Ga naar inhoud

Bij open nieuw Tabblad krijg ik"Mystart" Tabblad

OmkePom
 Delen

Aanbevolen berichten

OmkePom Leerling

OmkePom

Geplaatst:
Geplaatst:

Elke x als ik een nieuw Tabblad open krijg ik "MyStart" als start terwijl het voorheen een blanco Tabblad was.

Als ik met MallWareBytes scan vind hij elke x wel wat meestal hetzelfde terwijl ik het steeds weer verwijder.

Ook het opnieuw installeren van FireFox werkt niet.

Wie kan mij helpen??

  • Reacties 32
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Asus Grootmeester

Asus

Geplaatst:
Geplaatst:

Dag OmkePom,

welkom op PCH !

Kan je het onderstaande uitvoeren ?..

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

OmkePom Leerling

OmkePom

Geplaatst:
  • Auteur
Geplaatst:

Het Logje...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:26:40, on 9-8-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sygate\SPF\smc.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

D:\Program Files\uTorrent\uTorrent.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Windows Live\Messenger\msnmsgr.exe

D:\Program Files\Windows Live\Contacts\wlcomm.exe

D:\Documents and Settings\Administrator\Bureaublad\Brammes\AFIX\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344358908750

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Ad-Aware Service - Lavasoft Limited - D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - D:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 2987 bytes

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download AdwCleaner by Xplode naar je Bureaublad.

  • Sluit alle openstaande vensters
  • Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Klik vervolgens op Delete
  • Klik bij AdwCleaner – Information op OK
  • Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad, Dit is normaal

Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt ) post de inhoud hier in een volgende bericht.

OmkePom Leerling

OmkePom

Geplaatst:
  • Auteur
Geplaatst:

Logfile AdwCleaner,

# AdwCleaner v1.608 - Logfile created 08/10/2012 at 09:14:03

# Updated 27/05/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - XXXYYY-80BD7E39

# Running from : D:\Documents and Settings\Administrator\Bureaublad\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Registre - GUID] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (nl)

Profile name : default

File : D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\08fbvv84.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2679 octets] - [07/08/2012 14:11:34]

AdwCleaner[s1].txt - [309 octets] - [07/08/2012 14:12:11]

AdwCleaner[s2].txt - [2960 octets] - [07/08/2012 14:12:44]

AdwCleaner[R2].txt - [1078 octets] - [07/08/2012 14:19:18]

AdwCleaner[s3].txt - [1139 octets] - [07/08/2012 14:19:49]

AdwCleaner[R3].txt - [1199 octets] - [07/08/2012 18:06:01]

AdwCleaner[s4].txt - [1259 octets] - [07/08/2012 18:06:23]

AdwCleaner[R4].txt - [1368 octets] - [08/08/2012 10:17:35]

AdwCleaner[s5].txt - [1288 octets] - [10/08/2012 09:14:03]

########## EOF - D:\AdwCleaner[s5].txt - [1416 octets] ##########

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

OmkePom Leerling

OmkePom

Geplaatst:
  • Auteur
Geplaatst:

ComboFix logfile,

ComboFix 12-08-09.01 - Administrator 10-08-2012 10:06:57.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2015.1564 [GMT 2:00]

Gestart vanuit: d:\documents and settings\Administrator\Bureaublad\ComboFix.exe

AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))

.

.

2012-08-09 19:44 . 2012-08-09 19:44 -------- d-----w- d:\documents and settings\All Users\Application Data\Ad-Aware Antivirus

2012-08-09 12:42 . 2012-08-09 12:43 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2012-08-09 12:42 . 2012-07-03 11:46 22344 ----a-w- d:\windows\system32\drivers\mbam.sys

2012-08-08 09:24 . 2012-08-08 09:24 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\adaware

2012-08-08 09:24 . 2011-11-29 04:59 77816 ----a-w- d:\windows\system32\drivers\sbapifs.sys

2012-08-08 09:24 . 2011-11-29 04:59 21240 ----a-w- d:\windows\system32\drivers\sbaphd.sys

2012-08-08 09:24 . 2012-08-08 09:24 -------- d-----w- d:\windows\system32\drivers\VDD

2012-08-08 09:24 . 2012-08-08 09:36 -------- d-----w- d:\program files\Ad-Aware Antivirus

2012-08-08 09:15 . 2012-08-08 09:15 -------- d-----w- d:\program files\uTorrent

2012-08-08 09:10 . 2004-10-15 16:32 14568 ----a-w- d:\windows\system32\drivers\wg6n.sys

2012-08-08 09:10 . 2004-10-15 16:32 14568 ----a-w- d:\windows\system32\drivers\wg5n.sys

2012-08-08 09:10 . 2004-10-15 16:32 14568 ----a-w- d:\windows\system32\drivers\wg4n.sys

2012-08-08 09:10 . 2004-10-15 16:32 14568 ----a-w- d:\windows\system32\drivers\wg3n.sys

2012-08-08 09:10 . 2004-10-15 16:18 21075 ----a-w- d:\windows\system32\drivers\wpsdrvnt.sys

2012-08-08 09:10 . 2004-10-15 16:17 60496 ----a-w- d:\windows\system32\drivers\Teefer.sys

2012-08-08 09:10 . 2004-10-15 16:32 83096 ----a-w- d:\windows\system32\SSSensor.dll

2012-08-08 09:09 . 2012-08-08 09:09 -------- d-----w- d:\program files\Sygate

2012-08-08 09:04 . 2012-08-09 14:10 -------- d-----w- d:\documents and settings\All Users\Bureaublad

2012-08-08 09:04 . 2012-08-08 09:04 -------- d-----w- d:\program files\Mozilla Maintenance Service

2012-08-08 08:53 . 2012-08-08 08:53 -------- d-----w- d:\documents and settings\All Users\Application Data\GFI Software

2012-08-07 20:40 . 2012-08-07 20:41 -------- dc-h--w- d:\windows\ie8

2012-08-07 08:22 . 2012-08-07 08:22 -------- d-----w- d:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus

2012-08-07 08:12 . 2012-08-09 14:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection

