Ga naar inhoud

PC Optimizer Pro Speed Guard - Radeloos

contextbinder
 Delen

Aanbevolen berichten

contextbinder Leerling

contextbinder

Geplaatst:
  • Auteur
Geplaatst:

Log van Combofix

ComboFix 12-12-04.01 - peter 06/12/2012 19:42:44.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.653 [GMT 1:00]

Gestart vanuit: c:\users\peter\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\peter\Desktop\CFScript.txt

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Java\jre7\bin\ssv.dll

c:\users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2 .lnk

c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

c:\windows\assembly\GAC\Desktop.ini

c:\windows\msvcr71.dll

c:\windows\wininit.ini

.

Besmet exemplaar van c:\windows\system32\Services.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-06 to 2012-12-06 ))))))))))))))))))))))))))))))

.

.

2012-12-06 19:17 . 2012-12-06 19:21 -------- d-----w- c:\users\peter\AppData\Local\temp

2012-12-06 19:17 . 2012-12-06 19:17 -------- d-----w- c:\users\Frieda\AppData\Local\temp

2012-12-06 19:17 . 2012-12-06 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-06 18:43 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC1F4D2D-1E62-4E23-84DB-E593B90BE7FE}\mpengine.dll

2012-12-06 17:17 . 2012-12-06 17:37 -------- d-----w- C:\32788R22FWJFW(1)

2012-12-05 21:41 . 2012-12-06 17:48 -------- d-----w- c:\users\peter\AppData\Local\Temp(10)

2012-12-05 21:41 . 2012-12-05 21:41 -------- d-----w- c:\users\Frieda\AppData\Local\Temp(7)

2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\users\peter\AppData\Roaming\Malwarebytes

2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\programdata\Malwarebytes

2012-12-02 10:55 . 2012-12-05 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-02 10:55 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-02 00:41 . 2012-12-02 00:41 -------- d-----w- c:\programdata\HitmanPro

2012-12-01 15:16 . 2012-12-01 15:16 -------- d-----w- c:\program files\Enigma Software Group

2012-12-01 15:15 . 2012-12-02 15:12 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP

2012-12-01 15:15 . 2012-12-01 15:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-12-01 14:29 . 2012-12-01 14:29 181808 ----a-w- c:\windows\RegBootClean.exe

2012-12-01 13:41 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-11-30 20:10 . 2012-11-30 22:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-30 20:09 . 2012-12-01 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2012-11-30 19:54 . 2012-11-30 19:55 -------- d-----w- c:\users\peter\AppData\Roaming\Luxology

2012-11-30 19:41 . 2012-11-30 22:12 -------- d-----w- c:\program files\SweetIM

2012-11-30 19:41 . 2012-11-30 19:41 -------- d-----w- c:\program files\RegCleaner

2012-11-30 15:26 . 2012-11-30 15:26 -------- d-----w- c:\users\Frieda\AppData\Roaming\Grisoft

2012-11-28 20:23 . 2012-11-28 20:23 -------- d-----w- c:\programdata\Grisoft

2012-11-15 13:42 . 2012-11-15 13:42 -------- d-----w- c:\program files\Common Files\Java

2012-11-15 13:41 . 2012-11-15 13:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-14 10:51 . 2012-11-14 10:51 -------- d-----w- c:\users\peter\AppData\Roaming\Optimizer Pro

2012-11-14 10:35 . 2012-11-14 10:35 -------- d-----w- c:\program files\MocaFlix

2012-11-14 10:35 . 2012-12-02 00:49 -------- d-----w- c:\programdata\Premium

2012-11-14 10:35 . 2012-11-14 10:35 -------- d-----w- c:\program files\Optimizer Pro

2012-11-14 10:35 . 2012-12-01 14:29 -------- d-----w- c:\programdata\SaveAs

2012-11-14 10:35 . 2012-12-02 00:49 -------- d-----w- c:\programdata\InstallMate

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-06 19:21 . 2007-10-30 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-11-19 10:39 . 2012-03-28 17:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-19 10:39 . 2012-03-28 17:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-15 13:40 . 2012-08-19 11:25 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-15 13:40 . 2010-05-18 17:43 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-01 17:25 . 2012-11-01 17:24 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]

