Ga naar inhoud

vele tips van dit forum geprobeerd, maar krijg Trojan PSW.Agent.ARMW niet verwijderd


Aanbevolen berichten

Geplaatst:

Beste Mede-gebruikers van dit forum,

Ik kreeg een melding van AVG dat er een Trojan op mijn computer zit. Te weten: c:\Documents and Settings\r\Local Settings\Temp\scoped_dir_4072_19479\CRX_INSTALL\plugin.dll

Ik heb deze via AVG geprobeerd te verwijderen, maar dan geeft hij even later aan: Object van bedreiging ontbreekt.

Ik heb toen op dit forum gekeken. Ik heb HiJack this geïnstalleerd en laten lopen en Malwarebytes anti-malware de computer laten scannen. Die vond in eerste instantie 2 bedreigingen waaronder een ding met in de naam trojaan o.i.d. Deze heb ik beiden verwijderd en hierna de computer opnieuw opgestart.

Toen nog een keer Mbam laten lopen deze vond niks meer, maar in de tussentijd kreeg ik wederom de melding van AVG dat er een bedreiging gedetecteerd was, zie boven.

Ik heb het geïnfecteerde bestand gezocht op mijn computer, maar kan het nergens vinden.

Hieronder de logfile van HiJack:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:18:08, on 9-8-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Eazel search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [igfxTray] "C:\WINDOWS\system32\igfxtray.exe"

O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"

O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"

O4 - HKLM\..\Run: [iDTSysTrayApp] "sttray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--

End of file - 10086 bytes

Ik hoop dat iemand me hier mee kan helpen.

Alvast vriendelijk bedankt :-)

  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Eazel search

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Geplaatst: (aangepast)

Allereerst vriendelijk bedankt voor uw reactie.

Ik had na het posten van mijn vorige bericht de computer in veilige modus opgestart en hem door AVG op virussen laten scannen.

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Vergrendeld bestand. Niet gecontroleerd.

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Vergrendeld bestand. Niet gecontroleerd.

C:\Documents and Settings\NetworkService\NTUSER.DAT Vergrendeld bestand. Niet gecontroleerd.

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Vergrendeld bestand. Niet gecontroleerd.

C:\Documents and Settings\r\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Vergrendeld bestand. Niet gecontroleerd.

C:\Documents and Settings\r\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Vergrendeld bestand. Niet gecontroleerd.

C:\Documents and Settings\r\NTUSER.DAT Vergrendeld bestand. Niet gecontroleerd.

C:\Documents and Settings\r\ntuser.dat.LOG Vergrendeld bestand. Niet gecontroleerd.

C:\pagefile.sys Vergrendeld bestand. Niet gecontroleerd.

C:\System Volume Information\ Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\default Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\default.LOG Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\SAM Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\SAM.LOG Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\SECURITY Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\SECURITY.LOG Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\software Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\software.LOG Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\system Vergrendeld bestand. Niet gecontroleerd.

C:\WINDOWS\system32\config\system.LOG Vergrendeld bestand. Niet gecontroleerd.

Gescande objecten: 571293

Gevonden infecties: 0

Gevonden PUP's: 0

Herstelde infecties: 0

Herstelde PUP's: 0

Waarschuwingen: 0

Hier kwam dus niks uit. Ik heb hierna de computer in de gewone modus opnieuw opgestart.

Na het heropstarten van de computer dacht ik, ik kijk even of ik al een reactie op dit forum ontvangen heb.

Direct kreeg ik weer terug de melding van AVG dat de eerder genoemde trojan gedetecteerd was.

Iedere keer als ik internet opstartte kreeg ik dezelfde melding.

Ik liet hierop AVG opnieuw lopen en hieruit kwam al direct naar boven dat er tientallen geïnfecteerde bestanden zouden zijn. Waar dit eerder nog niet het geval was.

PSW.Agent.ARMW PSW.Agent.AUET PSW.Agent.ASJX

Ik zag in de tussentijd dat u gereageerd had op mijn bericht en heb de door u voorgestelde handelingen uitgevoerd.

Toen Combofix de computer opnieuw opstartte na het scannen en het logbericht aanmaakte, gaf AVG ineens aan dat Combofix een gevaarlijk bestand o.i.d. zou zijn.

Hierna heb ik wegens omstandigheden de computer uit moeten schakelen.

