Ga naar inhoud

KB951847 update failure en terugkerend win32/Heur

Heavenleigh

Door Heavenleigh
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

Heavenleigh Groentje

Heavenleigh

Geplaatst:
Geplaatst:

Mijn PC was geinfecteerd met win32/heur en heb het diverse keren proberen te verwijderen met AVG. Het ene moment blijkt het virus vrij te zijn, maar na opnieuw starten van de pc blijkt het er toch steeds weer terug te komen. Ik heb geprobeerd een Windows KB951847 update te doen, maar krijg iedere keer een foutmelding.

Ik zou jullie willen vragen naar mijn volgende Hijackthis log te kijken:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:09:12, on 22-2-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe

C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Norton Security Scan\Nss.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\CLEAN\dotNetFx35setup.exe

e:\c9159c63dbcc4f77205b\setup.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.641\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235069245625

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

--

End of file - 8508 bytes

Alvast bedankt.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Om optimaal te werken moet je HiJackThis wel in een eigen map zetten en niet in een tijdelijke map (zoals nu het geval is). Neem bvb. C:\ProgramFiles\TrendMicro\HiJackthis als map en plaats daar de bestanden van HJT in.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
Heavenleigh Groentje

Heavenleigh

Geplaatst:
  • Auteur
Geplaatst:

Ik heb je raad opgevolgd, dit zijn de logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:12:28, on 22-2-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe

C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\TrendMicro\HiJackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235069245625

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

--

End of file - 7311 bytes

ComboFix 09-02-21.01 - Administrator 2009-02-22 20:05:22.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1022.622 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-22 to 2009-02-22 ))))))))))))))))))))))))))))))

.

2009-02-22 19:33 . 2009-02-22 19:33 <DIR> d----c--- c:\program files\TrendMicro

2009-02-22 11:07 . 2009-02-22 11:08 <DIR> d----c--- c:\windows\SxsCaPendDel

2009-02-22 10:08 . 2009-02-22 10:08 <DIR> d----c--- c:\program files\Windows Defender

2009-02-22 09:48 . 2008-04-21 19:46 331,776 -----c--- c:\windows\system32\dllcache\ipnathlp.dll

2009-02-22 09:25 . 2009-02-22 15:14 <DIR> d----c--- c:\program files\Common Files\Symantec Shared

2009-02-22 09:24 . 2009-02-22 15:13 <DIR> d----c--- c:\program files\Norton Security Scan

2009-02-22 08:54 . 2009-02-22 08:54 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware

2009-02-22 08:54 . 2009-02-22 08:54 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-22 08:54 . 2009-02-22 08:54 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-02-22 08:54 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-22 08:54 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys

2009-02-21 18:33 . 2009-02-21 18:35 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Autodesk

2009-02-21 18:13 . 2009-02-21 18:14 <DIR> d----c--- c:\program files\Turbo Squid Tentacles

2009-02-21 18:12 . 2009-02-21 18:12 <DIR> d----c--- c:\program files\Microsoft WSE

2009-02-21 18:05 . 2009-02-21 18:08 <DIR> d----c--- c:\program files\Common Files\Autodesk Shared

2009-02-21 18:05 . 2009-02-21 18:33 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Autodesk

2009-02-21 18:04 . 2009-02-21 18:08 <DIR> d----c--- c:\program files\Autodesk

2009-02-21 18:04 . 2007-05-16 16:45 3,497,832 --a--c--- c:\windows\system32\d3dx9_34.dll

2009-02-21 18:04 . 2006-11-29 13:06 3,426,072 --a--c--- c:\windows\system32\d3dx9_32.dll

2009-02-21 18:04 . 2006-09-28 16:05 2,414,360 --a--c--- c:\windows\system32\d3dx9_31.dll

2009-02-21 18:04 . 2007-05-16 16:45 1,124,720 --a--c--- c:\windows\system32\D3DCompiler_34.dll

2009-02-21 18:04 . 2007-05-16 16:45 443,752 --a--c--- c:\windows\system32\d3dx10_34.dll

2009-02-21 17:44 . 2009-02-21 17:44 <DIR> d----c--- c:\program files\e-on software

2009-02-21 17:36 . 2009-02-21 17:46 294 --a--c--- c:\windows\Vue 6 xStream.reg

2009-02-21 17:22 . 2009-02-21 17:22 <DIR> d----c--- c:\program files\DAEMON Tools Lite

2009-02-21 17:10 . 2009-02-21 17:10 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\DAEMON Tools

