Ga naar inhoud

malwarebytes

johnnykaty

Door johnnykaty
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

johnnykaty Meewerkend lid

johnnykaty

Geplaatst:
  • Auteur
Geplaatst:

het is gelukt in veilige modus

ComboFix 11-12-27.01 - Eigenaar 27/12/2011 23:00:40.3.4 - FAT32x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.3053.2712 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Application Data\TEMP

C:\Documents and Settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe

C:\Documents and Settings\All Users\Application Data\TEMP\2B11E0DF.TMP

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\avi7.avg

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\crt_x64.msi

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\files.dat

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\incavi.avm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_cz.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_da.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_fr.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_ge.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_hu.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_id.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_in.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_it.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_jp.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_ko.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_ms.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_nl.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_pb.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_pl.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_pt.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_ru.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_sc.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_sk.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_sp.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_tr.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_us.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_zh.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_zt.htm

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\microavi.avg

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\miniavi.avg

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setup.dat

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setup.exe

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setup.ini

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupcz.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupda.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupfr.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupge.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setuphu.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupid.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupin.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupit.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupjp.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupko.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupms.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupnl.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setuppb.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setuppl.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setuppt.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupru.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupsc.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupsk.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupsp.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setuptr.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupus.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupzh.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setupzt.lns

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\vcredis1.cab

C:\Documents and Settings\All Users\Application Data\TEMP\AVG\vcredist.msi

C:\Documents and Settings\Eigenaar\Application Data\facemoods.com

C:\Documents and Settings\Eigenaar\Application Data\inst.exe

C:\Documents and Settings\Eigenaar\Application Data\vso_ts_preview.xml

C:\Documents and Settings\Eigenaar\WINDOWS

C:\Documents and Settings\LocalService\Application Data\facemoods.com

C:\Program Files\WindowsSearch-KB940157-XP-x86-nld.exe

C:\Program Files\WindowsXP-KB835935-SP2-ENU.exe

C:\WINDOWS\IsUn0413.exe

C:\WINDOWS\system32\muzapp.exe

C:\WINDOWS\system32\PowerToyReadme.htm

C:\WINDOWS\system32\SET35E.tmp

C:\WINDOWS\system32\SET5B.tmp

C:\WINDOWS\system32\SET5F.tmp

C:\WINDOWS\system32\SET67.tmp

C:\WINDOWS\system32\SETBA.tmp

C:\WINDOWS\system32\SETBE.tmp

C:\WINDOWS\system32\SETC6.tmp

C:\WINDOWS\unin0413.exe

C:\WINDOWS\WindowsUpdate.log

E:\setup.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_npf

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-27 to 2011-12-27 ))))))))))))))))))))))))))))))

2011-12-27 21:25:02 . 2011-12-27 21:25:02 -------- d-----w- C:\FOUND.002

2011-12-27 20:39:34 . 2011-12-27 20:39:36 -------- d--h--r- C:\Documents and Settings\Eigenaar\Onlangs geopend

2011-12-26 15:43:01 . 2011-12-26 15:43:02 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\Malwarebytes

2011-12-26 15:42:52 . 2011-12-26 15:42:54 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2011-12-26 15:42:50 . 2011-08-31 16:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-12-26 15:27:02 . 2011-12-26 15:27:04 388096 ----a-r- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-26 15:27:01 . 2011-12-26 15:27:02 -------- d-----w- C:\Program Files\Trend Micro

2011-12-24 20:46:56 . 2011-12-24 20:46:58 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\CheckPoint

2011-12-24 20:46:38 . 2011-12-24 20:46:40 -------- d-----w- C:\Program Files\Conduit

2011-12-24 20:46:37 . 2011-12-24 20:46:38 -------- d-----w- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\ZoneAlarm_Security

2011-12-24 20:46:36 . 2011-12-24 20:46:38 -------- d-----w- C:\Program Files\ZoneAlarm_Security

2011-12-24 20:46:20 . 2011-12-24 20:46:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\CheckPoint

2011-12-24 20:46:12 . 2011-12-24 20:46:14 -------- d-----w- C:\Program Files\CheckPoint