Hieronder het logbestand van Combofix

ComboFix 12-08-09.01 - r 10-08-2012 3:24.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.232 [GMT 2:00]

Gestart vanuit: c:\documents and settings\r\Mijn documenten\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\r\Application Data\PriceGong

c:\documents and settings\r\Application Data\PriceGong\Data\1.xml

c:\documents and settings\r\Application Data\PriceGong\Data\a.xml

c:\documents and settings\r\Application Data\PriceGong\Data\b.xml

c:\documents and settings\r\Application Data\PriceGong\Data\c.xml

c:\documents and settings\r\Application Data\PriceGong\Data\d.xml

c:\documents and settings\r\Application Data\PriceGong\Data\e.xml

c:\documents and settings\r\Application Data\PriceGong\Data\f.xml

c:\documents and settings\r\Application Data\PriceGong\Data\g.xml

c:\documents and settings\r\Application Data\PriceGong\Data\h.xml

c:\documents and settings\r\Application Data\PriceGong\Data\i.xml

c:\documents and settings\r\Application Data\PriceGong\Data\J.xml

c:\documents and settings\r\Application Data\PriceGong\Data\k.xml

c:\documents and settings\r\Application Data\PriceGong\Data\l.xml

c:\documents and settings\r\Application Data\PriceGong\Data\m.xml

c:\documents and settings\r\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\r\Application Data\PriceGong\Data\n.xml

c:\documents and settings\r\Application Data\PriceGong\Data\o.xml

c:\documents and settings\r\Application Data\PriceGong\Data\p.xml

c:\documents and settings\r\Application Data\PriceGong\Data\q.xml

c:\documents and settings\r\Application Data\PriceGong\Data\r.xml

c:\documents and settings\r\Application Data\PriceGong\Data\s.xml

c:\documents and settings\r\Application Data\PriceGong\Data\t.xml

c:\documents and settings\r\Application Data\PriceGong\Data\u.xml

c:\documents and settings\r\Application Data\PriceGong\Data\v.xml

c:\documents and settings\r\Application Data\PriceGong\Data\w.xml

c:\documents and settings\r\Application Data\PriceGong\Data\x.xml

c:\documents and settings\r\Application Data\PriceGong\Data\y.xml

c:\documents and settings\r\Application Data\PriceGong\Data\z.xml

c:\documents and settings\r\Mijn documenten\~WRL0001.tmp

c:\documents and settings\r\Mijn documenten\~WRL2888.tmp

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\43075f0e3774d9c2.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\81f9809c4471e362.fb

c:\windows\system32\Cache\8ed86d524d5242d9.fb

c:\windows\system32\Cache\a44262574d16cea8.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\a8ecf1647b929997.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\b0e6463389da6335.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\XSxS

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

-------\Service_xpsec

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))

.

.

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\documents and settings\r\Application Data\Malwarebytes

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-09 11:42 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-09 11:23 . 2012-08-09 11:23 388096 ----a-r- c:\documents and settings\r\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-09 11:23 . 2012-08-09 11:23 -------- d-----w- c:\program files\Trend Micro

2012-07-25 00:40 . 2012-07-25 00:40 1409 ----a-w- c:\windows\QTFont.for

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 22:07 . 2012-05-25 11:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-03 22:07 . 2011-05-23 19:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-13 13:55 . 2004-08-04 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:49 . 2009-08-19 15:07 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2011-03-11 15:43 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2011-03-11 15:43 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2011-03-11 15:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2011-03-11 15:43 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2011-03-11 15:43 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2011-03-11 15:43 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2011-03-11 15:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2011-03-23 16:02 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2011-03-23 16:02 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2011-03-23 16:02 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-01 00:46 . 2011-11-28 22:33 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-01 00:46 . 2011-11-28 22:33 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-31 13:22 . 2004-08-04 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-06 00:54 . 2011-03-23 16:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . 6504ECEF897CE0913771A11623C80EB9 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-10 02:48 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]

"IDTSysTrayApp"="sttray.exe" [2007-09-05 405504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-01 296056]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\r\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 4:48 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8-12-2010 5:12 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12-11-2010 14:19 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9-8-2012 13:42 655944]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [10-7-2012 4:48 935008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9-8-2012 13:42 22344]

S0 dktfhhn;dktfhhn;c:\windows\system32\drivers\ejnkcqx.sys --> c:\windows\system32\drivers\ejnkcqx.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-3-2011 18:45 136176]

S3 65nu.sys;65nu.sys;\??\c:\windows\system32\drivers\65nu.sys --> c:\windows\system32\drivers\65nu.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25-5-2012 13:45 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6-5-2011 20:05 947528]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [16-5-2011 10:32 191752]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-3-2011 18:45 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11-6-2012 22:06 113120]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - xcpip

*Deregistered* - xpsec

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 22:07]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-23 16:45]

.

