Ga naar inhoud

foutmeldingen 7000 (2x) 7001(1x) 7024 (1x) en 5727 (1x)

jovadesa

Door jovadesa
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Die foutmeldingen in het logboek pakken we later wel aan.

Het is blijkbaar een koppige.

Volgende poging.

Open het bestand CFScript.txt

Vervang de inhoud door onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\11e8f.sys

C:\Documents and Settings\Jose\79bjm5me7g.exe

C:\Documents and Settings\All Users\79bjm5me7g.exe

C:\ProgramData\79bjm5me7g.exe

Drivers::

11e8f

79bjm5me7g.exe

Bewaar het bestand en sluit het kladblok af.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op in normale modus als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
  • Reacties 89
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

computer startte niet in de normale modus

Computer gestart in veilige modus en actie uitgevoerd.

hier is de log

ComboFix 12-03-04.02 - Jose 08-03-2012 11:45:37.5.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1271.993 [GMT 1:00]

Gestart vanuit: F:\ComboFix.exe

gebruikte Opdracht switches :: F:\CFScript3.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\documents and settings\All Users\79bjm5me7g.exe"

"c:\documents and settings\Jose\79bjm5me7g.exe"

"c:\programdata\79bjm5me7g.exe"

"c:\windows\system32\drivers\11e8f.sys"

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-08 to 2012-03-08 ))))))))))))))))))))))))))))))

.

.

2012-03-07 17:42 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFD82A62-C272-48C8-9CD0-7AF29E15826F}\mpengine.dll

2012-03-07 14:42 . 2012-03-07 14:42 -------- d--h--r- c:\documents and settings\Jose\Onlangs geopend

2012-03-03 09:24 . 2012-03-03 09:24 -------- d-----w- c:\documents and settings\Administrator

2012-03-01 11:02 . 2012-03-01 11:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-03-01 10:25 . 2012-03-01 10:25 388096 ----a-r- c:\documents and settings\Jose\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-01 10:14 . 2012-03-01 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-01 10:14 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 10:08 . 2012-03-01 10:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-26 15:23 . 2012-03-05 15:44 -------- d-----w- c:\windows\system32\NtmsData

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\windows\system32\XPSViewer

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\MSBuild

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\Reference Assemblies

2012-02-26 12:05 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2012-02-26 10:45 . 2012-02-29 11:11 -------- d-----w- c:\documents and settings\Jose\Local Settings\Application Data\Soft-Search

2012-02-26 10:45 . 2012-02-29 15:57 -------- d-----w- c:\program files\Soft-Search

2012-02-25 17:37 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-24 19:52 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-24 19:48 . 2012-02-24 19:49 -------- d-----w- c:\program files\Microsoft Security Client

2012-02-24 16:15 . 2012-02-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 18:13 . 2012-02-05 15:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-01-12 17:20 . 2004-09-14 08:38 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:42 . 2004-09-14 08:38 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2004-09-14 08:38 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2004-09-14 08:38 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2004-09-14 08:38 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^dlbcserv.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\dlbcserv.lnk

backup=c:\windows\pss\dlbcserv.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^SpeedTouch 121g Wireless USB Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\SpeedTouch 121g Wireless USB Monitor.lnk

backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]

c:\windows\system32\WLTRAY [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 09:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-09-01 17:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-07-19 10:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-07-19 10:10 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-07-19 10:09 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

2004-07-02 14:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-09-09 23:19 393216 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-18 09:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-27 17:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-06-24 06:36 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]

S1 11e8f;79bjm5me7g.exe;\??\c:\windows\system32\drivers\11e8f.sys --> c:\windows\system32\drivers\11e8f.sys [?]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1-3-2012 11:14 652360]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [13-2-2010 16:39 357568]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [8-10-2008 9:57 3328]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1-3-2012 11:14 20464]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 17:55]

.

2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-08 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2012-03-08 c:\windows\Tasks\User_Feed_Synchronization-{56A91E46-6A24-4EEB-AD2C-ED8EA2FA3525}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080

uInternet Settings,ProxyOverride = localhost

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-08 11:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(720)

c:\windows\System32\BCMLogon.dll

.