2011-12-24 15:30:13 . 2011-12-24 15:30:14 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\Avira

2011-12-24 15:29:45 . 2011-12-25 22:28:18 134856 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys

2011-12-24 15:29:45 . 2011-09-15 22:55:06 36000 ----a-w- C:\WINDOWS\system32\drivers\avkmgr.sys

2011-12-24 15:29:45 . 2011-09-15 22:55:04 74640 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys

2011-12-24 15:29:40 . 2011-12-24 15:29:42 -------- d-----w- C:\Program Files\Avira

2011-12-24 15:29:40 . 2011-12-24 15:29:42 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira

2011-12-23 22:21:02 . 2011-12-23 22:21:04 -------- d-----w- C:\WINDOWS\system32\wbem\Repository

2011-12-23 18:17:39 . 2008-11-07 17:55:30 16928 ------w- C:\WINDOWS\system32\spmsgXP_2k3.dll

2011-12-23 18:17:04 . 2011-12-23 18:17:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}

2011-12-23 17:32:24 . 2011-12-23 17:33:10 82885256 ----a-w- C:\Program Files\avira_free_antivirus_en.exe

2011-12-23 17:06:20 . 2011-12-23 17:06:22 16976752 ----a-w- C:\Program Files\IE8-WindowsXP-x86-NLD.exe

2011-12-23 16:32:20 . 2007-06-27 15:24:00 135168 ----a-w- C:\WINDOWS\system32\GraphicalDLL.dll

2011-12-23 16:32:20 . 1998-12-02 09:11:02 143360 ----a-w- C:\WINDOWS\system32\vbuzip10.dll

2011-12-23 16:32:17 . 2011-12-23 16:32:18 -------- d-----w- C:\Program Files\jsplus

2011-12-23 16:29:07 . 2011-12-23 16:28:56 597912 ----a-w- C:\Program Files\installer_javascript_plus.exe

2011-12-23 15:48:56 . 2011-12-21 08:02:22 43992 ----a-w- C:\Program Files\Mozilla Firefox\mozutils.dll

2011-12-23 15:48:56 . 2011-12-21 04:29:42 626688 ----a-w- C:\Program Files\Mozilla Firefox\msvcr80.dll

2011-12-23 15:48:56 . 2011-12-21 04:29:42 548864 ----a-w- C:\Program Files\Mozilla Firefox\msvcp80.dll

2011-12-23 15:48:56 . 2011-12-21 04:29:42 479232 ----a-w- C:\Program Files\Mozilla Firefox\msvcm80.dll

2011-12-23 15:48:06 . 2011-12-23 15:47:56 15658984 ----a-w- C:\Program Files\Firefox Setup 9.0.1.exe

2011-12-23 15:38:57 . 2011-12-23 15:38:58 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\vlc

2011-12-23 07:25:59 . 2004-08-04 12:00:00 66113 ----a-w- C:\WINDOWS\system32\dllcache\shvl.dll

2011-12-23 00:51:32 . 2011-12-23 00:51:32 -------- d-----w- C:\FOUND.001

2011-12-23 00:27:31 . 2009-12-17 07:42:54 345600 ----a-w- C:\WINDOWS\system32\mspaint.exe

2011-12-23 00:27:31 . 2009-12-17 07:42:54 345600 ----a-w- C:\WINDOWS\system32\dllcache\mspaint.exe

2011-12-23 00:27:00 . 2006-12-28 23:31:32 19569 ----a-w- C:\WINDOWS\000001_.tmp

2011-12-22 23:14:18 . 2008-04-13 21:14:30 2560 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2011-12-22 20:40:08 . 2011-12-22 20:40:08 -------- d-----w- C:\FOUND.000

2011-12-22 20:20:03 . 2011-11-28 17:53:54 435032 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys

2011-12-22 20:20:03 . 2011-11-28 17:53:22 195416 ----a-w- C:\WINDOWS\system32\drivers\aswNdis2.sys