2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-23 16:45]

.

2012-08-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-879983540-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

2012-08-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-879983540-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

.

------- Bijkomende Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

uInternet Settings,ProxyServer = proxy:8080

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\r\Application Data\Mozilla\Firefox\Profiles\dfl1gyhs.default\

FF - prefs.js: browser.startup.homepage - hxxp://nl.woofi.info

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B60c553fb-4e73-431d-b13c-25e1feb1d26d%7D&mid=21ec44484b7847d6af6bd15c83ac0c9a-e16ba275eab26e93613fe7cf900afe5df390590e&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-06-07%2000%3A35%3A28&sap=ku&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-10 03:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(700)

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-10 03:49:08 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-10 01:48

.

Pre-Run: 16.373.071.872 bytes beschikbaar

Post-Run: 17.540.038.656 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - BAED8BAA24FAD9656EB3504736134862

Nu geeft hij niet iedere keer als ik internet opstart aan dat er een bedreiging is, maar ik heb AVG wederom de computer laten scannen en hij vond daarbij iets van 55 bedreigingen.

In de lijst van bedreigingen staat een aantal keer dat er een Trojan in (een) AVG (bestand) zou zitten. Daar AVG nu aangeeft dat er een Trojan in AVG zelf zit, is het verstandig AVG te verwijderen in zijn geheel? Zo ja, kan ik dan AVG terug installeren of raadt u een andere antivirus aan?

Hieronder de gegevens omtrent de door AVG gevonden geïnfecteerde bestanden:

"";"C:\WINDOWS\system32\wuauclt.exe (2688)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\WINDOWS\system32\winlogon.exe (856)";"Trojaans paard PSW.Agent.AUET";"Verwijderd"

"";"C:\WINDOWS\system32\svchost.exe (2052)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\WINDOWS\system32\svchost.exe (1300)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\WINDOWS\system32\svchost.exe (1092)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\WINDOWS\system32\services.exe (904)";"Trojaans paard PSW.Agent.ARMW";"Verwijderd"

"";"C:\WINDOWS\system32\hkcmd.exe (1668)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\WINDOWS\explorer.exe (500)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Real\RealPlayer\Update\realsched.exe (288)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1120)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (6132)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (6104)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (4436)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (3988)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (3756)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (3668)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (3472)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (2952)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Common Files\Java\Java Update\jusched.exe (232)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe (2080)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3828)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\AVG\AVG2012\avgui.exe (5272)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\AVG\AVG2012\avgidsagent.exe (2744)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\Program Files\AVG Secure Search\vprot.exe (196)";"Trojaans paard PSW.Agent.ASJX";"Verwijderd"

"";"C:\WINDOWS\system32\wuauclt.exe (2688):\memory_02930000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\WINDOWS\system32\winlogon.exe (856):\memory_01c70000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd"

"";"C:\WINDOWS\system32\svchost.exe (2052):\memory_00c10000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd"

"";"C:\WINDOWS\system32\svchost.exe (2052):\memory_00b80000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\WINDOWS\system32\svchost.exe (1300):\memory_016e0000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd"

"";"C:\WINDOWS\system32\svchost.exe (1300):\memory_00dc0000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\WINDOWS\system32\svchost.exe (1092):\memory_00b40000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd"

"";"C:\WINDOWS\system32\svchost.exe (1092):\memory_00ab0000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\WINDOWS\system32\services.exe (904):\memory_00d30000";"Trojaans paard PSW.Agent.ARMW";"Geïnfecteerd"

"";"C:\WINDOWS\system32\hkcmd.exe (1668):\memory_00d50000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\WINDOWS\explorer.exe (500):\memory_01d60000";"Trojaans paard PSW.Agent.AUET";"Geïnfecteerd"

"";"C:\WINDOWS\explorer.exe (500):\memory_01d10000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Real\RealPlayer\Update\realsched.exe (288):\memory_013d0000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1120):\memory_00c70000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (6132):\memory_01560000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (6104):\memory_01210000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (4436):\memory_01ad0000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (3988):\memory_017d0000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (3756):\memory_01930000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (3668):\memory_01650000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (3472):\memory_01190000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Google\Chrome\Application\chrome.exe (2952):\memory_00c50000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Common Files\Java\Java Update\jusched.exe (232):\memory_00b90000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe (2080):\memory_00940000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3828):\memory_033c0000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\AVG\AVG2012\avgui.exe (5272):\memory_018c0000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\AVG\AVG2012\avgidsagent.exe (2744):\memory_01a70000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"C:\Program Files\AVG Secure Search\vprot.exe (196):\memory_01ae0000";"Trojaans paard PSW.Agent.ASJX";"Geïnfecteerd"

