roelonzo
-
Items
10 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door roelonzo
-
-
Het lukte me niet om een rapportje te maken van TDSSkiller, ik heb het EXE bestand wel uitgevoerd en het programma had 1 rootkit infection gevonden en gemaakt. daarna opgestart en een combofix scan gedaan.
hier de log van combofix :
ComboFix 11-08-28.01 - Roel 29/08/2011 10:48:21.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.1293 [GMT 2:00]
Running from: c:\documents and settings\Roel\Bureaublad\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 07:42 . 2011-08-29 07:42 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Temp
2011-08-29 07:29 . 2011-08-29 07:29 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Solid State Networks
2011-08-28 17:22 . 2011-08-28 17:22 388096 ----a-r- c:\documents and settings\Roel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-28 17:22 . 2011-08-28 17:22 -------- d-----w- c:\program files\Trend Micro
2011-08-28 14:53 . 2011-08-29 08:36 -------- d-----w- c:\documents and settings\Roel\Application Data\Sammsoft
2011-08-28 12:28 . 2011-08-28 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-28 12:26 . 2011-08-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-08-27 21:44 . 2011-08-28 06:10 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-26 12:56 . 2011-08-26 12:56 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Sony
2011-08-26 12:54 . 2011-08-26 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-08-26 12:54 . 2011-08-26 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-26 12:46 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony Media Go Install
2011-08-26 12:43 . 2011-08-26 12:55 -------- d-----w- c:\documents and settings\Roel\Application Data\Sony
2011-08-26 12:43 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Downloaded Installations
2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony
2011-08-02 08:22 . 2011-08-02 08:22 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2009-05-20 12:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2009-05-20 12:34 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-02-11 13:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-02-11 13:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2009-05-20 10:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2009-05-20 12:34 670208 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2009-05-20 12:34 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-20 17:44 . 2009-05-20 12:34 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2009-05-20 12:34 1859072 ----a-w- c:\windows\system32\win32k.sys
2009-10-02 20:23 . 2009-10-02 20:22 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-29_06.54.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-29 08:34 . 2011-08-29 08:34 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
+ 2009-05-20 12:34 . 2011-08-29 08:38 93752 c:\windows\system32\perfc013.dat
- 2009-05-20 12:34 . 2011-08-29 06:45 93752 c:\windows\system32\perfc013.dat
+ 2009-05-20 12:34 . 2011-08-29 08:38 73980 c:\windows\system32\perfc009.dat
- 2009-05-20 12:34 . 2011-08-29 06:45 73980 c:\windows\system32\perfc009.dat
+ 2008-04-14 00:10 . 2008-04-15 12:00 96512 c:\windows\system32\drivers\atapi.sys
- 2008-04-14 00:10 . 2008-04-13 22:10 96512 c:\windows\system32\drivers\atapi.sys
+ 2009-05-23 09:18 . 2011-08-29 08:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2009-05-23 09:18 . 2011-08-29 06:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-05-23 09:18 . 2011-08-29 08:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-23 09:18 . 2011-08-29 06:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-20 12:34 . 2011-08-29 08:38 514470 c:\windows\system32\perfh013.dat
- 2009-05-20 12:34 . 2011-08-29 06:45 514470 c:\windows\system32\perfh013.dat
- 2009-05-20 12:34 . 2011-08-29 06:45 446348 c:\windows\system32\perfh009.dat
+ 2009-05-20 12:34 . 2011-08-29 08:38 446348 c:\windows\system32\perfh009.dat
- 2009-05-23 09:18 . 2011-08-29 06:42 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-23 09:18 . 2011-08-29 08:13 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-29 07:36 . 2011-08-29 07:36 2309120 c:\windows\Installer\2eb4e7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]
2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}"
[HKEY_CLASSES_ROOT\CLSID\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]
2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-02 273544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-26 240288]
.
c:\documents and settings\Roel\Menu Start\Programma's\Opstarten\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\
haal.exe [2011-3-9 154331]
laocle.exe [2011-2-3 153680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52964:TCP"= 52964:TCP:@xpsp2res.dll,-22009
.