Voltooingstijd: 2012-03-08 11:53:37

ComboFix-quarantined-files.txt 2012-03-08 10:53

ComboFix2.txt 2012-03-07 16:07

ComboFix3.txt 2012-03-07 14:33

ComboFix4.txt 2012-03-05 16:25

ComboFix5.txt 2012-03-08 10:44

.

Pre-Run: 23.135.526.912 bytes beschikbaar

Post-Run: 23.126.695.936 bytes beschikbaar

.

- - End Of File - - F69D8FF1BC57C038738281D27AF650D0

groetjes jovadesa

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst: (aangepast)

  • Download The Avenger by Swandog46 naar je bureaublad.
  • Klik op Avenger.zip
  • Pak het bestand uit naar je bureaublad.
  • Start The Avenger door op het icoontje te dubbelklikken.
  • Vista en Windows 7 ->rechtsklik uitvoeren als Administrator.

Zet een vinkje bij 'Scan for rootkits en vink Automatically disable any rootkits found' uit.

avenger2.jpg

In het venster Input Script here, kopieer en plak je het volgende:

Files to delete:

c:\windows\system32\drivers\11e8f.sys

Drivers to unload:

11e8f

79bjm5me7g.exe

Opgelet: Bovenstaande code werd enkel gemaakt voor deze computer/situatie/user. Indien je deze code op een andere computer gebruikt kan het schade toebrengen!

Klik nu op de knop Execute.

Klik Yes om te bevestigen.

Klik Yes wanneer gevraagd wordt om je PC te rebooten.

Je PC zal rebooten, indien niet doe het dan manueel.

Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

De logfile van Avenger staat ook in C:\avenger.txt

aangepast door kape
Link naar reactie
Delen op andere sites
jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

Avenger uitgevoerd in normale modus van Windows, doch geen reactie.

Daarna nog eens uitgevoerd in de veilige modus

hierbij het log

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "c:\windows\system32\drivers\11e8f.sys" not found!

Deletion of file "c:\windows\system32\drivers\11e8f.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Driver "11e8f" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\79bjm5me7g.exe" not found!

Deletion of driver "79bjm5me7g.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

groetjes jovadesa

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dan nog eens opnieuw met The Avenger, maar nu met de volgende opdracht :

In het venster Input Script here, kopieer en plak je het volgende:

Files to delete:

79bjm5me7g.exe

En maak daarna een nieuw logje met Combofix, dat je samen met het resultaat van The Avenger in je volgende bericht plaatst.

Link naar reactie
Delen op andere sites
jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

Nu alles uitgevoerd in de normale modus van Windows

Log van Avenger :Files to delete:79bjm5me7g.exe

Log van Combofix:

ComboFix 12-03-04.02 - Jose 09-03-2012 19:44:37.6.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1271.791 [GMT 1:00]

Gestart vanuit: F:\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\cleanup.exe

C:\zip.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-09 to 2012-03-09 ))))))))))))))))))))))))))))))

.

.

2012-03-09 18:20 . 2012-03-09 18:20 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFD82A62-C272-48C8-9CD0-7AF29E15826F}\MpKsla1b92bd7.sys

2012-03-09 18:14 . 2012-03-09 18:14 61440 ----a-w- c:\windows\system32\drivers\vtsk.sys

2012-03-09 18:06 . 2012-03-09 18:06 61440 ----a-w- c:\windows\system32\drivers\wtqlsmm.sys

2012-03-09 15:49 . 2012-03-09 15:58 2248 -c--a-w- C:\backup.reg

2012-03-09 15:49 . 2012-03-09 18:14 574 -c--a-w- C:\cleanup.bat

2012-03-09 15:49 . 2012-03-09 15:49 61440 ----a-w- c:\windows\system32\drivers\bdoqdj.sys

2012-03-07 17:42 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFD82A62-C272-48C8-9CD0-7AF29E15826F}\mpengine.dll

2012-03-07 14:42 . 2012-03-09 18:19 -------- d--h--r- c:\documents and settings\Jose\Onlangs geopend