"";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Registersleutel gevonden met verwijzing naar geïnfecteerd bestand C:\WINDOWS\system32\DRIVERS\atapi.sys";"Verplaatst naar de quarantaine"

"";"C:\WINDOWS\system32\DRIVERS\atapi.sys";"Beschadigd uitvoerend bestand";"Object staat op de witte lijst (systeemkritisch bestand/systeembestand dat niet verwijderd moet worden)"

"";"C:\WINDOWS\system32\drivers\atapi.sys";"Beschadigd uitvoerend bestand";"Object staat op de witte lijst (systeemkritisch bestand/systeembestand dat niet verwijderd moet worden)"

Ik hoop dat u of iemand anders me hier verder mee kan helpen.

Bij voorbaat dank.

Prettig weekend iedereen

aangepast door LBBM
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\ejnkcqx.sys

c:\windows\system32\drivers\65nu.sys

Driver::

dktfhhn

65nu.sys

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    4f8d1a3bd3fbd-EmsisoftEK11.jpg
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    4f8d1a4d61ffa-EmsisoftEK2.jpg
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Geplaatst:

Dank u wel voor uw reactie.

Ik was bezig te doen wat u hierboven beschreven heeft.

Ik had het CFScript aangemaakt en in Combofix gesleept en even later viel mijn computer ineens uit, startte zichzelf opnieuw op en gaf aan dat hij windows niet goed op had kunnen starten. Of ik windows in veilige modus op wilde starten of gewoon. (Het betreffende scherm zal u wel bekend zijn) Het maakt niet uit of ik probeer hem gewoon of in veilige modus op te starten, hij komt niet verder dan het zwarte windows scherm. Hierna sluit hij zichzelf weer af, start zichzelf weer op en vraagt weer of ik hem in veilige modus of normaal op wil starten.

Hoe nu verder?

Geplaatst:

Kan je de PC manueel in "veilige modus" laten opstarten d.w.z. tokkelen op F8-toets bij opstarten en zo in de "veilige modus" terechtkomen ?

Geplaatst:

Excuses voor de late reactie, een zware buikgriep heeft zijn ronde hier gedaan door huis.

Ik heb de computer zover dat hij opstart, hij is echter ongelofelijk traag.

Ik krijg enkel de melding van de trojan als ik google chrome open, bij andere browsers blijft de melding van AVG achterwege. Ik heb google chrome verwijderd en opnieuw geïnstalleerd. Dit heeft echter geen verandering of verbetering gebracht.

Ik heb nogmaals de bewuste actie met CFScript uitgevoerd.

Dit is de daaropvolgende log van combofix:

ComboFix 12-08-18.03 - r 19-08-2012 1:08.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.614 [GMT 2:00]

Gestart vanuit: c:\documents and settings\r\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\r\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\windows\system32\drivers\65nu.sys"

"c:\windows\system32\drivers\ejnkcqx.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_65NU.SYS

-------\Service_xcpip

-------\Service_xpsec

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-18 to 2012-08-18 ))))))))))))))))))))))))))))))

.

.

2012-08-18 22:40 . 2012-08-18 22:40 8281168 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

2012-08-12 15:47 . 2012-08-18 22:46 -------- d--h--r- c:\documents and settings\r\Onlangs geopend

2012-08-10 21:29 . 2012-07-06 00:54 829920 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll

2012-08-10 21:28 . 2012-08-10 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM

2012-08-10 21:28 . 2012-08-10 21:29 -------- d-----w- c:\program files\SweetIM

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\documents and settings\r\Application Data\Malwarebytes

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-09 11:42 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-09 11:23 . 2012-08-09 11:23 388096 ----a-r- c:\documents and settings\r\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-09 11:23 . 2012-08-09 11:23 -------- d-----w- c:\program files\Trend Micro