2012-08-07 08:12 . 2012-08-08 08:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft

2012-08-07 08:11 . 2012-08-07 08:11 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations

2012-08-07 08:10 . 2012-08-08 11:18 -------- d-----w- d:\documents and settings\Administrator\Application Data\Ad-Aware Antivirus

2012-08-01 18:11 . 2012-08-01 18:11 -------- d-----w- d:\documents and settings\Administrator\Application Data\QuickScan

2012-07-26 12:03 . 2012-07-26 12:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Premium

2012-07-26 12:03 . 2012-07-26 12:03 -------- d-----w- d:\documents and settings\Administrator\Application Data\SendSpace

2012-07-26 12:02 . 2012-07-26 12:02 453 ----a-w- D:\user.js

2012-07-26 12:02 . 2012-08-07 11:55 -------- d-----w- d:\program files\Web Assistant

2012-07-26 12:00 . 2012-07-26 12:03 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallMate

2012-07-21 08:40 . 2012-07-21 08:40 -------- d-----w- d:\program files\FileZilla FTP Client

2012-07-11 13:53 . 2012-08-07 16:22 -------- d-----w- d:\documents and settings\Administrator\Application Data\Skype

2012-07-11 13:52 . 2012-08-07 16:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-14 09:10 . 2012-06-03 10:59 426184 ----a-w- d:\windows\system32\FlashPlayerApp.exe

2012-06-14 09:10 . 2012-01-23 19:32 70344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-13 13:55 . 2008-04-14 21:05 1866240 ----a-w- d:\windows\system32\win32k.sys

2012-06-05 15:49 . 2008-04-14 21:32 1372672 ----a-w- d:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2008-04-14 21:32 1172480 ----a-w- d:\windows\system32\msxml3.dll

2012-06-04 15:35 . 2011-12-09 17:35 210968 ----a-w- d:\windows\system32\wuweb.dll

2012-06-04 04:32 . 2008-04-14 21:32 152576 ----a-w- d:\windows\system32\schannel.dll

2012-06-02 13:19 . 2011-12-09 18:40 18456 ----a-w- d:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2011-12-09 17:35 329240 ----a-w- d:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2011-12-09 17:35 219160 ----a-w- d:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2011-12-09 18:40 45080 ----a-w- d:\windows\system32\wups2.dll

2012-06-02 13:19 . 2011-12-09 17:35 53784 ----a-w- d:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2011-12-09 17:35 35864 ----a-w- d:\windows\system32\wups.dll

2012-06-02 13:19 . 2008-04-14 21:32 97304 ----a-w- d:\windows\system32\cdm.dll

2012-06-02 13:19 . 2011-12-09 18:40 15896 ----a-w- d:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2011-12-09 18:40 15896 ----a-w- d:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2011-12-09 17:35 577048 ----a-w- d:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2011-12-09 18:40 24088 ----a-w- d:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2011-12-09 17:35 1933848 ----a-w- d:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2011-12-12 13:05 18160 ----a-w- d:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2011-12-12 13:05 275696 ----a-w- d:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2011-12-12 13:05 214256 ----a-w- d:\windows\system32\muweb.dll

2012-05-31 13:22 . 2008-04-14 21:32 602624 ----a-w- d:\windows\system32\crypt32.dll

2012-07-14 00:15 . 2012-08-08 09:04 136672 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-05-11 . 13D1764BA6AEDF0E8846428CAF915738 . 6007808 . . [8.00.6001.19258] . . d:\windows\SoftwareDistribution\Download\b5933ec26f643e8f8ad1fe8edc9c0851\SP3GDR\mshtml.dll

[-] 2012-05-11 . F45E5701FF03719D2AC7FE1B426FCABA . 6009344 . . [8.00.6001.23345] . . d:\windows\SoftwareDistribution\Download\b5933ec26f643e8f8ad1fe8edc9c0851\SP3QFE\mshtml.dll

[-] 2012-03-01 . 6E0E7C508B5060F81992D5ED0B1A5556 . 5978624 . . [8.00.6001.19222] . . d:\windows\erdnt\cache\mshtml.dll

[-] 2012-03-01 . 467D9D5FB15DD88E82768C6F31A7A5D4 . 5980672 . . [8.00.6001.23318] . . d:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll

[-] 2012-02-28 . D16CF6C7AFB29B7546BFD20B4E355A9D . 3108864 . . [6.00.2900.6197] . . d:\windows\SoftwareDistribution\Download\f1ba4b72adaf0e6a441cc3ca7a29e329\sp3gdr\mshtml.dll

[-] 2012-02-28 . 187B5BBB711C65C7D90D89C8F01C21B9 . 3109376 . . [6.00.2900.6197] . . d:\windows\SoftwareDistribution\Download\f1ba4b72adaf0e6a441cc3ca7a29e329\sp3qfe\mshtml.dll

[-] 2011-12-19 . 88C35DAE443D1813939183D4FF8A1BA3 . 3108352 . . [6.00.2900.6182] . . d:\windows\SoftwareDistribution\Download\cdc91ba1237215fbe4072aa51f33b547\sp3gdr\mshtml.dll

[-] 2011-12-19 . 69485422D35F1D286BA06F72C140F376 . 3108864 . . [6.00.2900.6182] . . d:\windows\SoftwareDistribution\Download\cdc91ba1237215fbe4072aa51f33b547\sp3qfe\mshtml.dll

[-] 2011-12-17 . 5C55673322584D9F5A32D0971D83858B . 5979136 . . [8.00.6001.19190] . . d:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3GDR\mshtml.dll

[-] 2011-12-17 . 46FE106946083872716147AD223F20C1 . 5980160 . . [8.00.6001.23286] . . d:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll

[-] 2011-12-17 . 46FE106946083872716147AD223F20C1 . 5980160 . . [8.00.6001.23286] . . d:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3QFE\mshtml.dll

[-] 2011-11-04 . 958ECE072DA2D840BD3658A3AB708F58 . 5978112 . . [8.00.6001.19170] . . d:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3GDR\mshtml.dll

