Ga naar inhoud

AVAST melding JS:Redirector-XO [tri]

pgmjans
 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Je hebt Combofix nog op je PC staan. Gaan we eens een poging wagen om dit tooltje te gebruiken voor het verwijderen van de bestanden (uiteraard met de externe aangekoppeld).

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\media\system\js\caption.js

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\media\system\js\core.js

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\media\system\js\mootools-core.js

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\media\system\js\mootools-more.js

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\jquery.cycle.all.2.74.

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\ppc.safejquery.end.js

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\ppc.safejquery.start.js

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\ppc.safejqueryplugin.end.js

E:\Website Joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\ppc.safejqueryplugin.start.js

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
  • Reacties 34
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

pgmjans Enthousiasteling

pgmjans

Geplaatst:
  • Auteur
Geplaatst:

Hoi Kape, ik hhet uitgevoerd.

zie onderstaande de logfile:

ComboFix 12-07-14.01 - applbeheer 15-07-2012 0:12.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1380 [GMT 2:00]

Gestart vanuit: c:\documents and settings\applbeheer\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\applbeheer\Bureaublad\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

FILE ::

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\media\system\js\caption.js"

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\media\system\js\core.js"

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\media\system\js\mootools-core.js"

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\media\system\js\mootools-more.js"

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\jquery.cycle.all.2.74."

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\ppc.safejquery.end.js"

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\ppc.safejquery.start.js"

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\ppc.safejqueryplugin.end.js"

"e:\website joomla 2.5\aan de watermolen\bck van hotelsin\modules\mod_ppc_simple_spotlight\js\ppc.safejqueryplugin.start.js"

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-14 to 2012-07-14 ))))))))))))))))))))))))))))))

.

.

2012-07-13 17:21 . 2012-07-14 22:06 -------- d--h--r- c:\documents and settings\applbeheer\Onlangs geopend

2012-07-13 10:24 . 2012-07-13 10:43 -------- d-----w- C:\downloads joomla

2012-07-09 16:48 . 2012-07-09 16:48 -------- d-----w- c:\documents and settings\applbeheer\Application Data\Malwarebytes

2012-07-09 16:48 . 2012-07-09 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-06 14:52 . 2012-07-06 14:52 -------- d-----w- c:\documents and settings\applbeheer\Application Data\DriverCure

2012-07-06 14:52 . 2012-07-06 14:52 -------- d-----w- c:\documents and settings\applbeheer\Application Data\SpeedyPC Software

2012-07-06 14:52 . 2012-07-09 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software

2012-07-06 08:49 . 2012-07-06 08:49 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-06 08:48 . 2012-07-06 08:48 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-07-06 08:48 . 2012-07-06 08:48 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-07-06 08:48 . 2012-07-06 08:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-07-06 08:48 . 2012-07-06 08:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-07-06 08:37 . 2012-07-06 08:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Fighters

2012-07-06 08:29 . 2012-07-06 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\clp

2012-07-06 08:29 . 2012-07-06 08:29 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Fighters

2012-07-06 08:28 . 2012-07-06 08:29 -------- d-----w- c:\documents and settings\applbeheer\Application Data\Fighters

2012-07-06 08:27 . 2012-07-06 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite

2012-07-06 08:27 . 2012-07-06 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2012-07-06 08:25 . 2012-07-06 09:06 -------- d-----w- c:\documents and settings\applbeheer\Application Data\Systweak

2012-07-06 08:09 . 2012-07-06 08:11 -------- d-----w- C:\hijackthis

2012-07-04 19:30 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2012-07-04 19:29 . 2012-07-04 19:29 -------- d-----w- c:\program files\Panda Security

2012-07-04 19:28 . 2012-07-04 19:28 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-07-04 19:24 . 2012-07-04 19:24 -------- d-----w- c:\documents and settings\applbeheer\Application Data\QuickScan