2012-07-25 00:40 . 2012-07-25 00:40 1409 ----a-w- c:\windows\QTFont.for

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 00:08 . 2012-05-25 11:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-16 00:08 . 2011-05-23 19:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2011-03-11 15:41 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:23 . 2004-08-04 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:38 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:38 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:38 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:49 . 2009-08-19 15:07 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2011-03-11 15:43 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2011-03-11 15:43 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2011-03-11 15:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2011-03-11 15:43 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2011-03-11 15:43 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2011-03-11 15:43 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2011-03-11 15:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2011-03-23 16:02 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2011-03-23 16:02 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2011-03-23 16:02 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-01 00:46 . 2011-11-28 22:33 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-01 00:46 . 2011-11-28 22:33 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-31 13:22 . 2004-08-04 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-07-06 00:54 . 2011-03-23 16:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-08-10_01.42.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\mshtmled.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 67072 c:\windows\system32\mshtmled.dll

- 2007-08-13 16:54 . 2012-05-11 14:44 55296 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 16:54 . 2012-07-02 17:38 55296 c:\windows\system32\msfeedsbs.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\jsproxy.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 25600 c:\windows\system32\jsproxy.dll

+ 2011-03-24 19:36 . 2012-07-02 17:38 12800 c:\windows\system32\dllcache\xpshims.dll

- 2011-03-24 19:36 . 2012-05-11 14:44 12800 c:\windows\system32\dllcache\xpshims.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 67072 c:\windows\system32\dllcache\mshtmled.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 67072 c:\windows\system32\dllcache\mshtmled.dll

- 2011-03-29 17:09 . 2012-05-11 14:44 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2011-03-29 17:09 . 2012-07-02 17:38 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2012-07-06 13:58 . 2012-07-06 13:58 78336 c:\windows\system32\dllcache\browser.dll

+ 2011-03-14 09:39 . 2012-08-17 19:30 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-08-10 21:28 . 2012-08-10 21:28 10134 c:\windows\Installer\{774C0434-9948-4DEE-A14E-69CDD316E36C}\ARPPRODUCTICON.exe

+ 2012-08-10 21:28 . 2012-08-10 21:28 10134 c:\windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}\ARPPRODUCTICON.exe

+ 2012-08-16 01:04 . 2012-05-11 14:44 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 67072 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 105984 c:\windows\system32\url.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 105984 c:\windows\system32\url.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 206848 c:\windows\system32\occache.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\occache.dll

+ 2004-08-04 12:00 . 2012-07-06 13:58 337920 c:\windows\system32\netapi32.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 611840 c:\windows\system32\mstime.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\mstime.dll

- 2007-08-13 16:54 . 2012-05-11 14:44 629760 c:\windows\system32\msfeeds.dll

+ 2007-08-13 16:54 . 2012-07-02 17:38 629760 c:\windows\system32\msfeeds.dll

+ 2012-08-16 00:08 . 2012-08-16 00:08 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe

+ 2012-08-15 23:07 . 2012-08-15 23:07 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe

+ 2012-08-15 23:07 . 2012-08-15 23:07 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll

- 2012-05-25 11:45 . 2012-08-03 22:07 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-05-25 11:45 . 2012-08-16 00:08 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

- 2004-08-04 12:00 . 2009-05-07 15:34 347136 c:\windows\system32\localspl.dll

+ 2004-08-04 12:00 . 2012-05-14 09:23 347136 c:\windows\system32\localspl.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\iepeers.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe

- 2004-08-04 12:00 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe

- 2011-03-11 16:32 . 2012-07-11 19:17 274168 c:\windows\system32\FNTCACHE.DAT

+ 2011-03-11 16:32 . 2012-08-18 22:07 274168 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 12:00 . 2012-07-02 17:38 916992 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 12:00 . 2012-05-16 15:09 916992 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 105984 c:\windows\system32\dllcache\url.dll

+ 2011-08-11 10:36 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys

- 2004-08-04 12:00 . 2012-05-11 14:44 206848 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 206848 c:\windows\system32\dllcache\occache.dll

+ 2011-03-12 02:23 . 2012-07-06 13:58 337920 c:\windows\system32\dllcache\netapi32.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 611840 c:\windows\system32\dllcache\mstime.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 611840 c:\windows\system32\dllcache\mstime.dll

+ 2011-03-29 17:09 . 2012-07-02 17:38 629760 c:\windows\system32\dllcache\msfeeds.dll

- 2011-03-29 17:09 . 2012-05-11 14:44 629760 c:\windows\system32\dllcache\msfeeds.dll

- 2009-05-07 15:34 . 2009-05-07 15:34 347136 c:\windows\system32\dllcache\localspl.dll

+ 2009-05-07 15:34 . 2012-05-14 09:23 347136 c:\windows\system32\dllcache\localspl.dll