2011-12-22 20:20:03 . 2011-11-28 17:52:20 34392 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2011-12-22 20:20:03 . 2011-11-28 17:52:16 52952 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2011-12-22 20:20:02 . 2011-11-28 17:52:02 111320 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2011-12-22 20:20:02 . 2011-11-28 17:52:00 105176 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2011-12-22 20:20:01 . 2011-11-28 17:48:50 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2011-12-22 20:19:30 . 2011-11-28 18:01:26 41184 ----a-w- C:\WINDOWS\avastSS.scr

2011-12-22 20:19:29 . 2011-11-28 18:01:24 199816 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2011-12-15 01:15:08 . 2011-12-15 01:15:10 -------- d-----w- C:\WINDOWS\ie8updates

2011-12-14 00:51:13 . 2007-08-21 12:32:44 98304 ----a-w- C:\WINDOWS\system32\redmonnt.dll

2011-12-14 00:51:10 . 2011-12-14 00:51:12 59 ----a-w- C:\user.js

2011-12-10 01:30:40 . 2011-03-24 07:41:42 24376 ----a-w- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

2011-12-10 01:00:56 . 2011-12-10 01:00:58 -------- d-----w- C:\Documents and Settings\LocalService\Menu Start

2011-12-07 23:15:56 . 2011-12-07 23:15:58 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\Dropbox

2011-12-06 18:13:13 . 2011-12-06 18:13:14 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\Skype

2011-12-06 18:13:10 . 2011-12-06 18:13:12 -------- d-----r- C:\Program Files\Skype

2011-12-04 20:44:27 . 2011-12-04 20:44:28 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\OpenCandy

2011-12-03 10:32:47 . 2008-09-04 18:17:02 447752 ----a-r- C:\WINDOWS\system32\vp6vfw.dll

2011-12-03 10:32:36 . 2011-12-03 10:32:38 -------- d-----w- C:\Program Files\Microsoft WSE

2011-12-03 09:56:48 . 2011-02-16 15:52:46 11520 ----a-w- C:\WINDOWS\system32\drivers\wdcsam.sys

2011-12-03 09:56:23 . 2011-12-03 09:56:24 -------- d-----w- C:\Program Files\Western Digital

2011-11-29 15:49:49 . 2011-11-29 15:49:50 -------- d-----w- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Radical Software Ltd

2011-11-28 16:11:03 . 2011-11-28 16:11:04 -------- d-----w- C:\Documents and Settings\Eigenaar\Application Data\Mipony

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-09 22:28:54 . 2004-08-04 11:00:00 33792 ----a-w- C:\WINDOWS\system32\rundll32.exe

2011-11-23 14:40:48 . 2004-08-04 11:00:00 1859712 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-11-17 17:42:32 . 2011-06-01 07:15:56 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-11-10 04:54:14 . 2010-04-15 15:29:03 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2011-11-10 02:27:10 . 2008-11-14 13:13:23 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl

2011-11-04 19:13:24 . 2004-08-04 11:00:00 916992 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-11-04 19:13:22 . 2004-08-04 11:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll

2011-11-04 19:13:22 . 2004-08-04 11:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl

2011-11-04 11:25:40 . 2004-08-04 11:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec

2011-11-01 16:07:16 . 2004-08-04 11:00:00 1288192 ----a-w- C:\WINDOWS\system32\ole32.dll

2011-10-28 05:32:20 . 2004-08-04 11:00:00 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll

2011-10-26 10:50:02 . 2004-08-04 11:00:00 2153472 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe

2011-10-26 10:50:02 . 2004-08-03 23:58:16 2031616 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe

2011-10-18 11:13:38 . 2004-08-04 11:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll

2011-10-10 14:22:52 . 2008-08-27 16:32:43 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll

2011-08-25 00:27:04 . 2011-08-25 00:25:21 46681344 ----a-w- C:\Program Files\eSupport_hpcom_130_011.exe

2011-06-21 19:09:56 . 2011-06-21 19:09:57 38147376 ----a-w- C:\Program Files\QuickTimeInstaller.exe

2011-05-22 21:34:06 . 2011-05-22 21:34:23 287024 ----a-w- C:\Program Files\SoftonicDownloader_voor_jdownloader.exe

2011-05-12 22:24:20 . 2011-05-12 22:24:35 1760149 ----a-w- C:\Program Files\wrar400nl.exe