2009-02-21 17:10 . 2009-02-21 17:10 717,296 --a--c--- c:\windows\system32\drivers\sptd.sys

2009-02-21 16:43 . 2009-02-21 16:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Sony

2009-02-21 13:34 . 2009-02-21 13:34 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Trymedia

2009-02-21 11:49 . 2009-02-21 11:49 15,252,613 --a--c--- c:\windows\system32\xa34140312.exe

2009-02-21 11:49 . 2009-02-21 11:49 15,252,613 --a--c--- c:\windows\system32\xa34122859.exe

2009-02-21 11:17 . 2009-02-21 11:17 <DIR> d----c--- c:\program files\CleanMyPC

2009-02-21 10:58 . 2009-02-21 10:58 <DIR> d----c--- c:\program files\ReflexiveArcade

2009-02-21 10:16 . 2009-02-21 10:16 <DIR> d----c--- c:\windows\Yard Sale Hidden Treasures Sunnyville

2009-02-21 10:10 . 2009-02-21 10:10 <DIR> d----c--- c:\windows\Adventure Chronicles The Search for Lost Treasure

2009-02-21 10:09 . 2009-02-21 10:09 <DIR> d----c--- c:\windows\Amazing Adventures 2 - Around the World

2009-02-21 09:06 . 2009-02-21 09:06 <DIR> d----c--- c:\program files\uTorrent

2009-02-21 09:06 . 2009-02-21 11:58 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\uTorrent

2009-02-21 09:02 . 2009-02-21 09:02 <DIR> d--hsc--- c:\documents and settings\Administrator\IECompatCache

2009-02-21 02:41 . 2009-02-21 02:41 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Publish Providers

2009-02-21 02:40 . 2009-02-21 16:56 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Sony

2009-02-21 02:36 . 2009-02-21 02:36 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Leadertech

2009-02-21 02:10 . 2009-02-21 02:10 <DIR> d----c--- c:\program files\Vstplugins

2009-02-21 02:10 . 2009-02-21 16:42 <DIR> d----c--- c:\program files\Sony

2009-02-21 02:02 . 2009-02-22 14:13 <DIR> d----c--- c:\windows\system32\XPSViewer

2009-02-21 02:01 . 2009-02-21 02:01 <DIR> d----c--- c:\program files\Reference Assemblies

2009-02-21 02:01 . 2006-06-29 13:07 14,048 -----c--- c:\windows\system32\spmsg2.dll

2009-02-21 01:54 . 2009-02-21 01:54 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Sony Setup

2009-02-21 01:53 . 2009-02-21 01:53 <DIR> d----c--- c:\program files\Sony Setup

2009-02-20 19:03 . 2009-02-20 19:03 <DIR> d----c--- c:\documents and settings\All Users\Application Data\PlayPond

2009-02-20 08:22 . 2009-02-22 19:12 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\skypePM

2009-02-20 08:22 . 2009-02-20 08:22 56 --ah-c--- c:\windows\system32\ezsidmv.dat

2009-02-20 08:21 . 2009-02-20 08:21 <DIR> dr---c--- c:\program files\Skype

2009-02-20 08:21 . 2009-02-20 08:21 <DIR> d----c--- c:\program files\Common Files\Skype

2009-02-20 08:21 . 2009-02-20 08:21 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Skype

2009-02-20 08:21 . 2009-02-22 20:00 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Skype

2009-02-20 07:41 . 2009-02-20 07:41 368,640 --a--c--- c:\windows\system32\ReWire.dll

2009-02-20 07:41 . 2009-02-20 07:41 233,472 --a--c--- c:\windows\system32\REX Shared Library.dll

2009-02-20 07:26 . 2009-02-20 07:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Propellerhead Software

2009-02-20 07:26 . 2009-02-20 07:41 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Propellerhead Software

2009-02-20 07:25 . 2008-10-16 14:06 268,648 --a--c--- c:\windows\system32\mucltui.dll

2009-02-20 07:25 . 2008-10-16 14:06 27,496 --a--c--- c:\windows\system32\mucltui.dll.mui

2009-02-20 07:24 . 2009-02-20 07:24 <DIR> d----c--- c:\program files\Propellerhead

2009-02-19 22:35 . 2009-02-21 18:51 <DIR> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP

2009-02-19 21:20 . 2009-02-19 21:20 14 --a--c--- c:\windows\popcinfo.dat

2009-02-19 21:16 . 2009-02-22 17:23 61,440 --a--c--- c:\windows\system32\Big Kahuna Reef 2.scr

2009-02-19 21:11 . 2009-02-19 21:11 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Canvas Multi-Media