R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [20/05/2009 2:34 PM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2011 3:10 PM 366640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 3:38 AM 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2011 3:10 PM 22712]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/05/2009 4:09 PM 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2009 4:10 PM 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [20/05/2009 5:06 PM 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/03/2009 7:35 PM 39040]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/04/2010 4:30 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 76519709
*Deregistered* - 76519709
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kdxcqejy
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-213511399-2898973907-1583842945-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-213511399-2898973907-1583842945-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 193.109.184.72 193.109.184.75
FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Support.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-29 10:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\tgwsaflx.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-29 10:56:44
ComboFix-quarantined-files.txt 2011-08-29 08:56
ComboFix2.txt 2011-08-29 08:20
ComboFix3.txt 2011-08-29 06:58
.
Pre-Run: 19,370,962,944 bytes beschikbaar
Post-Run: 19,381,702,656 bytes beschikbaar
.
- - End Of File - - CC32B6098C2CAE3BD51CEE36DF3B4626
Als ik zoek naar conhost.exe dat vind mijn pc 1 bestandje "conhost.exe.vir" in de map C:\Qoobox\Quarantine\C\Windows\Temp
Nogmaals bedankt voor de hulp !
Roel.
-
ComboFix 11-08-28.01 - Roel 29/08/2011 8:43.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.1648 [GMT 2:00]
Running from: c:\documents and settings\Roel\Bureaublad\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\NetworkService\Application Data\Adobe\plugs
c:\documents and settings\Roel\Application Data\Adobe\plugs
c:\documents and settings\Roel\Application Data\Adobe\shed
c:\documents and settings\Roel\Application Data\Beyxu
c:\documents and settings\Roel\Application Data\Beyxu\yxeb.roa
c:\windows\system32\Thumbs.db
c:\windows\TEMP\conhost.exe
.
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive3 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive4 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive5 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive6 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive7 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive8 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive9 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive3 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive4 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive5 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive6 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive7 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive8 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive9 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-28 17:22 . 2011-08-28 17:22 388096 ----a-r- c:\documents and settings\Roel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-28 17:22 . 2011-08-28 17:22 -------- d-----w- c:\program files\Trend Micro
2011-08-28 14:54 . 2011-08-28 19:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\documents and settings\Roel\Application Data\Sammsoft
2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\program files\Ask.com
2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\AskToolbar
2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\program files\ARO 2011
2011-08-28 12:28 . 2011-08-28 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-28 12:26 . 2011-08-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-08-27 21:44 . 2011-08-28 06:10 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-26 12:56 . 2011-08-26 12:56 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Sony
2011-08-26 12:54 . 2011-08-26 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-08-26 12:54 . 2011-08-26 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-26 12:46 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony Media Go Install
2011-08-26 12:43 . 2011-08-26 12:55 -------- d-----w- c:\documents and settings\Roel\Application Data\Sony
2011-08-26 12:43 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Downloaded Installations
2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony
2011-08-02 08:22 . 2011-08-02 08:22 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2009-05-20 12:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2009-05-20 12:34 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-02-11 13:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-02-11 13:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2009-05-20 10:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2009-05-20 12:34 670208 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2009-05-20 12:34 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-20 17:44 . 2009-05-20 12:34 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2009-05-20 12:34 1859072 ----a-w- c:\windows\system32\win32k.sys
2009-10-02 20:23 . 2009-10-02 20:22 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]
2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}"
[HKEY_CLASSES_ROOT\CLSID\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]
2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-02 273544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-26 240288]
.
c:\documents and settings\Roel\Menu Start\Programma's\Opstarten\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\
haal.exe [2011-3-9 154331]
laocle.exe [2011-2-3 153680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52964:TCP"= 52964:TCP:@xpsp2res.dll,-22009
.
R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [20/05/2009 2:34 PM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2011 3:10 PM 366640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 3:38 AM 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2011 3:10 PM 22712]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/05/2009 4:09 PM 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2009 4:10 PM 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [20/05/2009 5:06 PM 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/03/2009 7:35 PM 39040]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/04/2010 4:30 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kdxcqejy
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-213511399-2898973907-1583842945-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-213511399-2898973907-1583842945-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-07-29 20:05]
.
.
------- Supplementary Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 193.109.184.72 193.109.184.75
FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Support.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SRS Premium Sound - c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-29 08:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat
het bestand door een ander proces wordt gebruikt.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
Completion time: 2011-08-29 08:58:49
ComboFix-quarantined-files.txt 2011-08-29 06:58
.