[-] 2011-11-04 . E43D37858B634BDE1E099E92F0202458 . 5978624 . . [8.00.6001.23266] . . d:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll

[-] 2011-11-04 . E43D37858B634BDE1E099E92F0202458 . 5978624 . . [8.00.6001.23266] . . d:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3QFE\mshtml.dll

[-] 2011-11-03 . C26CF1A39FEBAF9D2AD70BE6ABB18A80 . 3108352 . . [6.00.2900.6169] . . d:\windows\ie8\mshtml.dll

[-] 2011-11-03 . 11244F9DFE66A4E96C6D53646C2F1747 . 3108864 . . [6.00.2900.6169] . . d:\windows\$hf_mig$\KB2618444\SP3QFE\mshtml.dll

[-] 2011-09-05 . 538D8FB09C46E62ED0C59A9C7B12C9BF . 3107328 . . [6.00.2900.6148] . . d:\windows\SoftwareDistribution\Download\8c75e351745ce345a9cb71e64cbac520\sp3gdr\mshtml.dll

[-] 2011-09-05 . DFEC0338F440C7B1A6E16ED92CE0F8F1 . 3107840 . . [6.00.2900.6148] . . d:\windows\SoftwareDistribution\Download\8c75e351745ce345a9cb71e64cbac520\sp3qfe\mshtml.dll

[-] 2011-06-27 . B3C512EB1950AD3BCF1C14C5D38A405B . 3105792 . . [6.00.2900.6129] . . d:\windows\$NtUninstallKB2618444$\mshtml.dll

[-] 2011-06-27 . 796C3ABC2779096E1B1255ED920AE11A . 3106304 . . [6.00.2900.6129] . . d:\windows\$hf_mig$\KB2559049\SP3QFE\mshtml.dll

[-] 2010-05-06 . E7CD22F3A8247FC3BFD283D30B4674D2 . 5950976 . . [8.00.6001.18928] . . d:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3GDR\mshtml.dll

[-] 2010-05-06 . 47A7DDF5DF0F323F877EEFC75338C4A3 . 5953024 . . [8.00.6001.23019] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[-] 2010-05-06 . 47A7DDF5DF0F323F877EEFC75338C4A3 . 5953024 . . [8.00.6001.23019] . . d:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3QFE\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . d:\windows\system32\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . d:\windows\system32\dllcache\mshtml.dll

[-] 2008-04-14 . B937B964B164A7B588D09BF419F90875 . 3066880 . . [6.00.2900.5512] . . d:\windows\$NtUninstallKB2559049$\mshtml.dll

.

[-] 2012-05-16 . C1466A8E803261BB11FC25EF096E4E3D . 916992 . . [8.00.6001.19272] . . d:\windows\SoftwareDistribution\Download\b5933ec26f643e8f8ad1fe8edc9c0851\SP3GDR\wininet.dll

[-] 2012-05-16 . 7FC207568D4D9AAFC266FC84F716FEC1 . 920064 . . [8.00.6001.23359] . . d:\windows\SoftwareDistribution\Download\b5933ec26f643e8f8ad1fe8edc9c0851\SP3QFE\wininet.dll

[-] 2012-03-01 . CFF17B16BFF8179FBBA29075245E8BE1 . 916992 . . [8.00.6001.19222] . . d:\windows\erdnt\cache\wininet.dll

[-] 2012-03-01 . B2E54BC4C5B399547EE3C8188DBBA509 . 919552 . . [8.00.6001.23318] . . d:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll

[-] 2012-02-28 . 177727EFDC9D9F921D2E704E5949757F . 670208 . . [6.00.2900.6197] . . d:\windows\SoftwareDistribution\Download\f1ba4b72adaf0e6a441cc3ca7a29e329\sp3gdr\wininet.dll

[-] 2012-02-28 . B40C25E9387B7F638D69787F89BE8DD4 . 671744 . . [6.00.2900.6197] . . d:\windows\SoftwareDistribution\Download\f1ba4b72adaf0e6a441cc3ca7a29e329\sp3qfe\wininet.dll

[-] 2011-12-19 . 09A397373E34DD2A77D4450641B9C5F6 . 670208 . . [6.00.2900.6182] . . d:\windows\SoftwareDistribution\Download\cdc91ba1237215fbe4072aa51f33b547\sp3gdr\wininet.dll

[-] 2011-12-19 . A9530DFEF6A283BCA7FFE77E47344BE2 . 671744 . . [6.00.2900.6182] . . d:\windows\SoftwareDistribution\Download\cdc91ba1237215fbe4072aa51f33b547\sp3qfe\wininet.dll

[-] 2011-12-17 . 03CB14FB6B75EC8AC2FDEC54E904C30B . 916992 . . [8.00.6001.19190] . . d:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3GDR\wininet.dll

[-] 2011-12-17 . 38C3CDBC40464D40C7B716C8E154B86C . 919552 . . [8.00.6001.23286] . . d:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll

[-] 2011-12-17 . 38C3CDBC40464D40C7B716C8E154B86C . 919552 . . [8.00.6001.23286] . . d:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3QFE\wininet.dll

[-] 2011-11-04 . D47FE623B45DF066647469DB73AE3215 . 916992 . . [8.00.6001.19165] . . d:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3GDR\wininet.dll

[-] 2011-11-04 . A484703720C95391777DF05F2458FEF8 . 919552 . . [8.00.6001.23261] . . d:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll

[-] 2011-11-04 . A484703720C95391777DF05F2458FEF8 . 919552 . . [8.00.6001.23261] . . d:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3QFE\wininet.dll

[-] 2011-11-01 . 50E9E4EB7ED2A7B680EE4D843916E7DF . 670208 . . [6.00.2900.6168] . . d:\windows\ie8\wininet.dll

[-] 2011-11-01 . 7AC58A2566F7FF8AB5948C5F4CFA6674 . 671744 . . [6.00.2900.6168] . . d:\windows\$hf_mig$\KB2618444\SP3QFE\wininet.dll