2012-07-03 21:03 . 2012-07-03 21:03 -------- d-----w- c:\program files\ESET

2012-06-28 15:15 . 2012-06-28 15:15 -------- d-----w- c:\documents and settings\applbeheer\Local Settings\Application Data\MetaGeek,_LLC

2012-06-28 15:11 . 2012-06-28 15:11 -------- d-----w- c:\program files\MetaGeek

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-14 06:10 . 2008-06-05 09:49 0 ----a-w- c:\documents and settings\applbeheer\Local Settings\Application Data\WavXMapDrive.bat

2012-07-13 07:14 . 2012-04-27 17:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 07:14 . 2012-01-18 06:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 16:21 . 2008-10-23 07:49 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2012-04-15 10:12 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-07-03 16:21 . 2012-01-18 14:49 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2008-10-23 07:49 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21 . 2008-10-23 07:49 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-03 16:21 . 2008-10-23 07:49 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-03 16:21 . 2008-10-23 07:49 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2008-10-23 07:49 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2008-10-23 07:49 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-03 16:21 . 2012-01-18 14:48 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2008-10-23 07:49 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-13 13:55 . 2004-09-13 13:52 1866240 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:49 . 2007-05-15 15:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2004-09-13 13:52 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-09-13 13:52 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2004-09-13 14:05 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2004-09-13 14:05 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2004-09-13 14:05 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2004-09-13 14:05 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2004-09-13 14:05 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2004-09-13 13:52 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2004-09-13 14:05 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2004-09-13 14:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2008-10-23 11:38 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2008-10-23 11:38 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2007-07-30 17:18 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2004-09-13 13:52 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2004-09-13 13:52 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:44 . 2004-09-13 13:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2004-09-13 13:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2004-09-13 13:52 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 03:15 . 2004-09-13 13:52 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2004-09-13 14:03 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-06 08:48 . 2012-01-18 20:53 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-04_19.06.18 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-10-23 07:10 . 2012-05-10 06:48 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2012-07-13 07:14 . 2012-07-13 07:14 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe

+ 2012-07-11 20:14 . 2012-07-11 20:14 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe

+ 2012-07-11 20:14 . 2012-07-11 20:14 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll

- 2012-04-27 17:46 . 2012-07-01 16:53 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-04-27 17:46 . 2012-07-13 07:14 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2004-09-13 13:58 . 2012-07-11 21:31 298048 c:\windows\system32\FNTCACHE.DAT

- 2004-09-13 13:58 . 2012-06-14 05:16 298048 c:\windows\system32\FNTCACHE.DAT

+ 2008-12-05 06:58 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll

+ 2010-11-09 14:52 . 2012-05-28 18:17 536576 c:\windows\system32\dllcache\msado15.dll

- 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll

- 2008-10-23 07:10 . 2012-05-10 06:48 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-10-23 07:10 . 2012-07-11 21:10 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-10-23 07:10 . 2012-05-10 06:48 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2012-06-26 14:09 . 2012-06-26 14:09 731688 c:\windows\Downloaded Program Files\qsax.dll

+ 2009-08-04 12:06 . 2009-08-04 12:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll

+ 2004-09-13 13:52 . 2012-06-08 14:25 8509952 c:\windows\system32\shell32.dll

+ 2012-07-13 07:14 . 2012-07-13 07:14 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll

+ 2008-10-23 06:50 . 2012-06-13 13:55 1866240 c:\windows\system32\dllcache\win32k.sys

+ 2008-06-17 19:03 . 2012-06-08 14:25 8509952 c:\windows\system32\dllcache\shell32.dll

+ 2008-10-23 06:03 . 2012-06-05 15:49 1372672 c:\windows\system32\dllcache\msxml6.dll

- 2008-10-23 06:03 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll

+ 2008-11-14 13:36 . 2012-06-05 15:49 1172480 c:\windows\system32\dllcache\msxml3.dll

- 2008-11-14 13:36 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2012-06-29 12:33 . 2012-06-29 12:33 6063616 c:\windows\Installer\56df06.msp

+ 2008-10-23 06:53 . 2012-07-11 21:11 57442464 c:\windows\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]

2012-01-11 14:29 241872 ----a-w- c:\program files\Softonic\softonic\1.5.11.5\bh\softonic.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]

.

