Ga naar inhoud

denk dat ik gehackt word


Aanbevolen berichten

ComboFix 12-08-14.05 - bert 15-08-2012 17:19:45.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.456 [GMT 2:00]

Gestart vanuit: c:\documents and settings\bert\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\bert\Bureaublad\CFScript.txt

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

FILE ::

"C:\user.js"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Babylon

c:\documents and settings\All Users\Application Data\SweetIM

c:\documents and settings\All Users\Application Data\SweetIM\Communicator\conf\communicator.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\adapter.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\autoupdate.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\contentpackages.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\logger.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\messages.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\sweetim.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\sweetimapp.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\conf\users\main_user_config.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\100\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\200\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.html

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.js

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\Bars\Default\400\bar.swf

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\cache_indx.dat

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\contentdb\installcontentvalidation.xml

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\close_but.gif

c:\documents and settings\All Users\Application Data\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\473d5c007e793590a1db512a6ef4eb57.games2.png

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\53b597b55d8412d563b720d3585c1af8.facebook.png

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\5af11f47db7e11200db081b18faa30a0.options_remote44b.html

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\7c1329c14e8f09f2e97e3522bcd7e126.toolbar46.xml

c:\documents and settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache\dda5971490977d5465f836a12522f1a1.games3.png

c:\documents and settings\bert\Application Data\Babylon

c:\documents and settings\bert\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1

c:\documents and settings\bert\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1\Local Store\activation.key

c:\documents and settings\bert\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1\Local Store\activity.log

c:\documents and settings\bert\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1\Local Store\config2.db

c:\documents and settings\bert\Local Settings\Application Data\Conduit

c:\documents and settings\bert\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1613210_1606743_NL.xml

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-15 to 2012-08-15 ))))))))))))))))))))))))))))))

.

.

2012-09-04 16:28 . 2012-09-04 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2012-09-04 09:10 . 2012-09-04 09:10 -------- d-----w- c:\documents and settings\bert\Application Data\PandoraRecovery

2012-09-04 09:10 . 2012-09-04 09:22 -------- d-----w- c:\program files\Pandora Recovery

2012-08-15 15:01 . 2012-08-15 15:02 -------- d-----w- c:\windows\system32\drivers\N360\0603000.00E

2012-08-13 18:59 . 2012-08-13 18:59 388096 ----a-r- c:\documents and settings\bert\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-13 18:59 . 2012-08-13 18:59 -------- d-----w- c:\program files\Trend Micro

2012-08-13 13:33 . 2012-08-13 13:37 -------- d-----w- c:\program files\jv16 PowerTools

2012-08-12 10:37 . 2012-08-12 10:37 -------- d-----w- c:\documents and settings\bert\Application Data\SUPERAntiSpyware.com

2012-08-12 10:36 . 2012-08-12 10:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-12 10:36 . 2012-08-12 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-08-12 10:30 . 2012-08-12 10:30 -------- d-----w- c:\program files\WiseConvert_1.4

2012-08-12 09:11 . 2012-08-12 09:11 -------- d-----w- c:\windows\system32\wbem\Repository

2012-08-12 09:11 . 2012-08-15 15:12 -------- d--h--r- c:\documents and settings\bert\Onlangs geopend

2012-08-12 09:06 . 2012-08-12 09:06 -------- d-----w- c:\documents and settings\bert\Downloads

2012-08-11 09:04 . 2012-08-11 09:04 22 --sha-w- c:\documents and settings\bert\Application Data\Windows1569_SettingsRepository.bin

2012-08-10 23:01 . 2012-08-12 09:06 -------- d-----w- c:\documents and settings\bert\Application Data\vlc

2012-08-10 20:25 . 2012-08-12 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-08-10 18:52 . 2012-08-12 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-08-09 01:38 . 2012-08-12 09:11 -------- d-----w- c:\program files\Windows Installer Clean Up

2012-08-09 01:37 . 2012-08-09 01:37 -------- d-----w- c:\program files\MSECACHE

2012-08-08 19:40 . 2012-08-08 19:40 -------- d-----w- c:\program files\Common Files\Adobe AIR