[-] 2011-09-05 . 638A3E908C1E401ADD81878082EFDEBC . 670208 . . [6.00.2900.6148] . . d:\windows\SoftwareDistribution\Download\8c75e351745ce345a9cb71e64cbac520\sp3gdr\wininet.dll

[-] 2011-09-05 . 031A23A350F9A3A353F4D7144847CAD7 . 671744 . . [6.00.2900.6148] . . d:\windows\SoftwareDistribution\Download\8c75e351745ce345a9cb71e64cbac520\sp3qfe\wininet.dll

[-] 2011-06-21 . 73D1B42C1F3983EE4DBC7DC8B03E30DF . 670208 . . [6.00.2900.6126] . . d:\windows\$NtUninstallKB2618444$\wininet.dll

[-] 2011-06-21 . 18A02E70D82B57D68137528251197C78 . 671744 . . [6.00.2900.6126] . . d:\windows\$hf_mig$\KB2559049\SP3QFE\wininet.dll

[-] 2010-05-06 . 109D1EFA1C0BC4EC65EBA39707F31A19 . 916480 . . [8.00.6001.18923] . . d:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3GDR\wininet.dll

[-] 2010-05-06 . A319118B77A91EB08AB2BF098D91900E . 919040 . . [8.00.6001.23014] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

[-] 2010-05-06 . A319118B77A91EB08AB2BF098D91900E . 919040 . . [8.00.6001.23014] . . d:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3QFE\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\system32\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\system32\dllcache\wininet.dll

[-] 2008-04-14 . 80CA4DCDD3DAD65CB8800508076712E7 . 669184 . . [6.00.2900.5512] . . d:\windows\$NtUninstallKB2559049$\wininet.dll

.

((((((((((((((((((((((((((((( SnapShot_2012-08-08_08.40.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-10 07:28 . 2012-08-10 07:28 16384 d:\windows\Temp\Perflib_Perfdata_84.dat

- 2004-08-10 16:05 . 2004-08-10 16:05 99480 d:\windows\system32\FwsVpn.dll

+ 2004-10-15 16:31 . 2004-10-15 16:31 99480 d:\windows\system32\FwsVpn.dll

- 2012-05-31 14:23 . 2012-07-11 06:30 34144 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 34144 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 42848 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 42848 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 19296 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 19296 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-08-08 09:10 . 2012-08-08 09:10 4608 d:\windows\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe

- 2004-08-10 19:39 . 2004-08-10 19:39 218264 d:\windows\system32\SetAid.dll

+ 2004-10-15 16:31 . 2004-10-15 16:31 218264 d:\windows\system32\SetAid.dll

+ 2012-08-08 09:10 . 2012-08-08 09:10 981504 d:\windows\Installer\13e3f.msi

+ 2012-05-31 14:23 . 2012-08-08 18:01 415584 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 415584 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 303456 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 303456 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 571232 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 571232 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 326496 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 326496 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 470616 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 470616 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 178528 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 178528 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

- 2012-08-07 08:12 . 2012-08-07 08:12 128896 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\UNINST_Uninstall_A_DE08FD120270402B91CB0B6B59AB5AF9.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 128896 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\UNINST_Uninstall_A_DE08FD120270402B91CB0B6B59AB5AF9.exe

- 2012-08-07 08:12 . 2012-08-07 08:12 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut4_2C44B39324B94969A0B2A3EFCFBC4594.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut4_2C44B39324B94969A0B2A3EFCFBC4594.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut1_FE807111CB594AE5B9A38430EB516D75.exe

- 2012-08-07 08:12 . 2012-08-07 08:12 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut1_FE807111CB594AE5B9A38430EB516D75.exe

- 2012-08-07 08:12 . 2012-08-07 08:12 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\ARPPRODUCTICON.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\ARPPRODUCTICON.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 5836288 d:\windows\Installer\b788d.msi

+ 2012-05-31 14:23 . 2012-08-08 18:01 1479520 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 1479520 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 1858400 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 1858400 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 3792736 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 3792736 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 1449312 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 1449312 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-10-20 11:35 . 2010-10-20 11:35 1858400 d:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\WORDICON.EXE

+ 2011-03-18 20:59 . 2011-03-18 20:59 1422680 d:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\WINWORD.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2012-08-08 896400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="d:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Documents and Settings\\Administrator\\Bureaublad\\Tottents\\RatioMaster.NET.exe"=

"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"d:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"d:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"d:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"d:\\Program Files\\uTorrent\\uTorrent.exe"=

.

R1 sbaphd;sbaphd;d:\windows\system32\drivers\sbaphd.sys [8-8-2012 11:24 21240]

R1 SBRE;SBRE;d:\windows\system32\drivers\SBREDrv.sys [26-10-2011 14:23 101112]

R2 Ad-Aware Service;Ad-Aware Service;d:\program files\Ad-Aware Antivirus\AdAwareService.exe [12-7-2012 18:32 1239952]

R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9-8-2012 14:42 655944]

R2 SBAMSvc;Ad-Aware;d:\program files\Ad-Aware Antivirus\SBAMSvc.exe [19-12-2011 13:20 3289032]

R2 sbapifs;sbapifs;d:\windows\system32\drivers\sbapifs.sys [8-8-2012 11:24 77816]

R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9-8-2012 14:42 22344]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;d:\windows\system32\DNINDIS5.sys [9-12-2011 20:19 17149]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\Microsoft Office\Office14\GROOVE.EXE [12-6-2011 11:15 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;d:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8-8-2012 11:04 113120]

S3 osppsvc;Office Software Protection Platform;d:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 21:37 4640000]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-08 d:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- d:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 16:32]

.

.

------- Bijkomende Scan -------

.

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\08fbvv84.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8A9QAab7&&i=26&search=

FF - prefs.js: network.proxy.ftp - 118.97.208.194

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.http - 118.97.208.194

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 118.97.208.194

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 118.97.208.194

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-10 10:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1275210071-651377827-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,5f,1f,ef,a3,c9,c9,4c,99,39,53,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,5f,1f,ef,a3,c9,c9,4c,99,39,53,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(1480)

d:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

d:\progra~1\MICROS~3\Office14\1043\GrooveIntlResource.dll

d:\windows\system32\ieframe.dll

d:\windows\system32\SSSensor.dll

d:\windows\system32\webcheck.dll

.