"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]

"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-30 33136]

"DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-07-21 988160]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [bU]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-12-10 692224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 10:39]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001Core.job

- c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001UA.job

- c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = w2003-sbs:8080

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2012-11-14 11:46; 50a3769af1bf0@50a3769af1c33.com; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\50a3769af1bf0@50a3769af1c33.com

FF - ExtSQL: 2012-11-30 21:05; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

FF - ExtSQL: !HIDDEN! 2009-12-26 15:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-12-06 20:23

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3260)

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\ASUS\NB Probe\SPM\spmgr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\program files\ATKOSD2\ATKOSD2.exe

c:\program files\Wireless Console 2\wcourier.exe

c:\program files\P4G\BatteryLife.exe

c:\program files\ASUS\Splendid\ACMON.exe

c:\windows\System32\ACEngSvr.exe

c:\program files\ATK Hotkey\ATKOSD.exe

c:\program files\ATK Hotkey\KBFiltr.exe

c:\program files\ATK Hotkey\WDC.exe

c:\windows\system32\conime.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Voltooingstijd: 2012-12-06 20:30:51 - machine werd herstart

ComboFix-quarantined-files.txt 2012-12-06 19:30

ComboFix2.txt 2012-12-05 21:41

.

Pre-Run: 28.670.705.664 bytes beschikbaar

Post-Run: 26.776.424.448 bytes beschikbaar

.

- - End Of File - - 0CAF29E84624DE2DA333E3FA1BD71E0A

Log van HJT

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:46:10, on 6/12/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Apoint2K\Apvfb.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\peter\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w2003-sbs:8080

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - Sign in

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--

End of file - 7339 bytes

Link naar reactie
Delen op andere sites
  • Reacties 40
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

contextbinder Leerling

contextbinder

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Net combofix uitgevoerd in veilige modus - ziet er al beter uit, daarna HJT in normale modus,

Log HJT

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:26:29, on 7/12/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apvfb.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\peter\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w2003-sbs:8080

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - Sign in

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--

End of file - 7119 bytes

Log van Combofix

ComboFix 12-12-04.01 - peter 07/12/2012 18:42:16.2.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1615 [GMT 1:00]