2009-02-19 21:10 . 2009-02-21 14:38 <DIR> d----c--- c:\program files\Zylom Games

2009-02-19 21:10 . 2009-02-19 21:10 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Zylom

2009-02-19 21:10 . 2009-02-19 21:19 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Zylom

2009-02-19 20:24 . 2009-02-21 02:37 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Sonic

2009-02-19 20:12 . 2009-02-19 20:12 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Macrovision

2009-02-19 20:11 . 2009-02-19 20:11 <DIR> d----c--- c:\program files\Common Files\Adobe Systems Shared

2009-02-19 20:03 . 2009-02-19 20:03 <DIR> d----c--- c:\windows\system32\Adobe

2009-02-19 20:03 . 2009-02-22 17:28 16,384 --a--c--- c:\windows\system32\FileOps.exe

2009-02-19 19:56 . 2009-02-21 01:47 <DIR> d----c--- c:\program files\Common Files\Adobe

2009-02-19 19:51 . 2009-02-19 19:51 <DIR> d----c--- c:\program files\CyberLink

2009-02-19 19:49 . 2009-02-19 19:49 <DIR> d----c--- c:\program files\Common Files\Sonic

2009-02-19 19:48 . 2009-02-19 20:22 <DIR> d----c--- c:\windows\system32\dla

2009-02-19 19:48 . 2009-02-19 19:48 <DIR> d----c--- c:\program files\Sonic

2009-02-19 19:48 . 2009-02-19 19:48 <DIR> d----c--- c:\program files\Common Files\SureThing Shared

2009-02-19 19:48 . 2009-02-22 17:05 98,304 --a--c--- c:\windows\dla.exe

2009-02-19 19:48 . 2004-08-04 03:21 87,136 --a--c--- c:\windows\system32\drivers\drvmcdb.sys

2009-02-19 19:48 . 2004-08-13 01:05 61,498 --a--c--- c:\windows\system32\tfswapi.dll

2009-02-19 19:48 . 2004-08-13 02:56 40,544 --a--c--- c:\windows\system32\drivers\drvnddm.sys

2009-02-19 19:48 . 2004-07-14 11:28 23,545 --a--c--- c:\windows\system32\drivers\ssrtln.sys

2009-02-19 19:48 . 2004-07-14 11:29 5,627 --a--c--- c:\windows\system32\drivers\sscdbhk5.sys

2009-02-19 19:48 . 2009-02-19 19:48 138 --a--c--- c:\windows\wininit.ini

2009-02-19 19:13 . 2009-02-19 19:14 <DIR> d----c--- c:\documents and settings\Administrator\Contacts

2009-02-19 19:12 . 2009-02-19 19:12 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-02-19 19:12 . 2009-02-19 19:12 <DIR> d----c--- c:\program files\MSN Messenger

2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d----c--- c:\program files\Windows Media Connect 2

2009-02-19 19:02 . 2006-10-26 19:56 32,592 --a--c--- c:\windows\system32\msonpmon.dll

2009-02-19 19:01 . 2009-02-19 19:03 <DIR> d----c--- c:\windows\system32\drivers\UMDF

2009-02-19 18:59 . 2009-02-21 02:08 <DIR> d----c--- c:\program files\MSBuild

2009-02-19 18:59 . 2009-02-19 18:59 <DIR> d----c--- c:\program files\Microsoft Works

2009-02-19 18:49 . 2009-02-19 18:58 <DIR> d----c--- c:\windows\SHELLNEW

2009-02-19 18:48 . 2009-02-22 13:00 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-02-19 18:47 . 2009-02-19 18:47 <DIR> dr-h-c--- C:\MSOCache

2009-02-19 06:07 . 2009-02-19 06:07 <DIR> d--hsc--- c:\documents and settings\Administrator\PrivacIE

2009-02-19 06:07 . 2009-02-19 06:07 <DIR> d--hsc--- c:\documents and settings\Administrator\IETldCache

2009-02-19 05:40 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2009-02-18 22:19 . 2009-02-22 19:54 <DIR> d--h-c--- C:\$AVG8.VAULT$

2009-02-18 22:11 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-18 22:11 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-18 22:11 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-18 22:11 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-18 22:11 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-02-18 22:11 . 2008-06-14 18:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-02-18 22:10 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2009-02-18 22:10 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-02-18 22:10 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-02-18 22:10 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-02-18 22:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-02-18 22:10 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-02-18 22:10 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-02-18 22:05 . 2008-04-14 22:32 81,920 -----c--- c:\windows\system32\ieencode.dll

