Ga naar inhoud

win32/sirefef.EZ.trojan

grijzegets
 Delen

Aanbevolen berichten

grijzegets Nieuweling

grijzegets

Geplaatst:
Geplaatst:

hallo, na een aantal online scanners krijg ik deze er niet af,win32/sirefef.EZ.trojan

ik heb combofix opgestart en krijg deze log:

ComboFix 12-06-16.02 - Wim 17/06/2012 23:07:35.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2046.1294 [GMT 2:00]

Gestart vanuit: c:\downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe

c:\documents and settings\Wim\Application Data\Hyny

c:\documents and settings\Wim\Application Data\Hyny\azko.eso

c:\documents and settings\Wim\Application Data\PriceGong

c:\documents and settings\Wim\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\2229.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\4488.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\4489.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\459.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\6174.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Wim\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Wim\Application Data\PriceGong\Data\z.txt

c:\documents and settings\Wim\WINDOWS

c:\windows\IsUn0413.exe

c:\windows\system\Comdlg32.dll

c:\windows\unin0413.exe

K:\autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-17 to 2012-06-17 ))))))))))))))))))))))))))))))

.

.

2012-06-17 19:13 . 2012-06-17 19:13 -------- d-----w- c:\program files\ESET

2012-06-17 12:54 . 2012-06-17 12:54 35904 ----a-w- c:\windows\system32\drivers\obsywtlh.sys

2012-06-17 09:10 . 2012-06-17 10:19 -------- d-----w- C:\mijn documenten

2012-06-17 08:26 . 2012-06-17 08:29 -------- d-----w- C:\temp

2012-06-17 08:01 . 2012-06-17 20:33 -------- d--h--r- c:\documents and settings\Wim\Onlangs geopend

2012-06-17 08:00 . 2012-06-17 20:51 -------- d-----w- C:\Downloads

2012-06-16 21:28 . 2012-06-17 07:54 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-16 21:28 . 2012-06-14 22:17 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll

2012-06-15 15:13 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-16 17:39 . 2012-03-31 19:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-16 17:39 . 2011-05-22 17:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2008-04-15 10:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2008-04-15 10:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:55 . 2008-04-15 10:00 1863296 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:44 . 2008-04-15 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2008-04-15 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2008-04-15 10:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 03:15 . 2008-04-15 10:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2008-04-14 22:11 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2011-03-31 14:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-20 08:21 . 2012-04-20 08:21 786416 ----a-w- c:\program files\install_reader10_nl_gtba_aih.exe

2012-04-20 08:17 . 2012-04-20 08:17 211537920 ----a-w- C:\LibO_3.5.2_Win_x86_install_multi.msi

2012-06-14 22:19 . 2012-06-17 07:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-01-25 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-15 110592]

RaConfig2500.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2011-3-31 528384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]

2012-02-02 01:44 3329824 ----a-w- c:\documents and settings\Wim\Local Settings\Application Data\Akamai\netsession_win.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]

2004-07-20 16:18 90112 ----a-w- c:\windows\Dit.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Documents and Settings\\Wim\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server

"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server

"4100:UDP"= 4100:UDP:uPNP Router Control Port

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/04/2011 12:17 685816]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [1/03/2012 22:13 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [31/03/2011 20:18 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31/03/2011 20:18 337880]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 12:00 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2011 20:18 20696]

R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [8/04/2011 21:30 8864]

R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [8/04/2011 21:30 8864]

R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [8/04/2011 21:30 8864]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/02/2005 15:02 666368]

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12/05/2005 14:39 1287296]

R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [31/03/2011 19:50 44368]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/04/2011 10:59 47360]

R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [31/03/2011 19:45 19928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2012 17:46 136176]

S2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [8/04/2011 21:30 8012]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 21:00 257224]

S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [31/03/2011 18:42 17408]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2012 17:46 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [16/06/2012 23:28 113120]

S3 obsywtlh;Vba32 Armour Driver;c:\windows\system32\drivers\obsywtlh.sys [17/06/2012 14:54 35904]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Akamai REG_MULTI_SZ Akamai

HPService REG_MULTI_SZ HPSLPSVC

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:39]

.

2011-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2011-12-24 c:\windows\Tasks\debutDowngrade.job

- c:\program files\NCH Software\Debut\debut.exe [2011-10-19 17:57]

.

2011-12-10 c:\windows\Tasks\debutShakeIcon.job

- c:\program files\NCH Software\Debut\debut.exe [2011-10-19 17:57]

.

2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:45]

.

2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:45]

.

2012-05-27 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2011-10-19 17:57]

.

2011-10-30 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2011-10-19 17:57]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\Wim\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.130.4 195.130.131.4

FF - ProfilePath - c:\documents and settings\Wim\Application Data\Mozilla\Firefox\Profiles\4f17pz89.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Cmaudio - cmicnfg.cpl

HKLM-Explorer_Run-5975 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.exe

Notify-avldr - avldr.dll

AddRemove-8461-7759-5462-8226 - f:\wim docs\uninstall.exe

AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0413.EXE

AddRemove-KeyStat - c:\windows\unin0413.exe

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

AddRemove-{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe

AddRemove-{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-17 23:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,fe,ff,41,43,28,34,49,b8,42,40,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,fe,ff,41,43,28,34,49,b8,42,40,\

.

[HKEY_USERS\S-1-5-21-299502267-1454471165-1606980848-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:9d,8f,e1,b2,e0,84,28,d8,88,95,5f,4b,38,40,7e,24,d4,5e,44,6c,1a,c1,91,

8d,69,2d,20,8d,02,89,eb,5b,d5,74,3e,11,63,a5,f5,c6,2d,28,ea,42,fd,d1,67,aa,\

"??"=hex:64,ab,d2,5b,f6,f0,54,20,02,fe,d0,fc,c3,f7,6f,bd

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(464)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2012-06-17 23:17:20

ComboFix-quarantined-files.txt 2012-06-17 21:17

.

Pre-Run: 4.951.744.512 bytes beschikbaar

Post-Run: 38.688.768.000 bytes beschikbaar

.

- - End Of File - - 7D59E3AB542C9142E04829034636CFE1

ik weet niet wat ik verder dien te doen , wie wil er mij met dit helpen alvast hartelijk dank

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download HijackThis

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Open daarna een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.