+ 2012-06-14 00:24 . 2012-07-02 17:38 521728 c:\windows\system32\dllcache\jsdbgui.dll

- 2012-06-14 00:24 . 2012-05-11 14:44 521728 c:\windows\system32\dllcache\jsdbgui.dll

- 2011-03-24 19:36 . 2012-05-11 14:44 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2011-03-24 19:36 . 2012-07-02 17:38 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 184320 c:\windows\system32\dllcache\iepeers.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 184320 c:\windows\system32\dllcache\iepeers.dll

- 2011-03-24 19:36 . 2012-05-11 14:44 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2011-03-24 19:36 . 2012-07-02 17:38 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-04 12:00 . 2012-05-11 14:44 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-04 12:00 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe

+ 2004-08-04 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe

+ 2012-07-18 13:46 . 2012-07-18 13:46 593408 c:\windows\Installer\84b7e.msp

- 2011-03-14 09:39 . 2012-07-11 17:28 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2011-06-23 08:54 . 2011-06-23 08:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\MSCONV97.DLL

+ 2012-08-16 01:04 . 2012-05-16 15:09 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll

+ 2012-08-16 01:04 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll

+ 2012-08-16 01:04 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe

+ 2012-08-16 01:04 . 2012-05-11 14:44 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 629760 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 521728 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll

+ 2012-08-16 01:04 . 2012-05-11 11:38 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe

- 2004-08-04 12:00 . 2012-05-11 14:44 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 6008320 c:\windows\system32\mshtml.dll

+ 2012-08-16 00:08 . 2012-08-16 00:08 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

- 2007-08-13 16:34 . 2012-05-11 14:44 2000384 c:\windows\system32\iertutil.dll

+ 2007-08-13 16:34 . 2012-07-02 17:38 2000384 c:\windows\system32\iertutil.dll

- 2010-05-02 08:10 . 2012-06-13 13:55 1866240 c:\windows\system32\dllcache\win32k.sys

+ 2010-05-02 08:10 . 2012-07-03 18:23 1866240 c:\windows\system32\dllcache\win32k.sys

- 2004-08-04 12:00 . 2012-05-11 14:44 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 12:00 . 2012-07-02 17:38 6008320 c:\windows\system32\dllcache\mshtml.dll

- 2011-03-29 17:09 . 2012-05-11 14:44 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2011-03-29 17:09 . 2012-07-02 17:38 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2012-08-16 14:18 . 2012-08-16 14:18 1067008 c:\windows\Installer\84b6b.msi

+ 2011-10-21 13:28 . 2011-10-21 13:28 4771840 c:\windows\Installer\781414.msi

+ 2012-07-18 13:53 . 2012-07-18 13:53 5009920 c:\windows\Installer\7813f0.msp

+ 2012-06-26 16:03 . 2012-06-26 16:03 3875840 c:\windows\Installer\35830b.msp

+ 2012-08-10 21:29 . 2012-08-10 21:29 1417728 c:\windows\Installer\17d0d30.msi

+ 2012-08-10 21:28 . 2012-08-10 21:28 1859072 c:\windows\Installer\17d0d2b.msi

+ 2012-08-10 21:28 . 2012-08-10 21:28 2046464 c:\windows\Installer\17d0d26.msi

+ 2011-03-14 09:39 . 2012-08-17 19:30 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2011-03-14 09:39 . 2012-08-17 19:30 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

- 2011-03-14 09:39 . 2012-07-11 17:28 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-08-16 01:04 . 2012-05-11 14:44 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 6007808 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll

+ 2012-08-16 01:04 . 2012-05-11 14:44 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll

+ 2011-03-12 08:28 . 2012-08-17 19:15 59884088 c:\windows\system32\MRT.exe

+ 2007-08-13 16:54 . 2012-07-02 21:08 11111424 c:\windows\system32\ieframe.dll

- 2007-08-13 16:54 . 2012-05-11 18:14 11111424 c:\windows\system32\ieframe.dll

- 2011-03-29 17:09 . 2012-05-11 18:14 11111424 c:\windows\system32\dllcache\ieframe.dll

+ 2011-03-29 17:09 . 2012-07-02 21:08 11111424 c:\windows\system32\dllcache\ieframe.dll

+ 2012-07-25 14:59 . 2012-07-25 14:59 11032064 c:\windows\Installer\bf3a8.msp

+ 2012-07-18 13:53 . 2012-07-18 13:53 10937344 c:\windows\Installer\781404.msp

+ 2011-08-03 18:53 . 2011-08-03 18:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\MSO.DLL

