar correct uitgevoerd want het logje is clean.

Adobe reader werkt dus niet meer.

Cyberlink PowerDVD en Roxio werken waarschijnlijk ook niet meer en met office ga je ook problemen hebben evenals met je apple mobile device en met het beheerscentrum van je grafische kaart.

Al deze software was geinstalleerd in de map c:\program files\Program Files

Omdat deze dubbele map "program files" niet normaal is, heeft combofix die dus verwijderd met alle gevolgen vandien.

Je zal al deze sofware opnieuw moeten installeren als je ze weer wil gebruiken.

[kape]

Probeer nog eerst eens dit vóór je aan de herinstallatie van de software begint :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

DeQuarantine::

Quit::

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de c:\DeQuarantine.txt in je volgende bericht.

20 juni 2012 aangepast door kape