2009-02-18 22:03 . 2006-12-29 00:31 19,569 --a--c--- c:\windows\000001_.tmp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 16:31 9,216 -c--a-w c:\windows\system32\subst.exe

2009-02-22 16:30 98,304 -c--a-w c:\windows\system32\scardsvr.exe

2009-02-22 16:29 88,576 -c--a-w c:\windows\system32\netsh.exe

2009-02-22 16:28 9,728 -c--a-w c:\windows\system32\label.exe

2009-02-22 16:27 83,968 -c--a-w c:\windows\system32\dpvsetup.exe

2009-02-22 16:27 64,512 -c--a-w c:\windows\system32\driverquery.exe

2009-02-22 16:27 4,608 -c--a-w c:\windows\system32\dllhst3g.exe

2009-02-22 16:27 29,696 -c--a-w c:\windows\system32\dplaysvr.exe

2009-02-22 16:27 225,280 -c--a-w c:\windows\system32\dmadmin.exe

2009-02-22 16:27 18,432 -c--a-w c:\windows\system32\dpnsvr.exe

2009-02-22 16:27 15,872 -c--a-w c:\windows\system32\dmremote.exe

2009-02-22 16:27 10,752 -c--a-w c:\windows\system32\doskey.exe

2009-02-22 16:24 87,040 -c--a-w c:\windows\system32\diantz.exe

2009-02-22 16:24 82,944 -c--a-w c:\windows\system32\dfrgfat.exe

2009-02-22 16:24 6,144 -c--a-w c:\windows\system32\dcomcnfg.exe

2009-02-22 16:24 31,232 -c--a-w c:\windows\system32\ddeshare.exe

2009-02-22 16:24 25,088 -c--a-w c:\windows\system32\defrag.exe

2009-02-22 16:24 18,944 -c--a-w c:\windows\system32\diskperf.exe

2009-02-22 16:24 167,424 -c--a-w c:\windows\system32\diskpart.exe

2009-02-22 16:24 15,360 -c--a-w c:\windows\system32\ctfmon.exe

2009-02-22 16:17 32,768 -c--a-w c:\windows\slrundll.exe

2009-02-22 16:11 99,840 -c--a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe

2009-02-22 16:11 769,024 -c--a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe

2009-02-22 16:11 744,448 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2009-02-22 16:11 70,144 -c--a-w c:\windows\notepad.exe

2009-02-22 16:11 35,328 -c--a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe

2009-02-22 16:11 18,432 ----a-w c:\windows\pchealth\helpctr\binaries\hscupd.exe

2009-02-22 16:11 172,032 -c--a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe

2009-02-22 16:11 153,088 -c--a-w c:\windows\regedit.exe

2009-02-22 16:11 151,040 -c--a-w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe

2009-02-22 16:06 10,752 -c--a-w c:\windows\hh.exe

2009-02-22 16:05 1,037,312 -c--a-w c:\windows\explorer.exe

2009-02-19 19:09 --------- dc-h--w c:\program files\InstallShield Installation Information

2009-02-19 18:56 --------- dc----w c:\program files\Common Files\InstallShield

2009-02-18 20:41 --------- dc----w c:\program files\directx

2009-02-18 20:13 325,128 -c--a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-18 20:13 107,272 -c--a-w c:\windows\system32\drivers\avgtdix.sys

2009-02-18 20:13 10,520 -c--a-w c:\windows\system32\avgrsstx.dll

2009-02-18 20:13 --------- dc----w c:\program files\AVG

2009-02-18 20:13 --------- dc----w c:\documents and settings\All Users\Application Data\avg8

2009-02-18 19:59 --------- dc----w c:\program files\Intel

2009-02-18 19:56 --------- dc----w c:\program files\Dell

2009-02-18 19:56 --------- dc----w c:\program files\Analog Devices

2009-02-18 19:41 --------- dc----w c:\program files\microsoft frontpage

2009-01-15 01:05 911,872 -c--a-w c:\windows\system32\wininet.dll

2009-01-15 01:05 43,008 -c--a-w c:\windows\system32\licmgr10.dll

2009-01-15 01:04 18,944 -c--a-w c:\windows\system32\corpol.dll

2009-01-15 01:03 72,704 -c--a-w c:\windows\system32\admparse.dll

2009-01-15 01:03 71,680 -c--a-w c:\windows\system32\iesetup.dll

2009-01-15 01:03 420,352 -c--a-w c:\windows\system32\vbscript.dll

2009-01-15 01:01 34,304 -c--a-w c:\windows\system32\imgutil.dll

2009-01-15 01:00 48,128 -c--a-w c:\windows\system32\mshtmler.dll

2009-01-15 00:50 156,160 -c--a-w c:\windows\system32\msls31.dll

.