[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]

[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[HKEY_CLASSES_ROOT\Softonic.dskBnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]

"PMX Daemon"="ICO.EXE" [2006-11-08 49152]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]

"TrayServer"="c:\program files\MAGIX\Film_op_DVD_8\TrayServer.exe" [2008-01-30 90112]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-18 50688]

Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-2-26 869376]

Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-1-18 1622016]

Sweex utility.lnk - c:\program files\Sweex\LW153\Utility\UI.exe [2012-1-18 1314816]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-1-18 118784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-09-19 18:25 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-07-20 16:55 1228800 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 09:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\applbeheer\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4-7-2012 21:30 28552]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [15-4-2012 12:12 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18-1-2012 16:49 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23-10-2008 9:49 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23-10-2008 9:49 21256]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [25-12-2009 13:29 38144]

R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [18-1-2012 17:43 19072]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [13-9-2004 15:52 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2-11-2006 14:32 97536]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [30-5-2012 13:56 3048136]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-2-2012 9:50 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27-4-2012 19:46 250056]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [9-8-2010 14:19 1527900]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18-3-2008 10:43 30192]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6-7-2012 10:49 129976]

S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [23-10-2008 8:43 18432]

S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [23-10-2008 8:43 14336]

S3 RTL8187B;Wireless Network USB Adapter 54g WL-169;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [9-8-2010 14:21 544768]

S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys --> c:\windows\system32\Drivers\VMUVC.sys [?]

S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 07:14]

.

2012-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-07-14 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 16:21]

.

2012-07-14 c:\windows\Tasks\User_Feed_Synchronization-{E3121B44-F8B2-4411-80AE-F1187474AF03}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {16BC6A51-9F62-49E3-9F96-C842EF2FFE3E} - file:///D:/WebPlayer.cab

FF - ProfilePath - c:\documents and settings\applbeheer\Application Data\Mozilla\Firefox\Profiles\t0aa9isq.default\

FF - prefs.js: browser.search.selectedEngine - midicair Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2795622&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805&tt=100512_1_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 78c6d48c00000000000000160a1814e7

FF - user.js: extensions.BabylonToolbar_i.hardId - 78c6d48c00000000000000160a1814e7

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15471

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:46

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-!{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-15 00:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'lsass.exe'(968)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(248)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-07-15 00:19:58

ComboFix-quarantined-files.txt 2012-07-14 22:19

ComboFix2.txt 2012-07-09 17:11

ComboFix3.txt 2012-07-04 19:11

.

Pre-Run: 48.476.004.352 bytes beschikbaar

Post-Run: 48.823.713.792 bytes beschikbaar

.

- - End Of File - - F7AFA0E32F717947E37C8B02853BFB62

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst: (aangepast)

En ... zijn de bestanden verwijderd van de externe ?

Verder komen er nu nieuwe dingen in je logje opduiken die je beter ook meteen oplost :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]

[-HKEY_CLASSES_ROOT\Softonic.dskBnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[-HKEY_CLASSES_ROOT\Softonic.dskBnd]

DDS::

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

Firefox::

FF - ProfilePath - c:\documents and settings\applbeheer\Application Data\Mozilla\Firefox\Profiles\t0aa9isq.default\

FF - prefs.js: browser.search.selectedEngine - midicair Customized Web Search

FF - prefs.js: keyword.URL -

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805&tt=100512_1_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 78c6d48c00000000000000160a1814e7

FF - user.js: extensions.BabylonToolbar_i.hardId - 78c6d48c00000000000000160a1814e7

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15471

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:46

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef – sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

aangepast door kape
typo
Link naar reactie
Delen op andere sites
pgmjans Enthousiasteling

pgmjans

Geplaatst:
  • Auteur
Geplaatst:

Hoi Kape, hier heb je de opnieuw de logfile.