Voltooingstijd: 2012-08-10 10:24:20

ComboFix-quarantined-files.txt 2012-08-10 08:24

ComboFix2.txt 2012-08-08 08:48

ComboFix3.txt 2012-08-07 15:32

ComboFix4.txt 2012-08-07 13:10

.

Pre-Run: 17.227.997.184 bytes beschikbaar

Post-Run: 17.359.151.104 bytes beschikbaar

.

- - End Of File - - 61EC3CF149CBDEBF9AABAF338A67002C

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

D:\user.js

Folder::

d:\program files\Web Assistant

d:\documents and settings\All Users\Application Data\InstallMate

Firefox::

FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\08fbvv84.default\

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

OmkePom Leerling

OmkePom

Geplaatst:
  • Auteur
Geplaatst:

Oké dat proces duurde heel lang, (meer dan 1uur) ComboFix gaf aan dat mijn virus programma (Ad-Aware Antivirus) op de achtergrond actief was terwijl ik hem uit de automatisch opstarten had uitgezet, mogelijk was dat de oorzaak ( hem uitzetten op verzoek van ComboFix kon ik dus niet)

Logfile2 ComboFix,

ComboFix 12-08-09.01 - Administrator 10-08-2012 12:35:46.6.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2015.1282 [GMT 2:00]

Gestart vanuit: d:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: d:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

FILE ::

"D:\user.js"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

d:\documents and settings\All Users\Application Data\InstallMate

d:\documents and settings\All Users\Application Data\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setup.dll

d:\documents and settings\All Users\Application Data\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setupx.dll

d:\documents and settings\All Users\Application Data\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\20120726140020.log

d:\documents and settings\All Users\Application Data\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.dat

d:\documents and settings\All Users\Application Data\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.exe

d:\documents and settings\All Users\Application Data\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.ico

d:\documents and settings\All Users\Application Data\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\TsuDll.dll

d:\program files\Web Assistant

d:\program files\Web Assistant\ExtensionUpdaterService.exe

d:\program files\Web Assistant\Firefox\chrome.manifest

d:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js

d:\program files\Web Assistant\Firefox\chrome\content\main.js

d:\program files\Web Assistant\Firefox\chrome\content\main.xul

d:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js

d:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd

d:\program files\Web Assistant\Firefox\chrome\skin\overlay.css

d:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js

d:\program files\Web Assistant\Firefox\install.rdf

d:\program files\Web Assistant\InstallerHelper.dll

d:\program files\Web Assistant\libraries\DataExchangeScript.js

d:\program files\Web Assistant\resources\localscript.js

d:\program files\Web Assistant\source.crx

d:\program files\Web Assistant\unins000.dat

d:\program files\Web Assistant\unins000.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))

.

.

2012-08-09 19:44 . 2012-08-09 19:44 -------- d-----w- d:\documents and settings\All Users\Application Data\Ad-Aware Antivirus

2012-08-09 12:42 . 2012-08-09 12:43 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2012-08-09 12:42 . 2012-07-03 11:46 22344 ----a-w- d:\windows\system32\drivers\mbam.sys

2012-08-08 09:24 . 2012-08-08 09:24 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\adaware

2012-08-08 09:24 . 2011-11-29 04:59 77816 ----a-w- d:\windows\system32\drivers\sbapifs.sys

2012-08-08 09:24 . 2011-11-29 04:59 21240 ----a-w- d:\windows\system32\drivers\sbaphd.sys

2012-08-08 09:24 . 2012-08-08 09:24 -------- d-----w- d:\windows\system32\drivers\VDD

2012-08-08 09:24 . 2012-08-08 09:36 -------- d-----w- d:\program files\Ad-Aware Antivirus

2012-08-08 09:15 . 2012-08-08 09:15 -------- d-----w- d:\program files\uTorrent

2012-08-08 09:10 . 2004-10-15 16:32 14568 ----a-w- d:\windows\system32\drivers\wg6n.sys

2012-08-08 09:10 . 2004-10-15 16:32 14568 ----a-w- d:\windows\system32\drivers\wg5n.sys

2012-08-08 09:10 . 2004-10-15 16:32 14568 ----a-w- d:\windows\system32\drivers\wg4n.sys

2012-08-08 09:10 . 2004-10-15 16:32 14568 ----a-w- d:\windows\system32\drivers\wg3n.sys

2012-08-08 09:10 . 2004-10-15 16:18 21075 ----a-w- d:\windows\system32\drivers\wpsdrvnt.sys

2012-08-08 09:10 . 2004-10-15 16:17 60496 ----a-w- d:\windows\system32\drivers\Teefer.sys

2012-08-08 09:10 . 2004-10-15 16:32 83096 ----a-w- d:\windows\system32\SSSensor.dll

2012-08-08 09:09 . 2012-08-08 09:09 -------- d-----w- d:\program files\Sygate

2012-08-08 09:04 . 2012-08-09 14:10 -------- d-----w- d:\documents and settings\All Users\Bureaublad

2012-08-08 09:04 . 2012-08-08 09:04 -------- d-----w- d:\program files\Mozilla Maintenance Service

2012-08-08 08:53 . 2012-08-08 08:53 -------- d-----w- d:\documents and settings\All Users\Application Data\GFI Software

2012-08-07 20:40 . 2012-08-07 20:41 -------- dc-h--w- d:\windows\ie8

2012-08-07 08:22 . 2012-08-07 08:22 -------- d-----w- d:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus

2012-08-07 08:12 . 2012-08-09 14:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection

2012-08-07 08:12 . 2012-08-08 08:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft

2012-08-07 08:11 . 2012-08-07 08:11 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations

2012-08-07 08:10 . 2012-08-08 11:18 -------- d-----w- d:\documents and settings\Administrator\Application Data\Ad-Aware Antivirus

2012-08-01 18:11 . 2012-08-01 18:11 -------- d-----w- d:\documents and settings\Administrator\Application Data\QuickScan