+ 2012-08-16 01:04 . 2012-05-11 18:14 11111424 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-06-04 130904]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-10 02:48 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2012-06-04 14:12 1310040 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]

"IDTSysTrayApp"="sttray.exe" [2007-09-05 405504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-01 296056]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]

"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\r\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 4:48 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8-12-2010 5:12 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12-11-2010 14:19 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9-8-2012 13:42 655944]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [10-7-2012 4:48 935008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9-8-2012 13:42 22344]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25-5-2012 13:45 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6-5-2011 20:05 947528]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11-6-2012 22:06 113120]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - xcpip

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 00:08]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-879983540-682003330-1003Core.job

- c:\documents and settings\r\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-13 13:10]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-879983540-682003330-1003UA.job

- c:\documents and settings\r\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-13 13:10]

.

2012-08-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-879983540-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

2012-08-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-879983540-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

.

------- Bijkomende Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

uInternet Settings,ProxyServer = proxy:8080

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\r\Application Data\Mozilla\Firefox\Profiles\dfl1gyhs.default\

FF - prefs.js: browser.startup.homepage - hxxp://nl.woofi.info

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B60c553fb-4e73-431d-b13c-25e1feb1d26d%7D&mid=21ec44484b7847d6af6bd15c83ac0c9a-e16ba275eab26e93613fe7cf900afe5df390590e&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-06-07%2000%3A35%3A28&sap=ku&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-19 01:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(476)

c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-19 01:24:20 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-18 23:24

ComboFix2.txt 2012-08-12 15:17

ComboFix3.txt 2012-08-10 01:49

.

Pre-Run: 16.843.780.096 bytes beschikbaar

Post-Run: 16.999.002.112 bytes beschikbaar

.

- - End Of File - - 1FF52EEE88FA9EF18F7E49859E1AEEAE

Ik hoop dat u mij hier mee kunt helpen?

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

Folder::

c:\documents and settings\All Users\Application Data\SweetIM

c:\program files\SweetIM

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-

[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-

[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SweetIM"=-

"Sweetpacks Communicator"=-

Firefox::

FF - ProfilePath - c:\documents and settings\r\Application Data\Mozilla\Firefox\Profiles\dfl1gyhs.default\

FF - prefs.js: browser.startup.homepage -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Geplaatst:

Dank u wel voor uw snelle reactie.

Hieronder het logbestand van Combofix;

ComboFix 12-08-18.03 - r 19-08-2012 17:06:28.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.409 [GMT 2:00]

Gestart vanuit: c:\documents and settings\r\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\r\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

c:\documents and settings\All Users\Application Data\SweetIM

c:\documents and settings\All Users\Application Data\SweetIM\Communicator\conf\communicator.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\adapter.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\autoupdate.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\contentpackages.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\logger.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\messages.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\sweetim.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\sweetimapp.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\users\cklaterve@hotmail.com\content_update_notification.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\users\cklaterve@hotmail.com\emoticons_shortcut.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\users\cklaterve@hotmail.com\user_config.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\users\main_user_config.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\bar0104\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\bar0104\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\bar0104\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\bar0104\validator.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\bar0168\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\bar0168\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\bar0168\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\bar0168\validator.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\default\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\default\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\default\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\100\default\validator.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\cache_indx.dat

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\installcontentvalidation.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\close_but.gif

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\473d5c007e793590a1db512a6ef4eb57.games2.png

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\53b597b55d8412d563b720d3585c1af8.facebook.png

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\7c1329c14e8f09f2e97e3522bcd7e126.toolbar46.xml