ComboFix 12-07-16.01 - applbeheer 16-07-2012 19:54:31.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1258 [GMT 2:00]

Gestart vanuit: c:\documents and settings\applbeheer\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\applbeheer\Bureaublad\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Besmet exemplaar van c:\windows\system32\Services.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\erdnt\cache\services.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))

.

.

2012-07-13 17:21 . 2012-07-16 17:49 -------- d--h--r- c:\documents and settings\applbeheer\Onlangs geopend

2012-07-13 10:24 . 2012-07-13 10:43 -------- d-----w- C:\downloads joomla

2012-07-09 16:48 . 2012-07-09 16:48 -------- d-----w- c:\documents and settings\applbeheer\Application Data\Malwarebytes

2012-07-09 16:48 . 2012-07-09 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-06 14:52 . 2012-07-06 14:52 -------- d-----w- c:\documents and settings\applbeheer\Application Data\DriverCure

2012-07-06 14:52 . 2012-07-06 14:52 -------- d-----w- c:\documents and settings\applbeheer\Application Data\SpeedyPC Software

2012-07-06 14:52 . 2012-07-09 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software

2012-07-06 08:49 . 2012-07-06 08:49 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-06 08:48 . 2012-07-06 08:48 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-07-06 08:48 . 2012-07-06 08:48 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-07-06 08:48 . 2012-07-06 08:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-07-06 08:48 . 2012-07-06 08:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-07-06 08:37 . 2012-07-06 08:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Fighters

2012-07-06 08:29 . 2012-07-06 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\clp

2012-07-06 08:29 . 2012-07-06 08:29 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Fighters

2012-07-06 08:28 . 2012-07-06 08:29 -------- d-----w- c:\documents and settings\applbeheer\Application Data\Fighters

2012-07-06 08:27 . 2012-07-06 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite

2012-07-06 08:27 . 2012-07-06 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2012-07-06 08:25 . 2012-07-06 09:06 -------- d-----w- c:\documents and settings\applbeheer\Application Data\Systweak

2012-07-06 08:09 . 2012-07-06 08:11 -------- d-----w- C:\hijackthis

2012-07-04 19:30 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2012-07-04 19:29 . 2012-07-04 19:29 -------- d-----w- c:\program files\Panda Security

2012-07-04 19:28 . 2012-07-04 19:28 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-07-04 19:24 . 2012-07-04 19:24 -------- d-----w- c:\documents and settings\applbeheer\Application Data\QuickScan

2012-07-03 21:03 . 2012-07-03 21:03 -------- d-----w- c:\program files\ESET

2012-06-28 15:15 . 2012-06-28 15:15 -------- d-----w- c:\documents and settings\applbeheer\Local Settings\Application Data\MetaGeek,_LLC

2012-06-28 15:11 . 2012-06-28 15:11 -------- d-----w- c:\program files\MetaGeek

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-16 18:02 . 2008-06-05 09:49 0 ----a-w- c:\documents and settings\applbeheer\Local Settings\Application Data\WavXMapDrive.bat

2012-07-13 07:14 . 2012-04-27 17:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 07:14 . 2012-01-18 06:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 16:21 . 2008-10-23 07:49 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2012-04-15 10:12 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-07-03 16:21 . 2012-01-18 14:49 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2008-10-23 07:49 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21 . 2008-10-23 07:49 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-03 16:21 . 2008-10-23 07:49 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-03 16:21 . 2008-10-23 07:49 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2008-10-23 07:49 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2008-10-23 07:49 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-03 16:21 . 2012-01-18 14:48 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2008-10-23 07:49 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-13 13:55 . 2004-09-13 13:52 1866240 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:49 . 2007-05-15 15:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2004-09-13 13:52 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-09-13 13:52 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2004-09-13 14:05 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2004-09-13 14:05 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2004-09-13 14:05 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2004-09-13 14:05 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2004-09-13 14:05 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2004-09-13 13:52 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2004-09-13 14:05 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2004-09-13 14:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2008-10-23 11:38 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2008-10-23 11:38 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2007-07-30 17:18 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2004-09-13 13:52 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2004-09-13 13:52 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:44 . 2004-09-13 13:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2004-09-13 13:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2004-09-13 13:52 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 03:15 . 2004-09-13 13:52 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2004-09-13 14:03 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-06 08:48 . 2012-01-18 20:53 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]

