Ga naar inhoud

Windows XP pro 2009 erg traag


computeboy
 Delen

Aanbevolen berichten

Ik heb wat op het forum zitten rondneuzen voor mijn laptop sneller te maken en kan iemand dit logboek nakijken het is van HiJackThis.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:51:37, on 29/04/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\WINDOWS\system32\srvany.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\KMService.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SpeedFan\speedfan.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Glary Utilities\Integrator.exe

C:\Program Files\Glary Utilities\winstd.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Netlog

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Netwerkservice')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 8943 bytes

Link naar reactie
Delen op andere sites


Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites


Hier is het logje van ComboFix:

ComboFix 11-04-29.03 - Thomas 30/04/2011 11:42:30.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1406.843 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Thomas\Bureaublad\ComboFix.exe

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\bn.dll

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AFPANSI

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-28 to 2011-04-30 ))))))))))))))))))))))))))))))

.

.

2011-04-30 09:46 . 2011-04-30 09:46 -------- d-----w- c:\windows\system32\wbem\snmp

2011-04-30 09:46 . 2011-04-30 09:46 -------- d-----w- c:\windows\system32\xircom

2011-04-30 09:46 . 2011-04-30 09:46 -------- d-----w- c:\program files\microsoft frontpage

2011-04-30 09:18 . 2011-04-30 09:19 54455 ----a-w- c:\windows\system32\xwpeyemeqtpefxd.exe

2011-04-30 08:48 . 2007-03-16 16:10 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS

2011-04-30 08:48 . 2007-03-16 16:10 44032 ----a-w- c:\windows\system32\wltrynt.dll

2011-04-30 08:48 . 2007-03-16 16:10 86016 ----a-w- c:\windows\system32\preflib.dll

2011-04-30 08:48 . 2007-03-16 16:10 253952 ----a-w- c:\windows\system32\bcmwlu00.exe

2011-04-30 08:48 . 2007-03-16 16:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE

2011-04-30 08:48 . 2007-03-16 16:10 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll

2011-04-30 08:48 . 2007-03-16 16:10 1253376 ----a-w- c:\windows\system32\BCMWLTRY.EXE

2011-04-30 08:48 . 2007-03-16 16:10 3395584 ----a-w- c:\windows\system32\BCMWLCPL.CPL

2011-04-30 08:48 . 2007-03-16 16:10 20480 ----a-w- c:\windows\system32\WLTRYSVC.EXE

2011-04-30 08:48 . 2007-03-16 16:10 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL

2011-04-30 08:48 . 2007-03-16 16:10 757760 ----a-w- c:\windows\system32\bcm1xsup.dll

2011-04-30 08:48 . 2011-04-30 08:49 -------- d-----w- c:\windows\LastGood.Tmp

2011-04-30 07:48 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2011-04-30 07:48 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll

2011-04-29 18:18 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-04-29 18:18 . 2011-04-29 18:18 -------- d-----w- c:\program files\VS Revo Group

2011-04-29 18:18 . 2011-04-29 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2011-04-29 18:16 . 2011-04-29 18:16 -------- d-----w- c:\program files\Fighters

2011-04-29 18:07 . 2011-04-30 09:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-04-29 17:36 . 2011-04-29 17:36 78 ----a-w- c:\windows\Afsluiten.bat

2011-04-29 17:34 . 2011-04-29 17:34 -------- d-----w- C:\CLNSYS

2011-04-29 17:34 . 1998-12-21 16:47 27632 ----a-w- c:\windows\system\CTL3DV2.DLL

2011-04-29 17:22 . 2011-04-29 17:22 0 ----a-w- c:\windows\ativpsrm.bin

2011-04-29 16:53 . 2011-04-14 08:06 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2011-04-29 16:53 . 2011-04-29 16:53 -------- d-----w- c:\program files\Soluto

2011-04-29 16:52 . 2011-04-29 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto

2011-04-29 15:56 . 2008-01-21 15:43 4244744 ----a-w- c:\windows\system32\qtp-mt334.dll

2011-04-29 15:56 . 2008-01-21 15:43 13576 ----a-w- c:\windows\system32\wnaspi32.dll

2011-04-29 15:56 . 2008-01-21 15:43 247560 ----a-w- c:\windows\system32\prgiso.dll

2011-04-27 16:42 . 2011-04-27 16:42 -------- d-----w- c:\windows\lhsp

2011-04-27 16:42 . 2011-04-27 16:42 -------- d-----w- c:\windows\speech

2011-04-26 15:09 . 2011-04-26 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-04-25 07:56 . 2011-04-25 07:57 -------- d-----w- c:\program files\Winamp