c:\program files\SweetIM

c:\program files\SweetIM\Communicator\mgcommon.dll

c:\program files\SweetIM\Communicator\mgcommunication.dll

c:\program files\SweetIM\Communicator\mgsimcommon.dll

c:\program files\SweetIM\Communicator\mgxml_wrapper.dll

c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll

c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll

c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll

c:\program files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll

c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe

c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe

c:\program files\SweetIM\Messenger\default.xml

c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll

c:\program files\SweetIM\Messenger\mgArchive.dll

c:\program files\SweetIM\Messenger\mgcommon.dll

c:\program files\SweetIM\Messenger\mgcommunication.dll

c:\program files\SweetIM\Messenger\mgconfig.dll

c:\program files\SweetIM\Messenger\mgFlashPlayer.dll

c:\program files\SweetIM\Messenger\mghooking.dll

c:\program files\SweetIM\Messenger\mgICQAuto.dll

c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll

c:\program files\SweetIM\Messenger\mglogger.dll

c:\program files\SweetIM\Messenger\mgMediaPlayer.dll

c:\program files\SweetIM\Messenger\mgMsnAuto.dll

c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll

c:\program files\SweetIM\Messenger\mgsimcommon.dll

c:\program files\SweetIM\Messenger\mgSweetIM.dll

c:\program files\SweetIM\Messenger\mgUpdateSupport.dll

c:\program files\SweetIM\Messenger\mgxml_wrapper.dll

c:\program files\SweetIM\Messenger\mgYahooAuto.dll

c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll

c:\program files\SweetIM\Messenger\msvcp71.dll

c:\program files\SweetIM\Messenger\msvcr71.dll

c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png

c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png

c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png

c:\program files\SweetIM\Messenger\resources\images\GamesButton.png

c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png

c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png

c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png

c:\program files\SweetIM\Messenger\resources\images\WinksButton.png

c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll

c:\program files\SweetIM\Messenger\SweetIM.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png

.

Besmet exemplaar van c:\windows\system32\kernel32.dll werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\$NtServicePackUninstall$\kernel32.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

-------\Service_xpsec

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-19 to 2012-08-19 ))))))))))))))))))))))))))))))

.

.

2012-08-12 15:47 . 2012-08-19 15:03 -------- d--h--r- c:\documents and settings\r\Onlangs geopend

2012-08-10 21:29 . 2012-07-06 00:54 829920 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\documents and settings\r\Application Data\Malwarebytes

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-09 11:42 . 2012-08-09 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-09 11:42 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-09 11:23 . 2012-08-09 11:23 388096 ----a-r- c:\documents and settings\r\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-09 11:23 . 2012-08-09 11:23 -------- d-----w- c:\program files\Trend Micro

2012-07-25 00:40 . 2012-07-25 00:40 1409 ----a-w- c:\windows\QTFont.for

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 00:08 . 2012-05-25 11:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-16 00:08 . 2011-05-23 19:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2011-03-11 15:41 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:23 . 2004-08-04 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:38 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:38 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:38 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:49 . 2009-08-19 15:07 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2011-03-11 15:43 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2011-03-11 15:43 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2011-03-11 15:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2011-03-11 15:43 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2011-03-11 15:43 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2011-03-11 15:43 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2011-03-11 15:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2011-03-23 16:02 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2011-03-23 16:02 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2011-03-23 16:02 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-01 00:46 . 2011-11-28 22:33 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-01 00:46 . 2011-11-28 22:33 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-31 13:22 . 2004-08-04 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-07-06 00:54 . 2011-03-23 16:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

((((((((((((((((((((((((((((( SnapShot_2012-08-18_23.18.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 12:00 . 2009-03-21 14:21 1027072 c:\windows\system32\kernel32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-10 02:48 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]

"IDTSysTrayApp"="sttray.exe" [2007-09-05 405504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-01 296056]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\r\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 4:48 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8-12-2010 5:12 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12-11-2010 14:19 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9-8-2012 13:42 655944]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [10-7-2012 4:48 935008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9-8-2012 13:42 22344]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25-5-2012 13:45 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6-5-2011 20:05 947528]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11-6-2012 22:06 113120]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - xcpip

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 00:08]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-879983540-682003330-1003Core.job

- c:\documents and settings\r\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-13 13:10]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-879983540-682003330-1003UA.job

- c:\documents and settings\r\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-13 13:10]

.

2012-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-879983540-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

2012-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-879983540-682003330-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]

.

.

------- Bijkomende Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

uInternet Settings,ProxyServer = proxy:8080

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\r\Application Data\Mozilla\Firefox\Profiles\dfl1gyhs.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B60c553fb-4e73-431d-b13c-25e1feb1d26d%7D&mid=21ec44484b7847d6af6bd15c83ac0c9a-e16ba275eab26e93613fe7cf900afe5df390590e&ds=AVG&v=11.1.0.12〈=nl&pr=fr&d=2012-06-07%2000%3A35%3A28&sap=ku&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-19 17:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(536)

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-19 17:22:47 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-19 15:22

ComboFix2.txt 2012-08-18 23:24

ComboFix3.txt 2012-08-12 15:17

ComboFix4.txt 2012-08-10 01:49

.

Pre-Run: 16.995.319.808 bytes beschikbaar

Post-Run: 16.956.948.480 bytes beschikbaar

.

- - End Of File - - 632A979A960746C02E19A2DEE0AF16B9


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.