2012-07-26 12:03 . 2012-07-26 12:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Premium

2012-07-26 12:03 . 2012-07-26 12:03 -------- d-----w- d:\documents and settings\Administrator\Application Data\SendSpace

2012-07-26 12:02 . 2012-07-26 12:02 453 ----a-w- D:\user.js

2012-07-21 08:40 . 2012-07-21 08:40 -------- d-----w- d:\program files\FileZilla FTP Client

2012-07-11 13:53 . 2012-08-07 16:22 -------- d-----w- d:\documents and settings\Administrator\Application Data\Skype

2012-07-11 13:52 . 2012-08-07 16:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-14 09:10 . 2012-06-03 10:59 426184 ----a-w- d:\windows\system32\FlashPlayerApp.exe

2012-06-14 09:10 . 2012-01-23 19:32 70344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-13 13:55 . 2008-04-14 21:05 1866240 ----a-w- d:\windows\system32\win32k.sys

2012-06-05 15:49 . 2008-04-14 21:32 1372672 ----a-w- d:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2008-04-14 21:32 1172480 ----a-w- d:\windows\system32\msxml3.dll

2012-06-04 15:35 . 2011-12-09 17:35 210968 ----a-w- d:\windows\system32\wuweb.dll

2012-06-04 04:32 . 2008-04-14 21:32 152576 ----a-w- d:\windows\system32\schannel.dll

2012-06-02 13:19 . 2011-12-09 18:40 18456 ----a-w- d:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2011-12-09 17:35 329240 ----a-w- d:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2011-12-09 17:35 219160 ----a-w- d:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2011-12-09 18:40 45080 ----a-w- d:\windows\system32\wups2.dll

2012-06-02 13:19 . 2011-12-09 17:35 53784 ----a-w- d:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2011-12-09 17:35 35864 ----a-w- d:\windows\system32\wups.dll

2012-06-02 13:19 . 2008-04-14 21:32 97304 ----a-w- d:\windows\system32\cdm.dll

2012-06-02 13:19 . 2011-12-09 18:40 15896 ----a-w- d:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2011-12-09 18:40 15896 ----a-w- d:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2011-12-09 17:35 577048 ----a-w- d:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2011-12-09 18:40 24088 ----a-w- d:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2011-12-09 17:35 1933848 ----a-w- d:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2011-12-12 13:05 18160 ----a-w- d:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2011-12-12 13:05 275696 ----a-w- d:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2011-12-12 13:05 214256 ----a-w- d:\windows\system32\muweb.dll

2012-05-31 13:22 . 2008-04-14 21:32 602624 ----a-w- d:\windows\system32\crypt32.dll

2012-07-14 00:15 . 2012-08-08 09:04 136672 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-05-11 . 13D1764BA6AEDF0E8846428CAF915738 . 6007808 . . [8.00.6001.19258] . . d:\windows\SoftwareDistribution\Download\b5933ec26f643e8f8ad1fe8edc9c0851\SP3GDR\mshtml.dll

[-] 2012-05-11 . F45E5701FF03719D2AC7FE1B426FCABA . 6009344 . . [8.00.6001.23345] . . d:\windows\SoftwareDistribution\Download\b5933ec26f643e8f8ad1fe8edc9c0851\SP3QFE\mshtml.dll

[-] 2012-03-01 . 6E0E7C508B5060F81992D5ED0B1A5556 . 5978624 . . [8.00.6001.19222] . . d:\windows\erdnt\cache\mshtml.dll

[-] 2012-03-01 . 467D9D5FB15DD88E82768C6F31A7A5D4 . 5980672 . . [8.00.6001.23318] . . d:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll

[-] 2012-02-28 . D16CF6C7AFB29B7546BFD20B4E355A9D . 3108864 . . [6.00.2900.6197] . . d:\windows\SoftwareDistribution\Download\f1ba4b72adaf0e6a441cc3ca7a29e329\sp3gdr\mshtml.dll

[-] 2012-02-28 . 187B5BBB711C65C7D90D89C8F01C21B9 . 3109376 . . [6.00.2900.6197] . . d:\windows\SoftwareDistribution\Download\f1ba4b72adaf0e6a441cc3ca7a29e329\sp3qfe\mshtml.dll

[-] 2011-12-19 . 88C35DAE443D1813939183D4FF8A1BA3 . 3108352 . . [6.00.2900.6182] . . d:\windows\SoftwareDistribution\Download\cdc91ba1237215fbe4072aa51f33b547\sp3gdr\mshtml.dll

[-] 2011-12-19 . 69485422D35F1D286BA06F72C140F376 . 3108864 . . [6.00.2900.6182] . . d:\windows\SoftwareDistribution\Download\cdc91ba1237215fbe4072aa51f33b547\sp3qfe\mshtml.dll

[-] 2011-12-17 . 5C55673322584D9F5A32D0971D83858B . 5979136 . . [8.00.6001.19190] . . d:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3GDR\mshtml.dll

[-] 2011-12-17 . 46FE106946083872716147AD223F20C1 . 5980160 . . [8.00.6001.23286] . . d:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll

[-] 2011-12-17 . 46FE106946083872716147AD223F20C1 . 5980160 . . [8.00.6001.23286] . . d:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3QFE\mshtml.dll

[-] 2011-11-04 . 958ECE072DA2D840BD3658A3AB708F58 . 5978112 . . [8.00.6001.19170] . . d:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3GDR\mshtml.dll

[-] 2011-11-04 . E43D37858B634BDE1E099E92F0202458 . 5978624 . . [8.00.6001.23266] . . d:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll

[-] 2011-11-04 . E43D37858B634BDE1E099E92F0202458 . 5978624 . . [8.00.6001.23266] . . d:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3QFE\mshtml.dll

[-] 2011-11-03 . C26CF1A39FEBAF9D2AD70BE6ABB18A80 . 3108352 . . [6.00.2900.6169] . . d:\windows\ie8\mshtml.dll

[-] 2011-11-03 . 11244F9DFE66A4E96C6D53646C2F1747 . 3108864 . . [6.00.2900.6169] . . d:\windows\$hf_mig$\KB2618444\SP3QFE\mshtml.dll