Pre-Run: 16,252,792,832 bytes beschikbaar
Post-Run: 19,362,729,984 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 39C0C5206FE62F23583AD83311CCB690
Ik denk dat het nu wel gelukt is
Hartelijk bedankt voor je hulp.
Hoe wist je trouwens in post #5 welke regeltjes ik moest aanvinken bij hijack this ? of is dit moeilijk om uit te leggen aan een noob zoals mij ?
groeten,
Roel.
---------- Post toegevoegd om 09:18 ---------- Vorige post was om 09:06 ----------
hmm nee ik heb te vroeg victorie gekraaid... conhost.exe staat nog altijd bovenaan mijn processen met 98% CPU gebruik
-
Hallo,
Ik heb dit geprobeerd zoals je zei maar conhost blijft vervelend doen...
hier de logs:
Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Databaseversie: 7594
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
28/08/2011 10:12:49 PM
mbam-log-2011-08-28 (22-12-49).txt
Scantype: Snelle scan
Objecten gescand: 160952
Verstreken tijd: 6 minuut/minuten, 52 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:37 PM, on 28/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {614FC85D-CA23-47DB-CEE4-4CEE6E1B9456} - c:\windows\system32\tgwsaflx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'Default user')
O4 - .DEFAULT User Startup: haal.exe (User 'Default user')
O4 - .DEFAULT User Startup: laocle.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
--
End of file - 8548 bytes
groeten,
Roel.
-
Ow dat was snel
hier het rapportje van HJT
Bedankt voor je snelle reactie.
Roel.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:23:45 PM, on 28/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\mc76395.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {614FC85D-CA23-47DB-CEE4-4CEE6E1B9456} - c:\windows\system32\tgwsaflx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'Default user')
O4 - .DEFAULT User Startup: haal.exe (User 'Default user')
O4 - .DEFAULT User Startup: laocle.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Memory checker (MemChecker) - Unknown owner - C:\WINDOWS\mc76395.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
--
End of file - 9532 bytes
-
Hallo beste forumleden,
Sinds vandaag is mijn pc aan het trippen, conhost.exe gebruikt soms tot 99% CPU....
Ik heb een Malwarebytes scan gedaan maar die zegt dat niks geinfecteerd is...
Ik heb hem zelfs nog ge-update vandaag.
kunnen jullie me verder helpen ?
hier alvast een DDS rapportje:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Run by Roel at 19:08:17 on 2011-08-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.673 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe 4
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\mc76395.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\TEMP\conhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: : {614fc85d-ca23-47db-cee4-4cee6e1b9456} - c:\windows\system32\tgwsaflx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
StartupFolder: c:\docume~1\roel\menust~1\progra~1\opstar~1\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 193.109.184.72 193.109.184.75
TCP: Interfaces\{22F914DF-2C1C-446E-A6F9-52611E930C97} : DhcpNameServer = 193.109.184.72 193.109.184.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\roel\application data\mozilla\firefox\profiles\cmjbxl9n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\system32\svchost.exe -k netsvcs [2009-5-20 14336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-11 366640]
R2 MemChecker;Memory checker;c:\windows\mc76395.exe [2011-2-11 172956]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-5-20 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-11 22712]
R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?]
R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-20 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-5-20 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-20 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-3-21 39040]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-13 11520]
.
=============== Created Last 30 ================
.