Gestart vanuit: C:\Users\peter\Desktop\ComboFix.exe

gebruikte Opdracht switches :: C:\Users\peter\Desktop\CFScript.txt

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program files\MocaFlix

c:\program files\MocaFlix\sprotector.dll

c:\program files\MocaFlix\uninstall.exe

c:\program files\Optimizer Pro

c:\program files\Optimizer Pro\Ducth.ini

c:\program files\Optimizer Pro\file_id.diz

c:\program files\Optimizer Pro\HomePage.url

c:\program files\Optimizer Pro\OptimizerPro.chm

c:\program files\Optimizer Pro\OptimizerPro.exe

c:\program files\Optimizer Pro\OptProGuard.exe

c:\program files\Optimizer Pro\OptProLauncher.exe

c:\program files\Optimizer Pro\OptProReminder.exe

c:\program files\Optimizer Pro\OptProSchedule.exe

c:\program files\Optimizer Pro\OptProSmartScan.exe

c:\program files\Optimizer Pro\OptProStart.exe

c:\program files\Optimizer Pro\OptProUninstaller.exe

c:\program files\Optimizer Pro\scan.gif

c:\program files\Optimizer Pro\sqlite3.dll

c:\program files\Optimizer Pro\unins000.dat

c:\program files\Optimizer Pro\unins000.exe

c:\program files\SweetIM

c:\programdata\InstallMate

c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\_Setup.dll

c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\_Setupx.dll

c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\20121114113510.log

c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\Setup.dat

c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\Setup.exe

c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\Setup.ico

c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\TsuDll.dll

c:\programdata\Premium

c:\programdata\SaveAs

c:\programdata\SaveAs\50a3769af1dc4.html

c:\programdata\SaveAs\50a3769af1dfc.js

c:\programdata\SaveAs\kkjbkcckcjoofommgofpeljnnkddjcpg.crx

c:\programdata\SaveAs\settings.ini

c:\programdata\SaveAs\uninstall.exe

c:\users\peter\AppData\Roaming\Optimizer Pro

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCall.dll

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla.dll

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla17.dll

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla18.exe

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla19.dll

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla2.dll

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla20.dll

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.dll

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.exe

c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseData.ini

aangepast door contextbinder
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit mag je nog doen met HijackThis:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

En dan nog graag het volledige log van Combofix (zoals Mako al aangegeven heeft in vorig bericht).

Link naar reactie
Delen op andere sites
contextbinder Leerling

contextbinder

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

heb combofix nog 3 maal opgestart met CFScript, 1 keer in veilige modus, 1 keer in veilige modus met netwerkmogelijkheden (tevens update van Combofix) en 1 keer in normale modus.

In veilige modus: Bij het verschijnen van het blauwe scherm de melding: Kan het bericht nr 0x8 niet vinden in berichtenbestand voor systeem. Daarna maakt hij herstelpunt en begint te scannen. Tussen punt 38 en 39 krijg ik de melding: Access denied, admin permission needed to use the selected option, use admin command prompt to complete. Het scannen gaat gewoon door tot het einde (met elke keer de melding voltooid). Na het scannen krijg ik de melding in het blauwe scherm dat het rapport wordt voorbereid. Daarna verdwijnt het blauwe scherm en gebeurt er niets meer - meer dan 1 uur gewacht.

Veilige modus met netwerkmogelijkheden - idem

Gewone modus: Combofix laad het CFScript maar start niet op -blauwe scherm verschijnt niet - 50min gewacht.

Vraagje: Kan je in taakbeheer zien of Combofix actief is ?

Heb HJT uitgevoerd en de 2 punten aangevinkt - zal log plaatsen in volgende post.

Link naar reactie
Delen op andere sites
contextbinder Leerling

contextbinder

Geplaatst:
  • Auteur
Geplaatst:

Vergeten te vermelden bij vorige post: PC heeft 2 gebruikers, altijd ingelogd als Admin

Logje van HJT

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:04:57, on 8/12/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Apoint2K\Apvfb.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Windows\system32\conime.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\peter\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w2003-sbs:8080

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - Sign in

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--

End of file - 7062 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst: (aangepast)

Kijk eens in je C-partitie of daar het nieuwe logje combofix.txt niet aanwezig is ?

En de twee lijntjes van HijackThis zitten nog steeds in je nieuwe log. Heb je dit als Vista-gebruiker uitgevoerd als "administrator" ? Zo nee, wil je het dan nog eens op die wijze doen en daarna een nieuw logje in een volgend bericht hangen.

aangepast door kape
Link naar reactie
Delen op andere sites
contextbinder Leerling

contextbinder

Geplaatst:
  • Auteur
Geplaatst:

Heb voor de zekerheid de HijachThis opgestart en optie Als Admin gekozen (niet tegenstaande dat het account peter als Admin staat vermeld bij gebruikersprofielen Windows), is nu wel gelukt. Aansluitend Combofix nogmaals geprobeerd, deze keer met succes, beide logs hieronder

Log van HJT

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:02:31, on 8/12/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Apoint2K\Apvfb.exe

C:\Windows\system32\conime.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\peter\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w2003-sbs:8080

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - Sign in

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--

End of file - 7081 bytes

Log Combofix

ComboFix 12-12-07.01 - peter 08/12/2012 17:16:20.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1268 [GMT 1:00]

Gestart vanuit: c:\users\peter\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\peter\Desktop\CFScript.txt

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-08 to 2012-12-08 ))))))))))))))))))))))))))))))

.

.