2011-04-23 11:55 . 2011-03-03 06:53 149504 ------w- c:\windows\system32\dllcache\dnsapi.dll

2011-04-23 11:55 . 2009-04-20 17:09 45568 ------w- c:\windows\system32\dllcache\dnsrslvr.dll

2011-04-23 11:55 . 2008-10-16 15:07 138496 ------w- c:\windows\system32\dllcache\afd.sys

2011-04-23 11:55 . 2008-06-20 11:59 361600 ------w- c:\windows\system32\dllcache\tcpip.sys

2011-04-23 11:55 . 2008-06-20 17:45 247296 ------w- c:\windows\system32\dllcache\mswsock.dll

2011-04-23 11:51 . 2011-01-27 11:57 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe

2011-04-23 11:51 . 2011-02-02 07:58 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll

2011-04-23 11:51 . 2011-02-09 13:54 270848 ------w- c:\windows\system32\dllcache\sbe.dll

2011-04-23 11:51 . 2011-02-09 13:54 186880 ------w- c:\windows\system32\dllcache\encdec.dll

2011-04-23 11:51 . 2009-07-27 23:19 135680 ------w- c:\windows\system32\dllcache\shsvcs.dll

2011-04-23 11:28 . 2011-04-23 11:28 -------- d-----w- c:\program files\Glary Utilities

2011-04-23 11:28 . 2011-04-29 17:33 -------- d-----w- c:\program files\CCleaner

2011-04-22 08:28 . 2011-04-22 08:28 -------- d-----w- c:\program files\Secunia

2011-04-20 12:44 . 2011-04-20 12:44 8192 ----a-w- c:\windows\system32\srvany.exe

2011-04-20 12:44 . 2011-04-20 12:44 151552 ----a-w- c:\windows\KMService.exe

2011-04-18 10:07 . 2011-04-18 10:07 -------- d-----w- c:\documents and settings\All Users\Microsoft

2011-04-18 10:05 . 2011-04-18 10:05 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-04-18 10:05 . 2011-04-30 07:47 -------- d-----w- c:\windows\SHELLNEW

2011-04-18 10:04 . 2011-04-18 10:04 -------- d-----r- C:\MSOCache

2011-04-13 14:00 . 2011-04-13 14:00 -------- d-----w- c:\program files\Bit Che

2011-04-12 17:33 . 2011-04-13 08:11 -------- d-----w- c:\program files\Notebook Hardware Control

2011-04-12 16:48 . 2011-04-13 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2011-04-12 12:07 . 2011-04-12 12:07 -------- d-----w- c:\program files\IrfanView

2011-04-12 12:04 . 2011-04-12 12:04 -------- d-----w- c:\program files\AMD APP

2011-04-12 11:47 . 2011-04-12 11:47 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-04-12 11:28 . 2007-03-16 16:10 770048 ----a-w- c:\windows\system32\BCMLogon.dll

2011-04-12 11:28 . 2007-03-16 16:10 1060864 ----a-w- c:\windows\system32\MFC71.DLL

2011-04-12 11:28 . 2007-03-16 16:10 89088 ----a-w- c:\windows\system32\ATL71.DLL

2011-04-12 11:28 . 2011-04-12 11:28 -------- d-----w- c:\program files\Dell

2011-04-12 09:56 . 2011-04-12 10:40 811008 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2011-04-12 09:55 . 2011-04-30 07:35 -------- d-----w- c:\documents and settings\Thomas

2011-04-12 08:13 . 2011-04-29 17:23 -------- d-----w- c:\program files\SpeedFan

2011-04-11 15:20 . 2011-04-13 13:35 -------- d-----w- c:\program files\Games

2011-04-09 06:47 . 2011-04-09 06:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2011-04-06 13:42 . 2011-04-06 16:08 -------- d-----w- c:\program files\Cooking Academy 2 - World Cuisine

2011-04-06 13:40 . 2011-04-12 10:59 -------- d-----w- c:\program files\Airport Mania - First Flight

2011-04-04 14:56 . 2001-10-28 23:42 116224 ----a-w- c:\windows\system32\pdfmonnt.dll

2011-04-03 15:42 . 2011-04-03 15:42 -------- d-----w- c:\windows\Janes Hotel Mania

2011-04-03 07:58 . 2011-04-03 07:58 -------- d-----w- c:\program files\Burger Shop 2