2012-08-05 23:36 . 2012-08-05 23:36 -------- d-----w- C:\Rbackup

2012-08-03 19:26 . 2012-08-03 19:26 -------- d-----w- c:\program files\FileZilla FTP Client

2012-08-03 19:23 . 2012-08-03 19:27 -------- d-----w- c:\documents and settings\bert\Application Data\FileZilla

2012-08-03 13:51 . 2012-08-03 13:51 317 ----a-w- C:\user.js

2012-08-02 21:31 . 2012-08-02 21:31 -------- d-----w- c:\documents and settings\bert\Application Data\OpenOffice.org

2012-08-02 21:28 . 2012-08-03 14:00 -------- d-----w- c:\program files\OpenOffice.org 3

2012-08-02 20:22 . 2012-08-10 20:45 -------- d-----w- c:\windows\system32\Adobe

2012-08-02 14:17 . 2012-08-02 14:17 -------- d-----w- c:\windows\Sun

2012-08-02 14:17 . 2012-08-02 14:17 -------- d-----w- c:\documents and settings\bert\Local Settings\Application Data\Sun

2012-08-02 00:55 . 2012-08-02 00:55 -------- d-----w- c:\program files\Common Files\Java

2012-08-02 00:55 . 2012-08-02 00:55 -------- d-----w- c:\program files\Oracle

2012-08-02 00:54 . 2012-07-05 20:07 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-02 00:54 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-02 00:54 . 2012-07-05 20:06 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-02 00:53 . 2012-08-02 00:53 -------- d-----w- c:\program files\Java

2012-08-01 11:19 . 2012-08-01 11:19 -------- d-----w- C:\bert

2012-07-29 13:55 . 2012-07-29 13:55 -------- d-----w- c:\windows\system32\N360_BACKUP

2012-07-26 11:40 . 2012-07-26 11:40 -------- d-----w- c:\program files\Common Files\HP

2012-07-26 11:37 . 2012-07-26 11:37 -------- d-----w- c:\program files\Hewlett-Packard

2012-07-26 11:36 . 2012-07-26 11:36 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2012-07-26 11:34 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys

2012-07-26 11:34 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2012-07-26 11:34 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

2012-07-26 11:34 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-07-26 11:34 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2012-07-26 11:34 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-07-26 11:34 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

2012-07-26 11:33 . 2004-09-29 10:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll

2012-07-26 11:33 . 2004-09-29 10:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2012-07-26 11:33 . 2004-09-29 10:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll

2012-07-26 11:33 . 2004-09-29 10:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll

2012-07-26 11:33 . 2004-09-29 10:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe

2012-07-26 11:33 . 2004-09-29 10:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll

2012-07-26 11:32 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe

2012-07-26 11:29 . 2012-07-26 11:42 -------- d-----w- c:\program files\HP

2012-07-25 16:59 . 2012-07-26 15:41 -------- d-----w- c:\windows\SxsCaPendDel

2012-07-22 12:27 . 2012-07-22 12:27 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2012-07-22 12:26 . 2012-07-22 12:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-07-22 12:26 . 2012-07-22 12:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI

2012-07-22 12:26 . 2012-07-22 12:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI

2012-07-22 12:24 . 2012-07-22 12:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-07-18 20:07 . 2012-07-18 20:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-07-18 20:04 . 2012-07-18 20:04 -------- d-----w- c:\program files\Lavasoft

2012-07-18 20:04 . 2012-07-25 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 16:50 . 2012-06-27 17:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-27 16:50 . 2012-06-27 17:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 17:28 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-07-11 17:28 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-07-06 13:58 . 2005-05-30 09:39 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2006-06-27 20:39 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:23 . 2005-05-30 09:40 1866240 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:38 . 2005-05-30 09:40 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:38 . 2005-05-30 09:39 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:38 . 2005-05-30 09:39 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2005-05-30 09:39 385024 ------w- c:\windows\system32\html.iec

2012-06-30 09:20 . 2012-06-27 15:06 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2012-06-30 09:20 . 2012-06-27 15:06 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-06-24 18:30 . 2012-06-26 21:14 234 ----a-w- c:\documents and settings\bert\out.reg