------- Sigcheck -------

2009-02-22 17:

Link naar reactie
Delen op andere sites
Heavenleigh Groentje

Heavenleigh

Geplaatst:
  • Auteur
Geplaatst:

2009-02-22 17:05 1037312 e43e6ee46e0da72858b534d258fe2f01 c:\windows\explorer.exe

2009-02-22 17:00 1035776 976c1c68f19e8031ee1c61b5510f2b63 c:\windows\$NtServicePackUninstall$\explorer.exe

2009-02-22 17:12 1037312 e43e6ee46e0da72858b534d258fe2f01 c:\windows\ServicePackFiles\i386\explorer.exe

2009-02-22 17:18 1037312 e43e6ee46e0da72858b534d258fe2f01 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\explorer.exe

2009-02-22 17:00 15360 9cb653a566e15d8f7478548b798fb53d c:\windows\$NtServicePackUninstall$\ctfmon.exe

2009-02-22 17:12 15360 2192cd38eb22b1d07d7b2b0a7025576e c:\windows\ServicePackFiles\i386\ctfmon.exe

2009-02-22 17:17 15360 2192cd38eb22b1d07d7b2b0a7025576e c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\ctfmon.exe

2009-02-22 17:24 15360 2192cd38eb22b1d07d7b2b0a7025576e c:\windows\system32\ctfmon.exe

2009-02-22 17:03 57856 c852b3b75bb5aea18ff219aab7025b8a c:\windows\$NtServicePackUninstall$\spoolsv.exe

2009-02-22 17:15 57856 12f5549628e093b029e1160bd8e4c026 c:\windows\ServicePackFiles\i386\spoolsv.exe

2009-02-22 17:21 57856 12f5549628e093b029e1160bd8e4c026 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\spoolsv.exe

2009-02-22 17:31 57856 12f5549628e093b029e1160bd8e4c026 c:\windows\system32\spoolsv.exe

2009-02-22 17:03 24576 c9e31eb1347bce431558d31c9508c603 c:\windows\$NtServicePackUninstall$\userinit.exe

2009-02-22 17:16 26112 d2b3dddf730610983617d75f4681b0b6 c:\windows\ServicePackFiles\i386\userinit.exe

2009-02-22 17:21 26112 d2b3dddf730610983617d75f4681b0b6 c:\windows\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\userinit.exe

2009-02-22 17:31 26112 d2b3dddf730610983617d75f4681b0b6 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-02-22_19.41.36,62 )))))))))))))))))))))))))))))))))))))))))

.

- 2000-08-31 07:00:00 80,412 -c--a-w c:\windows\grep.exe

+ 2000-08-31 07:00:00 97,820 -c--a-w c:\windows\grep.exe

- 2000-08-31 07:00:00 49,152 -c--a-w c:\windows\NIRCMD.exe

+ 2000-08-31 07:00:00 48,640 -c--a-w c:\windows\NIRCMD.exe

- 2000-08-31 07:00:00 68,096 -c--a-w c:\windows\zip.exe

+ 2000-08-31 07:00:00 84,992 -c--a-w c:\windows\zip.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2009-02-22 15360]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-02-21 491520]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-02-22 487424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-22 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-22 118784]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-18 1601304]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2009-02-22 122880]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2009-02-22 110592]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-22 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 237673]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-18 21:13 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=

"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=

"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-18 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-18 107272]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-18 903960]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-18 298264]

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-02-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-02-22 c:\windows\Tasks\Norton Security Scan for Administrator.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

2009-02-21 c:\windows\Tasks\Schedule Task Weekly.job

- c:\program files\Registry Easy\RE.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 20:07:04

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,ba,8c,07,56,c8,c0,46,8e,16,23,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,ba,8c,07,56,c8,c0,46,8e,16,23,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2148)

c:\windows\system32\ieframe.dll

.

Voltooingstijd: 2009-02-22 20:08:52

ComboFix-quarantined-files.txt 2009-02-22 19:08:46

ComboFix2.txt 2009-02-22 18:43:04

Pre-Run: 63.125.061.632 bytes beschikbaar

Post-Run: 63,102,447,616 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

316 --- E O F --- 2009-02-22 10:30:49

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Probeer dan of de update lukt en laat AVG scannen of er nog een Trojan ontdekt wordt. Laat de resultaten ook even weten.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.