2012-03-03 09:24 . 2012-03-03 09:24 -------- d-----w- c:\documents and settings\Administrator

2012-03-01 11:02 . 2012-03-01 11:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-03-01 10:25 . 2012-03-01 10:25 388096 ----a-r- c:\documents and settings\Jose\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-01 10:14 . 2012-03-01 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-01 10:14 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 10:08 . 2012-03-01 10:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-26 15:23 . 2012-03-05 15:44 -------- d-----w- c:\windows\system32\NtmsData

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\windows\system32\XPSViewer

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\MSBuild

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\Reference Assemblies

2012-02-26 12:05 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2012-02-26 10:45 . 2012-02-29 11:11 -------- d-----w- c:\documents and settings\Jose\Local Settings\Application Data\Soft-Search

2012-02-26 10:45 . 2012-02-29 15:57 -------- d-----w- c:\program files\Soft-Search

2012-02-25 17:37 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-24 19:52 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-24 19:48 . 2012-02-24 19:49 -------- d-----w- c:\program files\Microsoft Security Client

2012-02-24 16:15 . 2012-02-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 18:13 . 2012-02-05 15:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-01-12 17:20 . 2004-09-14 08:38 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:42 . 2004-09-14 08:38 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2004-09-14 08:38 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2004-09-14 08:38 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2004-09-14 08:38 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-05_16.21.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-09 18:17 . 2012-03-09 18:17 16384 c:\windows\temp\Perflib_Perfdata_dc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^dlbcserv.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\dlbcserv.lnk

backup=c:\windows\pss\dlbcserv.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^SpeedTouch 121g Wireless USB Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\SpeedTouch 121g Wireless USB Monitor.lnk

backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]

c:\windows\system32\WLTRAY [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 09:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-09-01 17:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-07-19 10:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-07-19 10:10 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-07-19 10:09 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

2004-07-02 14:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-09-09 23:19 393216 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-18 09:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-27 17:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-06-24 06:36 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1-3-2012 11:14 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1-3-2012 11:14 20464]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [13-2-2010 16:39 357568]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [8-10-2008 9:57 3328]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - MBAMSwissArmy

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 17:55]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-09 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{56A91E46-6A24-4EEB-AD2C-ED8EA2FA3525}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080

uInternet Settings,ProxyOverride = localhost

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-09 19:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(764)

c:\windows\System32\BCMLogon.dll

.

Voltooingstijd: 2012-03-09 19:55:12

ComboFix-quarantined-files.txt 2012-03-09 18:55

ComboFix2.txt 2012-03-08 10:53

ComboFix3.txt 2012-03-07 16:07

ComboFix4.txt 2012-03-07 14:33

ComboFix5.txt 2012-03-09 18:22

.

Pre-Run: 21.767.917.568 bytes beschikbaar

Post-Run: 21.764.079.616 bytes beschikbaar

.

- - End Of File - - 4AEACFED192E0C80233ADF5FDB30590E

Groetjes jovadesa

Link naar reactie
Delen op andere sites
jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

bdoqdj verwijderd. Computer opnieuw gestart, Het starten gebeurt op een normale manier tot en met het verschinen van de pictogrammen op het bureaublad.

Daarna duurt het ongeveer 15 minuten voordat via de pictogrammen een programma kan worden gestart.

Dit geldt eveneens voor het afsluiten van de computer.

In het logboek toepassingen nu gemeld: waarschuwing 1517 en fout 5000 (5X)

In het logboek systeem verschijnt de vermelding : het gebeurtenislogboekbestand is beschadigd.

groetjes jovadesa.

aangepast door kape
dubbeltekst verwijderd
Link naar reactie
Delen op andere sites
jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

Kweezie Wabbit

Het is mij eindelijk gelukt een log te maken van Avenger en Combofix.

Er blijven in mijn systeemlogboek nog veel fouten genoemd.

het avengerlog ziet er zo uit:

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "79bjm5me7g.exe" not found!