"PMX Daemon"="ICO.EXE" [2006-11-08 49152]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]

"TrayServer"="c:\program files\MAGIX\Film_op_DVD_8\TrayServer.exe" [2008-01-30 90112]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-18 50688]

Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-2-26 869376]

Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-1-18 1622016]

Sweex utility.lnk - c:\program files\Sweex\LW153\Utility\UI.exe [2012-1-18 1314816]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-1-18 118784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-09-19 18:25 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-07-20 16:55 1228800 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 09:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\applbeheer\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4-7-2012 21:30 28552]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [15-4-2012 12:12 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18-1-2012 16:49 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23-10-2008 9:49 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23-10-2008 9:49 21256]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [25-12-2009 13:29 38144]

R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [18-1-2012 17:43 19072]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [30-5-2012 13:56 3048136]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [13-9-2004 15:52 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2-11-2006 14:32 97536]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-2-2012 9:50 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27-4-2012 19:46 250056]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [9-8-2010 14:19 1527900]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18-3-2008 10:43 30192]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6-7-2012 10:49 129976]

S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [23-10-2008 8:43 18432]

S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [23-10-2008 8:43 14336]

S3 RTL8187B;Wireless Network USB Adapter 54g WL-169;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [9-8-2010 14:21 544768]

S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys --> c:\windows\system32\Drivers\VMUVC.sys [?]

S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 07:14]

.

2012-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-07-16 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 16:21]

.

2012-07-16 c:\windows\Tasks\User_Feed_Synchronization-{E3121B44-F8B2-4411-80AE-F1187474AF03}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {16BC6A51-9F62-49E3-9F96-C842EF2FFE3E} - file:///D:/WebPlayer.cab

FF - ProfilePath - c:\documents and settings\applbeheer\Application Data\Mozilla\Firefox\Profiles\t0aa9isq.default\

FF - prefs.js: browser.search.selectedEngine - midicair Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2795622&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805&tt=100512_1_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 78c6d48c00000000000000160a1814e7

FF - user.js: extensions.BabylonToolbar_i.hardId - 78c6d48c00000000000000160a1814e7

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15471

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:46

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-16 20:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(972)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(2804)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\Ralink\Common\RaRegistry.exe

c:\windows\system32\StacSV.exe

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\ICO.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-16 20:07:35 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-16 18:07

ComboFix2.txt 2012-07-14 22:19

ComboFix3.txt 2012-07-09 17:11

ComboFix4.txt 2012-07-04 19:11

.

Pre-Run: 48.620.777.472 bytes beschikbaar

Post-Run: 48.786.526.208 bytes beschikbaar

.

- - End Of File - - 86890056A5043A399A2E1C82F1E3D0AB

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Een deel is goed gegaan, een ander deel niet. Dit mag je nog eens herdoen ...

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

DDS::

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

Firefox::

FF - ProfilePath - c:\documents and settings\applbeheer\Application Data\Mozilla\Firefox\Profiles\t0aa9isq.default\

FF - prefs.js: browser.search.selectedEngine - midicair Customized Web Search

FF - prefs.js: keyword.URL -

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111805&tt=100512_1_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 78c6d48c00000000000000160a1814e7

FF - user.js: extensions.BabylonToolbar_i.hardId - 78c6d48c00000000000000160a1814e7

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15471

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:46

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef – sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.