2012-06-05 15:49 . 2008-04-14 17:02 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2005-05-30 09:39 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:35 . 2006-06-27 20:41 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-04 15:35 . 2012-06-04 15:35 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2005-05-30 09:40 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2006-06-27 20:41 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2006-06-27 20:41 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2006-06-27 20:41 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2006-06-27 20:41 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2005-05-30 09:39 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2006-06-27 20:41 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-08-06 17:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2006-06-27 20:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2012-06-27 04:26 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2012-06-27 04:26 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-05-31 13:22 . 2005-05-30 09:39 602624 ----a-w- c:\windows\system32\crypt32.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="c:\windows\ATK0100\HControl.exe" [2005-12-14 106496]

"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2005-11-08 17920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Catalyst System Tray.lnk]

backup=c:\windows\pss\Catalyst System Tray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABLKSR]

2006-01-02 19:14 61440 ----a-w- c:\windows\ABLKSR\ABLKSR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

2005-11-02 17:33 180224 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2005-08-12 12:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]

2006-01-02 18:36 49152 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]

2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2004-08-10 02:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]

2005-11-28 09:47 569413 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-09-13 13:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

2005-11-28 09:41 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

2005-12-05 10:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Download Manager{N360P_prod_1.6.18_5.1.0.29}]

2012-01-20 21:05 397768 ----a-w- c:\documents and settings\All Users\Documenten\Norton\{N360P_prod_1.6.18_5.1.0.29}\N360Downloader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]

2006-01-03 13:51 561152 ----a-w- c:\program files\ASUS\PowerForPhone\PowerForPhone.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]

2005-12-05 18:24 86016 ----a-w- c:\program files\ASUS\Power4 Gear\BatteryLife.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 18:24 32768 ----a-w- c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2005-12-09 00:49 15691264 ----a-r- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-07-09 23:38 4777856 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-10-21 00:26 761945 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]

2005-10-17 15:09 987136 ----a-w- c:\program files\Wireless Console 2\wcourier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0603000.00E\symds.sys [15-8-2012 17:02 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0603000.00E\symefa.sys [15-8-2012 17:02 924320]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx86.sys [11-8-2012 2:25 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0603000.00E\ccsetx86.sys [15-8-2012 17:01 132768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 18:27 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [12-7-2011 23:55 67664]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0603000.00E\ironx86.sys [15-8-2012 17:01 149624]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12-8-2011 1:38 116608]

R2 ITECIRService;ITE Remote Control Service;c:\windows\system32\RemoteControlService.exe [28-6-2006 8:45 656384]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.3.0.14\ccsvchst.exe [15-8-2012 17:01 138272]

R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [28-6-2006 8:27 692992]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12-8-2012 9:21 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120814.005\IDSXpx86.sys [15-8-2012 17:03 369632]

R3 ITECIR;ITE CIR Driver;c:\windows\system32\drivers\ITECIR.sys [28-6-2006 8:45 7366]

R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [28-6-2006 8:39 702326]

R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [28-6-2006 8:39 4790]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27-6-2012 19:03 250056]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 16:50]

.

2012-08-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5913b5bc-ec2a-46d9-b533-3fd7db72b150.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-08-15 c:\windows\Tasks\User_Feed_Synchronization-{A112130D-0FD4-49BE-B380-D0336C9E6BEA}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startkabel.nl/

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

.

- - - - ORPHANS VERWIJDERD - - - -

.

MSConfigStartUp-Google Update - c:\documents and settings\bert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-15 17:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(964)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2012-08-15 17:40:18

ComboFix-quarantined-files.txt 2012-08-15 15:40

ComboFix2.txt 2012-08-14 15:49

.

Pre-Run: 40.829.515.264 bytes beschikbaar

Post-Run: 40.924.854.272 bytes beschikbaar

.

- - End Of File - - 01C8034C7ECBD24440586D9D8F79D090

Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In XP doe je dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

Link naar reactie
Delen op andere sites

na het opnieuw opstarten om het systeemherstel in te schakelen krijg ik het volgende berichtsysteemconfiguratieer is een toegang geweigerd-fout opgetreden bij de poging om een service te veranderen.u dient mogelijk u aan te meldenmet een beheerdersaccount als u de opgegeven veranderingen wilt doorvoeren.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.