2011-08-28 14:53:58 -------- d-----w- c:\documents and settings\roel\application data\Sammsoft
2011-08-28 14:53:46 -------- d-----w- c:\program files\Ask.com
2011-08-28 14:53:42 -------- d-----w- c:\documents and settings\roel\local settings\application data\AskToolbar
2011-08-28 14:53:26 -------- d-----w- c:\program files\ARO 2011
2011-08-28 12:28:28 -------- d-----w- c:\program files\PC Tools Security
2011-08-28 12:28:28 -------- d-----w- c:\program files\common files\PC Tools
2011-08-28 12:26:40 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-27 21:44:41 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-26 12:56:10 -------- d-----w- c:\documents and settings\roel\local settings\application data\Sony
2011-08-26 12:54:51 -------- d-----w- c:\program files\common files\Sony Shared
2011-08-26 12:54:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-26 12:46:28 -------- d-----w- c:\program files\Sony Media Go Install
2011-08-26 12:43:17 -------- d-----w- c:\documents and settings\roel\local settings\application data\Downloaded Installations
2011-08-26 12:42:08 -------- d-----w- c:\documents and settings\all users\application data\Sony Corporation
2011-08-26 12:42:07 -------- d-----w- c:\program files\Sony
2011-08-02 08:22:05 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18:34 670208 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18:34 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-20 17:44:48 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35:33 1859072 ----a-w- c:\windows\system32\win32k.sys
2009-10-02 20:23:02 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat
het bestand door een ander proces wordt gebruikt.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D8D555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d937b0]; MOV EAX, [0x89d9382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DE0650]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89DC23B8]
5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DA5028]
\Driver\iaStor[0x89DCB818] -> IRP_MJ_CREATE -> 0x89D8D555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; STD ; CLD ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x620; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 19:10:16.42 ===============
Is malwarebytes wel een goeie virusscanner ? normaalgesproken zou ie het toch gewoon moeten vinden ?
Ik hoor het wel,
Alvast bedankt voor de hulp
Roel.
-
Ik heb de driver & de update geinstalleerd. opnieuw opgestart, maar hij herkent de kaart nog altijd niet ?
op de kaart staat : SD HC Traveler high speed 4GB
nog opties of kan mijn kaartlezer zulke volumes niet aan ?
Roel.
-
hallo ,het type is W3650
alvast bedankt !
Roel.
-
Hallo iedereen,
Ik heb zopas een SD-kaart gekocht in de Aldi (4GB).
Mijn camera , een casio exilim herkent de kaart en schrijft de foto's erop weg.
Als ik nu die SD kaart in de kaartlezer van m'n laptop steek dan herkent m'n laptop de kaart niet.
( Packard Bell easynote laptop)
weet iemand hoe ik dit probleem kan oplossen ?
Ik heb de foto's kunnen copieren naar mijn pc via de camera van m'n zus (met USB link kabel ).
alvast bedankt !!
Roel. ;-)
-
Hallo , mijn naam is Roel , ik ben nieuw hier op dit forum.
momenteel hebben wij thuis Telenet als internet provider maar owv veel te weinig volume gaan we overschakelen op Dommel ( ADSL).
nu, Dommel is aangevraagd, alles is betaald en ik zou nu moeten kunnen surfen op hun netwerk.
mijn huidige installatie : motorola modem( Telenet) daarna een Dlink router.
wat moet ik allemaal aanpassen om op Dommel te kunnen geraken ?
een ADSL modem ?
en waar moet ik dommel aansluiten ? op de huidige kabel die nu in de telenet modem steekt ? of via de telefoonkabel ( Belgacom). zoja moet er dan nog een splitter tussen die telefoonkabel om telefoon & internet te scheiden ?
alvast hard bedankt voor jullie reply's
Roel.
conhost.exe
in Archief Bestrijding malware & virussen
Geplaatst:
Hoi Kape,
CPU gebruik is terug zoals het was. erg rustig.
Volgens mij is het probleem zo goed als verholpen.