Deletion of file "79bjm5me7g.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

het combofixlog volgt hierna:

ComboFix 12-03-04.02 - Jose 14-03-2012 9:43.7.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1271.772 [GMT 1:00]

Gestart vanuit: F:\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

* Nieuw herstelpunt werd aangemaakt

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-14 to 2012-03-14 ))))))))))))))))))))))))))))))

.

.

2012-03-12 18:28 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E015CC4F-7E1B-4281-BE6F-22A2CAD4984B}\mpengine.dll

2012-03-09 18:14 . 2012-03-09 18:14 61440 ----a-w- c:\windows\system32\drivers\vtsk.sys

2012-03-09 18:06 . 2012-03-09 18:06 61440 ----a-w- c:\windows\system32\drivers\wtqlsmm.sys

2012-03-07 14:42 . 2012-03-14 08:05 -------- d--h--r- c:\documents and settings\Jose\Onlangs geopend

2012-03-03 09:24 . 2012-03-03 09:24 -------- d-----w- c:\documents and settings\Administrator

2012-03-01 11:02 . 2012-03-01 11:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-03-01 10:25 . 2012-03-01 10:25 388096 ----a-r- c:\documents and settings\Jose\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-01 10:14 . 2012-03-01 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-01 10:14 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 10:08 . 2012-03-01 10:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-26 15:23 . 2012-03-05 15:44 -------- d-----w- c:\windows\system32\NtmsData

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\windows\system32\XPSViewer

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\MSBuild

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\Reference Assemblies

2012-02-26 12:05 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2012-02-26 10:45 . 2012-02-29 11:11 -------- d-----w- c:\documents and settings\Jose\Local Settings\Application Data\Soft-Search

2012-02-26 10:45 . 2012-02-29 15:57 -------- d-----w- c:\program files\Soft-Search

2012-02-25 17:37 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-24 19:52 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-24 19:48 . 2012-02-24 19:49 -------- d-----w- c:\program files\Microsoft Security Client

2012-02-24 16:15 . 2012-02-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 18:13 . 2012-02-05 15:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-01-12 17:20 . 2004-09-14 08:38 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:42 . 2004-09-14 08:38 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2004-09-14 08:38 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2004-09-14 08:38 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2004-09-14 08:38 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-05_16.21.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-10 18:09 . 2012-03-10 18:09 16384 c:\windows\temp\Perflib_Perfdata_94.dat

+ 2012-03-14 08:41 . 2012-03-14 08:42 1656 c:\windows\SoftwareDistribution\EventCache\{E0755CB3-E032-4098-8F3A-181223D832A1}.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^dlbcserv.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\dlbcserv.lnk

backup=c:\windows\pss\dlbcserv.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^SpeedTouch 121g Wireless USB Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\SpeedTouch 121g Wireless USB Monitor.lnk

backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]

c:\windows\system32\WLTRAY [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 09:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-09-01 17:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-07-19 10:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-07-19 10:10 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-07-19 10:09 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

2004-07-02 14:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-09-09 23:19 393216 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-18 09:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-27 17:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-06-24 06:36 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1-3-2012 11:14 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1-3-2012 11:14 20464]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [13-2-2010 16:39 357568]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [8-10-2008 9:57 3328]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 17:55]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2012-03-14 c:\windows\Tasks\User_Feed_Synchronization-{56A91E46-6A24-4EEB-AD2C-ED8EA2FA3525}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080

uInternet Settings,ProxyOverride = localhost

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-14 09:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(764)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(3068)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-03-14 09:48:49

ComboFix-quarantined-files.txt 2012-03-14 08:48

ComboFix2.txt 2012-03-09 18:55

ComboFix3.txt 2012-03-08 10:53

ComboFix4.txt 2012-03-07 16:07

ComboFix5.txt 2012-03-14 08:42

.

Pre-Run: 21.610.258.432 bytes beschikbaar

Post-Run: 21.604.835.328 bytes beschikbaar

.

- - End Of File - - 57507A8EE1C02E350AF8E4D1564C35A8

Omdat ik niets meer van je hoorde, doe ik via email maar de gevraagde gegevens toekomen.

Ik hoop nog wel nader bericht te ontvangen.

Of laat je me nu echt in de steek?

groetjes jovadesa

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.