[-] 2011-09-05 . 538D8FB09C46E62ED0C59A9C7B12C9BF . 3107328 . . [6.00.2900.6148] . . d:\windows\SoftwareDistribution\Download\8c75e351745ce345a9cb71e64cbac520\sp3gdr\mshtml.dll

[-] 2011-09-05 . DFEC0338F440C7B1A6E16ED92CE0F8F1 . 3107840 . . [6.00.2900.6148] . . d:\windows\SoftwareDistribution\Download\8c75e351745ce345a9cb71e64cbac520\sp3qfe\mshtml.dll

[-] 2011-06-27 . B3C512EB1950AD3BCF1C14C5D38A405B . 3105792 . . [6.00.2900.6129] . . d:\windows\$NtUninstallKB2618444$\mshtml.dll

[-] 2011-06-27 . 796C3ABC2779096E1B1255ED920AE11A . 3106304 . . [6.00.2900.6129] . . d:\windows\$hf_mig$\KB2559049\SP3QFE\mshtml.dll

[-] 2010-05-06 . E7CD22F3A8247FC3BFD283D30B4674D2 . 5950976 . . [8.00.6001.18928] . . d:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3GDR\mshtml.dll

[-] 2010-05-06 . 47A7DDF5DF0F323F877EEFC75338C4A3 . 5953024 . . [8.00.6001.23019] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[-] 2010-05-06 . 47A7DDF5DF0F323F877EEFC75338C4A3 . 5953024 . . [8.00.6001.23019] . . d:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3QFE\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . d:\windows\system32\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . d:\windows\system32\dllcache\mshtml.dll

[-] 2008-04-14 . B937B964B164A7B588D09BF419F90875 . 3066880 . . [6.00.2900.5512] . . d:\windows\$NtUninstallKB2559049$\mshtml.dll

.

[-] 2012-05-16 . C1466A8E803261BB11FC25EF096E4E3D . 916992 . . [8.00.6001.19272] . . d:\windows\SoftwareDistribution\Download\b5933ec26f643e8f8ad1fe8edc9c0851\SP3GDR\wininet.dll

[-] 2012-05-16 . 7FC207568D4D9AAFC266FC84F716FEC1 . 920064 . . [8.00.6001.23359] . . d:\windows\SoftwareDistribution\Download\b5933ec26f643e8f8ad1fe8edc9c0851\SP3QFE\wininet.dll

[-] 2012-03-01 . CFF17B16BFF8179FBBA29075245E8BE1 . 916992 . . [8.00.6001.19222] . . d:\windows\erdnt\cache\wininet.dll

[-] 2012-03-01 . B2E54BC4C5B399547EE3C8188DBBA509 . 919552 . . [8.00.6001.23318] . . d:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll

[-] 2012-02-28 . 177727EFDC9D9F921D2E704E5949757F . 670208 . . [6.00.2900.6197] . . d:\windows\SoftwareDistribution\Download\f1ba4b72adaf0e6a441cc3ca7a29e329\sp3gdr\wininet.dll

[-] 2012-02-28 . B40C25E9387B7F638D69787F89BE8DD4 . 671744 . . [6.00.2900.6197] . . d:\windows\SoftwareDistribution\Download\f1ba4b72adaf0e6a441cc3ca7a29e329\sp3qfe\wininet.dll

[-] 2011-12-19 . 09A397373E34DD2A77D4450641B9C5F6 . 670208 . . [6.00.2900.6182] . . d:\windows\SoftwareDistribution\Download\cdc91ba1237215fbe4072aa51f33b547\sp3gdr\wininet.dll

[-] 2011-12-19 . A9530DFEF6A283BCA7FFE77E47344BE2 . 671744 . . [6.00.2900.6182] . . d:\windows\SoftwareDistribution\Download\cdc91ba1237215fbe4072aa51f33b547\sp3qfe\wininet.dll

[-] 2011-12-17 . 03CB14FB6B75EC8AC2FDEC54E904C30B . 916992 . . [8.00.6001.19190] . . d:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3GDR\wininet.dll

[-] 2011-12-17 . 38C3CDBC40464D40C7B716C8E154B86C . 919552 . . [8.00.6001.23286] . . d:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll

[-] 2011-12-17 . 38C3CDBC40464D40C7B716C8E154B86C . 919552 . . [8.00.6001.23286] . . d:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3QFE\wininet.dll

[-] 2011-11-04 . D47FE623B45DF066647469DB73AE3215 . 916992 . . [8.00.6001.19165] . . d:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3GDR\wininet.dll

[-] 2011-11-04 . A484703720C95391777DF05F2458FEF8 . 919552 . . [8.00.6001.23261] . . d:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll

[-] 2011-11-04 . A484703720C95391777DF05F2458FEF8 . 919552 . . [8.00.6001.23261] . . d:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3QFE\wininet.dll

[-] 2011-11-01 . 50E9E4EB7ED2A7B680EE4D843916E7DF . 670208 . . [6.00.2900.6168] . . d:\windows\ie8\wininet.dll

[-] 2011-11-01 . 7AC58A2566F7FF8AB5948C5F4CFA6674 . 671744 . . [6.00.2900.6168] . . d:\windows\$hf_mig$\KB2618444\SP3QFE\wininet.dll

[-] 2011-09-05 . 638A3E908C1E401ADD81878082EFDEBC . 670208 . . [6.00.2900.6148] . . d:\windows\SoftwareDistribution\Download\8c75e351745ce345a9cb71e64cbac520\sp3gdr\wininet.dll

[-] 2011-09-05 . 031A23A350F9A3A353F4D7144847CAD7 . 671744 . . [6.00.2900.6148] . . d:\windows\SoftwareDistribution\Download\8c75e351745ce345a9cb71e64cbac520\sp3qfe\wininet.dll

[-] 2011-06-21 . 73D1B42C1F3983EE4DBC7DC8B03E30DF . 670208 . . [6.00.2900.6126] . . d:\windows\$NtUninstallKB2618444$\wininet.dll