2011-04-02 14:15 . 2011-04-02 14:15 -------- d-----w- c:\windows\system32\QuickTime

2011-04-02 08:28 . 2011-04-13 13:56 -------- d-----w- c:\documents and settings\Administrator

2011-04-02 08:20 . 2011-04-29 16:39 -------- d-----w- c:\documents and settings\Eva

2011-04-02 08:04 . 2011-04-02 08:04 -------- d-----w- c:\program files\BitTorrent

2011-03-31 17:16 . 2011-04-12 10:59 -------- d-----w- C:\tmpDownload

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-23 11:40 . 2011-03-23 15:43 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-04-04 19:58 . 2011-01-24 11:52 817152 ----a-w- c:\windows\system32\posnbmvfncsi.dll

2011-03-27 06:46 . 2011-01-15 11:53 34816 ----a-w- c:\windows\nircmdc.exe

2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-07 05:31 . 2011-01-14 00:43 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 19:44 . 2011-03-19 15:32 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys

2011-03-04 19:44 . 2011-03-19 15:32 133616 ------w- c:\windows\system32\pxafs.dll

2011-03-04 19:44 . 2011-03-19 15:32 59888 ------w- c:\windows\system32\pxwma.dll

2011-03-04 19:44 . 2011-03-19 15:32 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-03-04 19:44 . 2011-03-19 15:32 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-03-04 19:44 . 2011-03-19 15:32 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-03-04 19:44 . 2011-03-19 15:32 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-03-04 06:36 . 2009-01-31 08:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:52 . 2009-01-31 08:27 1867008 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:07 . 2009-01-31 08:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:07 . 2009-01-31 08:29 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43 . 2009-01-31 08:29 385024 ------w- c:\windows\system32\html.iec

2011-02-20 08:57 . 2011-02-20 08:57 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys

2011-02-20 08:56 . 2011-02-20 08:56 570016 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-02-18 15:36 . 2011-02-26 10:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 15:36 . 2011-02-26 10:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 16:24 . 2010-08-13 17:44 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-17 13:19 . 2009-01-31 08:26 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:19 . 2009-01-31 08:27 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-15 12:56 . 2008-04-15 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:54 . 2008-04-15 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2008-04-15 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2008-04-15 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 20:40 . 2011-01-14 16:15 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 18:19 . 2011-01-14 16:15 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2011-01-14 00:41 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-04-29 16:56 . 2011-04-25 07:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5F88951-58CB-98DC-7C3D-811479CA543E}]

2011-04-04 19:58 817152 ----a-w- c:\windows\system32\posnbmvfncsi.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"dqnnxoyfjgbzdo"="c:\windows\system32\posnbmvfncsi.dll" [2011-04-04 817152]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Microsoft SharePoint Workspace Audit Service"=3 (0x3)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"NAUpdate"=2 (0x2)

"osppsvc"=3 (0x3)

"ose"=3 (0x3)

"idsvc"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Soluto\\Soluto.exe"=

"c:\\Program Files\\Soluto\\SolutoService.exe"=

"c:\\Program Files\\Soluto\\SolutoConsole.exe"=

"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1040:TCP"= 1040:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [1/02/2009 11:24 9096]

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [29/04/2011 18:53 51144]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]

R2 KMService;KMService;c:\windows\system32\srvany.exe [20/04/2011 14:44 8192]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [14/04/2011 10:27 352800]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/04/2011 20:18 27064]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]

S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/02/2011 20:33 136176]

S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 21:37 4640000]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2011-04-30 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-04-23 15:24]

.

2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-01 18:33]

.

2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-01 18:33]

.

2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1229272821-1417001333-1007Core.job

- c:\documents and settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-12 18:33]

.

2011-04-30 c:\windows\Tasks\SLOW-PCfighter.job

- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-03-02 17:14]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://google.inklineglobal.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:805mno-3f3p&ie=ISO-8859-1&sa=Search&q=%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

Trusted Zone: spele.nl\proxy

FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\odp8hzoo.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-30 11:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(848)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(3204)

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\KMService.exe

c:\windows\System32\regsvr32.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2011-04-30 11:49:42 - machine werd herstart

ComboFix-quarantined-files.txt 2011-04-30 09:49

.

Pre-Run: 92.341.788.672 bytes beschikbaar

Post-Run: 92.283.969.536 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /numproc=1

.