Hier het logje :
ComboFix 11-08-28.01 - Roel 29/08/2011 18:19:26.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.1179 [GMT 2:00]
Running from: c:\documents and settings\Roel\Bureaublad\ComboFix.exe
Command switches used :: c:\documents and settings\Roel\Bureaublad\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 09:18 . 2011-08-29 09:18 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-29 09:18 . 2011-08-29 09:18 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-29 09:18 . 2011-08-29 09:18 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-29 09:18 . 2011-08-29 09:18 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-29 09:18 . 2011-08-29 09:18 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-29 09:18 . 2011-08-29 09:18 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-29 09:18 . 2011-08-29 09:18 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-29 09:18 . 2011-08-29 09:18 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-29 07:42 . 2011-08-29 07:42 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Temp
2011-08-29 07:29 . 2011-08-29 07:29 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Solid State Networks
2011-08-28 17:22 . 2011-08-28 17:22 388096 ----a-r- c:\documents and settings\Roel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-28 17:22 . 2011-08-28 17:22 -------- d-----w- c:\program files\Trend Micro
2011-08-28 14:53 . 2011-08-29 08:36 -------- d-----w- c:\documents and settings\Roel\Application Data\Sammsoft
2011-08-28 12:28 . 2011-08-28 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-28 12:26 . 2011-08-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-08-27 21:44 . 2011-08-28 06:10 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-26 12:56 . 2011-08-26 12:56 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Sony
2011-08-26 12:54 . 2011-08-26 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-08-26 12:54 . 2011-08-26 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-26 12:46 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony Media Go Install
2011-08-26 12:43 . 2011-08-26 12:55 -------- d-----w- c:\documents and settings\Roel\Application Data\Sony
2011-08-26 12:43 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Downloaded Installations
2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony
2011-08-02 08:22 . 2011-08-02 08:22 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2009-05-20 12:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2009-05-20 12:34 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-02-11 13:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-02-11 13:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2009-05-20 10:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2009-05-20 12:34 670208 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2009-05-20 12:34 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-20 17:44 . 2009-05-20 12:34 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2009-05-20 12:34 1859072 ----a-w- c:\windows\system32\win32k.sys
2009-10-02 20:23 . 2009-10-02 20:22 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe
2011-08-29 09:18 . 2011-08-29 09:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-29_06.54.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-29 08:34 . 2011-08-29 08:34 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
+ 2009-05-20 12:34 . 2011-08-29 08:38 93752 c:\windows\system32\perfc013.dat
- 2009-05-20 12:34 . 2011-08-29 06:45 93752 c:\windows\system32\perfc013.dat
+ 2009-05-20 12:34 . 2011-08-29 08:38 73980 c:\windows\system32\perfc009.dat
- 2009-05-20 12:34 . 2011-08-29 06:45 73980 c:\windows\system32\perfc009.dat
+ 2008-04-14 00:10 . 2008-04-15 12:00 96512 c:\windows\system32\drivers\atapi.sys
- 2008-04-14 00:10 . 2008-04-13 22:10 96512 c:\windows\system32\drivers\atapi.sys
+ 2009-05-23 09:18 . 2011-08-29 08:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2009-05-23 09:18 . 2011-08-29 06:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2009-05-20 12:34 . 2011-08-29 06:45 514470 c:\windows\system32\perfh013.dat
+ 2009-05-20 12:34 . 2011-08-29 08:38 514470 c:\windows\system32\perfh013.dat
+ 2009-05-20 12:34 . 2011-08-29 08:38 446348 c:\windows\system32\perfh009.dat
- 2009-05-20 12:34 . 2011-08-29 06:45 446348 c:\windows\system32\perfh009.dat
- 2009-05-23 09:18 . 2011-08-29 06:42 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-23 09:18 . 2011-08-29 08:13 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-29 07:36 . 2011-08-29 07:36 2309120 c:\windows\Installer\2eb4e7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]
2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}"
[HKEY_CLASSES_ROOT\CLSID\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}]
2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-02 273544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-26 240288]
.
c:\documents and settings\Roel\Menu Start\Programma's\Opstarten\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\
haal.exe [2011-3-9 154331]
laocle.exe [2011-2-3 153680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52964:TCP"= 52964:TCP:@xpsp2res.dll,-22009
.
R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [20/05/2009 2:34 PM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2011 3:10 PM 366640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 3:38 AM 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2011 3:10 PM 22712]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/05/2009 4:09 PM 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2009 4:10 PM 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [20/05/2009 5:06 PM 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/03/2009 7:35 PM 39040]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/04/2010 4:30 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 76519709
*Deregistered* - 76519709
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kdxcqejy
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-213511399-2898973907-1583842945-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-213511399-2898973907-1583842945-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 193.109.184.72 193.109.184.75
FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-29 18:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\tgwsaflx.dll
.
- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\tgwsaflx.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-29 18:34:59
ComboFix-quarantined-files.txt 2011-08-29 16:34
ComboFix2.txt 2011-08-29 08:56
ComboFix3.txt 2011-08-29 08:20
ComboFix4.txt 2011-08-29 06:58
.
Pre-Run: 19,350,441,984 bytes beschikbaar
Post-Run: 19,346,563,072 bytes beschikbaar
.
- - End Of File - - 8B447E038199DDA36881F11755C428B8
Bedankt !
Roel.