[-] 2011-06-21 . 18A02E70D82B57D68137528251197C78 . 671744 . . [6.00.2900.6126] . . d:\windows\$hf_mig$\KB2559049\SP3QFE\wininet.dll

[-] 2010-05-06 . 109D1EFA1C0BC4EC65EBA39707F31A19 . 916480 . . [8.00.6001.18923] . . d:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3GDR\wininet.dll

[-] 2010-05-06 . A319118B77A91EB08AB2BF098D91900E . 919040 . . [8.00.6001.23014] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

[-] 2010-05-06 . A319118B77A91EB08AB2BF098D91900E . 919040 . . [8.00.6001.23014] . . d:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3QFE\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\system32\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\system32\dllcache\wininet.dll

[-] 2008-04-14 . 80CA4DCDD3DAD65CB8800508076712E7 . 669184 . . [6.00.2900.5512] . . d:\windows\$NtUninstallKB2559049$\wininet.dll

.

((((((((((((((((((((((((((((( SnapShot_2012-08-08_08.40.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-10 07:28 . 2012-08-10 07:28 16384 d:\windows\Temp\Perflib_Perfdata_84.dat

- 2004-08-10 16:05 . 2004-08-10 16:05 99480 d:\windows\system32\FwsVpn.dll

+ 2004-10-15 16:31 . 2004-10-15 16:31 99480 d:\windows\system32\FwsVpn.dll

- 2012-05-31 14:23 . 2012-07-11 06:30 34144 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 34144 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 42848 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 42848 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 19296 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 19296 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-08-08 09:10 . 2012-08-08 09:10 4608 d:\windows\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe

- 2004-08-10 19:39 . 2004-08-10 19:39 218264 d:\windows\system32\SetAid.dll

+ 2004-10-15 16:31 . 2004-10-15 16:31 218264 d:\windows\system32\SetAid.dll

+ 2012-08-08 09:10 . 2012-08-08 09:10 981504 d:\windows\Installer\13e3f.msi

+ 2012-05-31 14:23 . 2012-08-08 18:01 415584 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 415584 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 303456 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 303456 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 571232 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 571232 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 326496 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 326496 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 470616 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 470616 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 178528 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 178528 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

- 2012-08-07 08:12 . 2012-08-07 08:12 128896 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\UNINST_Uninstall_A_DE08FD120270402B91CB0B6B59AB5AF9.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 128896 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\UNINST_Uninstall_A_DE08FD120270402B91CB0B6B59AB5AF9.exe

- 2012-08-07 08:12 . 2012-08-07 08:12 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut4_2C44B39324B94969A0B2A3EFCFBC4594.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut4_2C44B39324B94969A0B2A3EFCFBC4594.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut1_FE807111CB594AE5B9A38430EB516D75.exe

- 2012-08-07 08:12 . 2012-08-07 08:12 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut1_FE807111CB594AE5B9A38430EB516D75.exe

- 2012-08-07 08:12 . 2012-08-07 08:12 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\ARPPRODUCTICON.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 399232 d:\windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\ARPPRODUCTICON.exe

+ 2012-08-08 09:24 . 2012-08-08 09:24 5836288 d:\windows\Installer\b788d.msi

+ 2012-05-31 14:23 . 2012-08-08 18:01 1479520 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 1479520 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 1858400 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 1858400 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 3792736 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 3792736 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2012-05-31 14:23 . 2012-07-11 06:30 1449312 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-05-31 14:23 . 2012-08-08 18:01 1449312 d:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-10-20 11:35 . 2010-10-20 11:35 1858400 d:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\WORDICON.EXE

+ 2011-03-18 20:59 . 2011-03-18 20:59 1422680 d:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\WINWORD.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2012-08-08 896400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="d:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Documents and Settings\\Administrator\\Bureaublad\\Tottents\\RatioMaster.NET.exe"=

"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"d:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"d:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"d:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"d:\\Program Files\\uTorrent\\uTorrent.exe"=

.

R1 sbaphd;sbaphd;d:\windows\system32\drivers\sbaphd.sys [8-8-2012 11:24 21240]

R1 SBRE;SBRE;d:\windows\system32\drivers\SBREDrv.sys [26-10-2011 14:23 101112]

R2 Ad-Aware Service;Ad-Aware Service;d:\program files\Ad-Aware Antivirus\AdAwareService.exe [12-7-2012 18:32 1239952]

R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9-8-2012 14:42 655944]

R2 SBAMSvc;Ad-Aware;d:\program files\Ad-Aware Antivirus\SBAMSvc.exe [19-12-2011 13:20 3289032]

R2 sbapifs;sbapifs;d:\windows\system32\drivers\sbapifs.sys [8-8-2012 11:24 77816]

R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9-8-2012 14:42 22344]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;d:\windows\system32\DNINDIS5.sys [9-12-2011 20:19 17149]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\Microsoft Office\Office14\GROOVE.EXE [12-6-2011 11:15 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;d:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8-8-2012 11:04 113120]

S3 osppsvc;Office Software Protection Platform;d:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 21:37 4640000]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-08 d:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- d:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 16:32]

.

.

------- Bijkomende Scan -------

.

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\08fbvv84.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: network.proxy.ftp - 118.97.208.194

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.http - 118.97.208.194

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 118.97.208.194

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 118.97.208.194

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-10 12:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1275210071-651377827-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,5f,1f,ef,a3,c9,c9,4c,99,39,53,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,5f,1f,ef,a3,c9,c9,4c,99,39,53,\

.

Voltooingstijd: 2012-08-10 12:54:08

ComboFix-quarantined-files.txt 2012-08-10 10:54

ComboFix2.txt 2012-08-10 08:24

ComboFix3.txt 2012-08-08 08:48

ComboFix4.txt 2012-08-07 15:32

ComboFix5.txt 2012-08-10 10:34

.

Pre-Run: 17.330.176.000 bytes beschikbaar

Post-Run: 17.319.555.072 bytes beschikbaar

.

- - End Of File - - 87739BCE36F6A71A72F3B1037E04CEE6

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.