- - End Of File - - 2503A88B7AA0595F4A4044E823B1C6A0

Link naar reactie
Delen op andere sites


Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\ativpsrm.bin

c:\windows\system32\xwpeyemeqtpefxd.exe

c:\windows\system32\posnbmvfncsi.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5F88951-58CB-98DC-7C3D-811479CA543E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dqnnxoyfjgbzdo"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

ComboFix 11-04-29.03 - Thomas 01/05/2011 12:57:14.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1406.973 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Thomas\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Thomas\Bureaublad\CFScript.txt

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

FILE ::

"c:\windows\ativpsrm.bin"

"c:\windows\system32\posnbmvfncsi.dll"

"c:\windows\system32\xwpeyemeqtpefxd.exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Thomas\LOCALS~1\Temp\sfamcc00001.dll

c:\docume~1\Thomas\LOCALS~1\Temp\sfareca00001.dll

c:\documents and settings\Thomas\Local Settings\Temp\sfamcc00001.dll

c:\documents and settings\Thomas\Local Settings\Temp\sfareca00001.dll

c:\windows\ativpsrm.bin

c:\windows\system32\posnbmvfncsi.dll

c:\windows\system32\xwpeyemeqtpefxd.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-01 to 2011-05-01 ))))))))))))))))))))))))))))))

.

.

2011-04-30 10:06 . 2011-04-30 10:06 -------- d-----w- c:\program files\iPod

2011-04-30 10:06 . 2011-04-30 10:07 -------- d-----w- c:\program files\iTunes

2011-04-30 10:04 . 2011-04-30 10:04 -------- d-----w- c:\program files\Bonjour

2011-04-30 09:58 . 2011-04-30 09:58 -------- d-----w- c:\program files\AMD APP

2011-04-30 09:58 . 2011-04-30 09:58 -------- d-----w- c:\program files\ATI Technologies

2011-04-30 09:54 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

2011-04-30 09:46 . 2011-04-30 09:46 -------- d-----w- c:\windows\system32\wbem\snmp

2011-04-30 09:46 . 2011-04-30 09:46 -------- d-----w- c:\windows\system32\xircom

2011-04-30 09:46 . 2011-04-30 09:46 -------- d-----w- c:\program files\microsoft frontpage

2011-04-30 08:48 . 2007-03-16 16:10 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS

2011-04-30 08:48 . 2007-03-16 16:10 44032 ----a-w- c:\windows\system32\wltrynt.dll

2011-04-30 08:48 . 2007-03-16 16:10 86016 ----a-w- c:\windows\system32\preflib.dll

2011-04-30 08:48 . 2007-03-16 16:10 253952 ----a-w- c:\windows\system32\bcmwlu00.exe

2011-04-30 08:48 . 2007-03-16 16:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE

2011-04-30 08:48 . 2007-03-16 16:10 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll

2011-04-30 08:48 . 2007-03-16 16:10 1253376 ----a-w- c:\windows\system32\BCMWLTRY.EXE

2011-04-30 08:48 . 2007-03-16 16:10 3395584 ----a-w- c:\windows\system32\BCMWLCPL.CPL

2011-04-30 08:48 . 2007-03-16 16:10 20480 ----a-w- c:\windows\system32\WLTRYSVC.EXE

2011-04-30 08:48 . 2007-03-16 16:10 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL

2011-04-30 08:48 . 2007-03-16 16:10 757760 ----a-w- c:\windows\system32\bcm1xsup.dll

2011-04-30 07:48 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2011-04-30 07:48 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll

2011-04-29 18:18 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-04-29 18:18 . 2011-04-29 18:18 -------- d-----w- c:\program files\VS Revo Group

2011-04-29 18:18 . 2011-04-29 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2011-04-29 18:16 . 2011-04-29 18:16 -------- d-----w- c:\program files\Fighters

2011-04-29 18:07 . 2011-04-30 09:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-04-29 17:36 . 2011-04-29 17:36 78 ----a-w- c:\windows\Afsluiten.bat

2011-04-29 16:53 . 2011-04-30 09:53 -------- d-----w- c:\program files\Soluto

2011-04-29 16:52 . 2011-04-30 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto

2011-04-29 15:56 . 2008-01-21 15:43 4244744 ----a-w- c:\windows\system32\qtp-mt334.dll

2011-04-29 15:56 . 2008-01-21 15:43 13576 ----a-w- c:\windows\system32\wnaspi32.dll

2011-04-29 15:56 . 2008-01-21 15:43 247560 ----a-w- c:\windows\system32\prgiso.dll