2012-12-08 16:43 . 2012-12-08 16:44 -------- d-----w- c:\users\peter\AppData\Local\temp

2012-12-08 16:43 . 2012-12-08 16:43 -------- d-----w- c:\users\Frieda\AppData\Local\temp

2012-12-08 16:43 . 2012-12-08 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-07 18:32 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81D5AA85-06C8-4537-A29C-E580F95C1788}\mpengine.dll

2012-12-07 17:25 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-12-07 17:25 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-12-07 17:25 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-12-07 17:25 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-12-06 18:29 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-06 18:28 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-12-06 18:27 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-12-06 18:27 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-12-06 17:17 . 2012-12-06 17:37 -------- d-----w- C:\32788R22FWJFW(1)

2012-12-05 21:41 . 2012-12-06 17:48 -------- d-----w- c:\users\peter\AppData\Local\Temp(10)

2012-12-05 21:41 . 2012-12-05 21:41 -------- d-----w- c:\users\Frieda\AppData\Local\Temp(7)

2012-12-05 20:42 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll

2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\users\peter\AppData\Roaming\Malwarebytes

2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\programdata\Malwarebytes

2012-12-02 10:55 . 2012-12-05 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-02 10:55 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-02 00:41 . 2012-12-02 00:41 -------- d-----w- c:\programdata\HitmanPro

2012-12-01 15:16 . 2012-12-01 15:16 -------- d-----w- c:\program files\Enigma Software Group

2012-12-01 15:15 . 2012-12-01 15:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-12-01 14:29 . 2012-12-01 14:29 181808 ----a-w- c:\windows\RegBootClean.exe

2012-12-01 13:41 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-11-30 20:10 . 2012-11-30 22:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-30 20:09 . 2012-12-01 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2012-11-30 19:54 . 2012-11-30 19:55 -------- d-----w- c:\users\peter\AppData\Roaming\Luxology

2012-11-30 19:41 . 2012-11-30 19:41 -------- d-----w- c:\program files\RegCleaner

2012-11-30 15:26 . 2012-11-30 15:26 -------- d-----w- c:\users\Frieda\AppData\Roaming\Grisoft

2012-11-28 20:23 . 2012-11-28 20:23 -------- d-----w- c:\programdata\Grisoft

2012-11-15 13:42 . 2012-11-15 13:42 -------- d-----w- c:\program files\Common Files\Java

2012-11-15 13:41 . 2012-11-15 13:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-06 19:40 . 2007-10-30 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-11-19 10:39 . 2012-03-28 17:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-19 10:39 . 2012-03-28 17:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-15 13:40 . 2012-08-19 11:25 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-15 13:40 . 2010-05-18 17:43 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-06 19:44 . 2012-12-06 19:43 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]

"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]

"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-30 33136]

"DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-07-21 988160]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [bU]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-12-10 692224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 10:39]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21]

.

2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001Core.job

- c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001UA.job

- c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = w2003-sbs:8080

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2012-11-14 11:46; 50a3769af1bf0@50a3769af1c33.com; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\50a3769af1bf0@50a3769af1c33.com

FF - ExtSQL: !HIDDEN! 2009-12-26 15:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe

AddRemove-{16726771-C380-4280-BAF9-1223B3838786} - c:\programdata\SaveAs\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-12-08 17:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(4208)

c:\program files\SetPoint\GameHook.dll

c:\program files\SetPoint\lgscroll.dll

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

c:\program files\ASUS\ASUS Direct Console\MSNHOOK.DLL

.

Voltooingstijd: 2012-12-08 17:49:49

ComboFix-quarantined-files.txt 2012-12-08 16:49

ComboFix2.txt 2012-12-06 19:30

ComboFix3.txt 2012-12-05 21:41

.

Pre-Run: 27.593.560.064 bytes beschikbaar

Post-Run: 27.356.291.072 bytes beschikbaar

.

- - End Of File - - A1408ABD3AA9BC8C65CF6C97BE747E63

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\SweetIM

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sweetpacks Communicator"=-

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.