2011-04-27 16:42 . 2011-04-27 16:42 -------- d-----w- c:\windows\lhsp

2011-04-27 16:42 . 2011-04-27 16:42 -------- d-----w- c:\windows\speech

2011-04-26 15:09 . 2011-04-26 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-04-25 07:56 . 2011-04-25 07:57 -------- d-----w- c:\program files\Winamp

2011-04-23 11:55 . 2011-03-03 06:53 149504 ------w- c:\windows\system32\dllcache\dnsapi.dll

2011-04-23 11:55 . 2009-04-20 17:09 45568 ------w- c:\windows\system32\dllcache\dnsrslvr.dll

2011-04-23 11:55 . 2008-10-16 15:07 138496 ------w- c:\windows\system32\dllcache\afd.sys

2011-04-23 11:55 . 2008-06-20 11:59 361600 ------w- c:\windows\system32\dllcache\tcpip.sys

2011-04-23 11:55 . 2008-06-20 17:45 247296 ------w- c:\windows\system32\dllcache\mswsock.dll

2011-04-23 11:51 . 2011-01-27 11:57 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe

2011-04-23 11:51 . 2011-02-02 07:58 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll

2011-04-23 11:51 . 2011-02-09 13:54 270848 ------w- c:\windows\system32\dllcache\sbe.dll

2011-04-23 11:51 . 2011-02-09 13:54 186880 ------w- c:\windows\system32\dllcache\encdec.dll

2011-04-23 11:51 . 2009-07-27 23:19 135680 ------w- c:\windows\system32\dllcache\shsvcs.dll

2011-04-23 11:28 . 2011-04-23 11:28 -------- d-----w- c:\program files\Glary Utilities

2011-04-23 11:28 . 2011-04-29 17:33 -------- d-----w- c:\program files\CCleaner

2011-04-22 08:28 . 2011-04-22 08:28 -------- d-----w- c:\program files\Secunia

2011-04-20 12:44 . 2011-04-20 12:44 8192 ----a-w- c:\windows\system32\srvany.exe

2011-04-20 12:44 . 2011-04-20 12:44 151552 ----a-w- c:\windows\KMService.exe

2011-04-18 10:07 . 2011-04-18 10:07 -------- d-----w- c:\documents and settings\All Users\Microsoft

2011-04-18 10:05 . 2011-04-18 10:05 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-04-18 10:05 . 2011-04-30 07:47 -------- d-----w- c:\windows\SHELLNEW

2011-04-18 10:04 . 2011-04-18 10:04 -------- d-----r- C:\MSOCache

2011-04-13 14:00 . 2011-04-13 14:00 -------- d-----w- c:\program files\Bit Che

2011-04-12 17:33 . 2011-04-13 08:11 -------- d-----w- c:\program files\Notebook Hardware Control

2011-04-12 16:48 . 2011-04-13 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2011-04-12 12:07 . 2011-04-12 12:07 -------- d-----w- c:\program files\IrfanView

2011-04-12 11:47 . 2011-04-12 11:47 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-04-12 11:28 . 2007-03-16 16:10 770048 ----a-w- c:\windows\system32\BCMLogon.dll

2011-04-12 11:28 . 2007-03-16 16:10 1060864 ----a-w- c:\windows\system32\MFC71.DLL

2011-04-12 11:28 . 2007-03-16 16:10 89088 ----a-w- c:\windows\system32\ATL71.DLL

2011-04-12 11:28 . 2011-04-12 11:28 -------- d-----w- c:\program files\Dell

2011-04-12 09:56 . 2011-04-12 10:40 811008 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2011-04-12 09:55 . 2011-04-30 07:35 -------- d-----w- c:\documents and settings\Thomas

2011-04-12 08:13 . 2011-05-01 11:08 -------- d-----w- c:\program files\SpeedFan

2011-04-11 15:20 . 2011-04-13 13:35 -------- d-----w- c:\program files\Games

2011-04-09 06:47 . 2011-04-09 06:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-06 13:42 . 2011-04-06 16:08 -------- d-----w- c:\program files\Cooking Academy 2 - World Cuisine

2011-04-06 13:40 . 2011-04-12 10:59 -------- d-----w- c:\program files\Airport Mania - First Flight

2011-04-05 20:09 . 2011-04-05 20:09 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-04-05 20:09 . 2011-04-05 20:09 12385280 ----a-w- c:\windows\system32\amdocl.dll

2011-04-04 14:56 . 2001-10-28 23:42 116224 ----a-w- c:\windows\system32\pdfmonnt.dll

2011-04-03 15:42 . 2011-04-03 15:42 -------- d-----w- c:\windows\Janes Hotel Mania

2011-04-03 07:58 . 2011-04-03 07:58 -------- d-----w- c:\program files\Burger Shop 2

2011-04-02 14:15 . 2011-04-02 14:15 -------- d-----w- c:\windows\system32\QuickTime

2011-04-02 08:28 . 2011-04-13 13:56 -------- d-----w- c:\documents and settings\Administrator

2011-04-02 08:20 . 2011-04-30 17:54 -------- d-----w- c:\documents and settings\Eva

2011-04-02 08:04 . 2011-04-02 08:04 -------- d-----w- c:\program files\BitTorrent

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-23 11:40 . 2011-03-23 15:43 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-03-27 06:46 . 2011-01-15 11:53 34816 ----a-w- c:\windows\nircmdc.exe

2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-07 05:31 . 2011-01-14 00:43 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 19:44 . 2011-03-19 15:32 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys

2011-03-04 19:44 . 2011-03-19 15:32 133616 ------w- c:\windows\system32\pxafs.dll

2011-03-04 19:44 . 2011-03-19 15:32 59888 ------w- c:\windows\system32\pxwma.dll

2011-03-04 19:44 . 2011-03-19 15:32 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-03-04 19:44 . 2011-03-19 15:32 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-03-04 19:44 . 2011-03-19 15:32 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-03-04 19:44 . 2011-03-19 15:32 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-03-04 06:36 . 2009-01-31 08:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:52 . 2009-01-31 08:27 1867008 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:07 . 2009-01-31 08:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:07 . 2009-01-31 08:29 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43 . 2009-01-31 08:29 385024 ------w- c:\windows\system32\html.iec

2011-02-20 08:57 . 2011-02-20 08:57 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys

2011-02-20 08:56 . 2011-02-20 08:56 570016 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-02-18 15:36 . 2011-02-26 10:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 15:36 . 2011-02-26 10:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 16:24 . 2010-08-13 17:44 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-17 13:19 . 2009-01-31 08:26 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:19 . 2009-01-31 08:27 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-15 12:56 . 2008-04-15 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:54 . 2008-04-15 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2008-04-15 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2008-04-15 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 20:40 . 2011-01-14 16:15 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 07:58 . 2011-01-14 00:41 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-04-29 16:56 . 2011-04-25 07:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\Eva\Menu Start\Programma's\Opstarten\

debug.nfo [2011-5-1 52357]

speedfan.exe [2011-3-17 4523928]

speedfanevents.cfg [2011-5-1 57]

speedfanparams.cfg [2011-5-1 888]

speedfansens.cfg [2011-5-1 2270]

.

c:\documents and settings\Thomas\Menu Start\Programma's\Opstarten\

SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2011-3-17 4523928]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Microsoft SharePoint Workspace Audit Service"=3 (0x3)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"NAUpdate"=2 (0x2)

"osppsvc"=3 (0x3)

"ose"=3 (0x3)

"idsvc"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1040:TCP"= 1040:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [1/02/2009 11:24 9096]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]

R2 KMService;KMService;c:\windows\system32\srvany.exe [20/04/2011 14:44 8192]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/04/2011 20:18 27064]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]

S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/02/2011 20:33 136176]

S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 21:37 4640000]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2011-05-01 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-04-23 15:24]

.

2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-01 18:33]

.

2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-01 18:33]

.

2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1229272821-1417001333-1007Core.job

- c:\documents and settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-12 18:33]

.

2011-05-01 c:\windows\Tasks\SLOW-PCfighter.job

- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-03-02 17:14]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://google.inklineglobal.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:805mno-3f3p&ie=ISO-8859-1&sa=Search&q=%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

Trusted Zone: spele.nl\proxy

FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\odp8hzoo.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-SolutoService

AddRemove-xwpeyemeqtpefxd - c:\windows\system32\xwpeyemeqtpefxd.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-01 13:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(844)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3088)

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\KMService.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2011-05-01 13:10:16 - machine werd herstart

ComboFix-quarantined-files.txt 2011-05-01 11:10

ComboFix2.txt 2011-04-30 09:49

.

Pre-Run: 96.331.403.264 bytes beschikbaar

Post-Run: 96.355.069.952 bytes beschikbaar

.

- - End Of File - - 42620EC26ECBF720C29DD2D9EC876150

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen

×
×
  • Nieuwe aanmaken...