2011-05-06 23:01:58 . 2011-05-06 23:02:25 287008 ----a-w- C:\Program Files\SoftonicDownloader_for_jdownloader.exe

2010-05-19 23:08:38 . 2010-05-19 23:08:36 12789248 ----a-w- C:\Program Files\MP10Setup.exe

2010-05-19 23:07:26 . 2010-05-19 23:07:38 909176 ----a-w- C:\Program Files\WGAPluginInstall.exe

2011-03-24 07:41:42 . 2011-12-10 01:30:40 24376 ----a-w- C:\Program Files\mozilla firefox\components\Scriptff.dll

2011-12-21 08:02:22 . 2011-04-01 16:26:28 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

2006-05-03 11:06:54 163328 --sha-r- C:\WINDOWS\system32\flvDX.dll

2010-01-06 23:00:00 107520 --sha-r- C:\WINDOWS\system32\TAKDSDecoder.dll

2007-02-21 12:47:16 31232 --sha-r- C:\WINDOWS\system32\msfDX.dll

2008-03-16 14:30:52 216064 --sha-r- C:\WINDOWS\system32\nbDX.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17:22 94208 ----a-w- C:\Documents and Settings\Eigenaar\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17:22 94208 ----a-w- C:\Documents and Settings\Eigenaar\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17:22 94208 ----a-w- C:\Documents and Settings\Eigenaar\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17:22 94208 ----a-w- C:\Documents and Settings\Eigenaar\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Versato"="C:\Program Files\MediaKey\MagicRun.exe" [2002-02-22 14:30:34 24576]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 18:25:52 1211176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-08-01 12:30:14 150040]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-08-01 12:30:00 170520]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-08-01 12:30:08 141848]

"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-08 11:59:36 45632]

"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-08 11:59:36 49216]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 02:12:38 76304]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 21:33:22 110592]

"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 13:54:26 17021440]

"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 18:36:04 1569280]

"fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" [2010-04-28 06:44:02 647528]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 23:58:10 37296]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 05:59:06 937920]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 16:38:18 421888]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 10:38:22 258512]

"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2011-10-19 10:18:18 738944]

"ZoneAlarm"="J:\download programmas\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 15:22:02 73360]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 11:48:18 58656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 21:32:54 15360]

C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\

Dropbox.lnk - C:\Documents and Settings\Eigenaar\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 21:41:34 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42:30 72208 ----a-w- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\WINDOWS\\System32\\dpvsetup.exe"=

"C:\\Program Files\\Java\\JRE6\\BIN\\javaw.exe"=

"C:\\Program Files\\JDownloader\\JDownloader.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\devolo\\informer\\devinf.exe"=

"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Documents and Settings\\Eigenaar\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"22148:TCP"= 22148:TCP:BitComet 22148 TCP

"22148:UDP"= 22148:UDP:BitComet 22148 UDP

"10155:TCP"= 10155:TCP:BitComet 10155 TCP

"10155:UDP"= 10155:UDP:BitComet 10155 UDP

"12272:TCP"= 12272:TCP:BitComet 12272 TCP

"12272:UDP"= 12272:UDP:BitComet 12272 UDP

"4662:TCP"= 4662:TCP:emule

"4672:UDP"= 4672:UDP:emule

"4001:TCP"= 4001:TCP:jdownloader

"18186:TCP"= 18186:TCP:BitComet 18186 TCP

"18186:UDP"= 18186:UDP:BitComet 18186 UDP

"13462:TCP"= 13462:TCP:BitComet 13462 TCP

"13462:UDP"= 13462:UDP:BitComet 13462 UDP

"6887:TCP"= 6887:TCP:skydownloader

"800:TCP"= 800:TCP:jdownloader

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"80:UDP"= 80:UDP:wiisos.com

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 avkmgr;avkmgr;C:\WINDOWS\system32\drivers\avkmgr.sys [24/12/2011 16:29:45 36000]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [29/08/2008 11:49:28 11889]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [24/12/2011 16:29:47 86224]

R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [12/09/2009 18:49:48 238952]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [19/10/2011 11:18:14 27016]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [19/10/2011 11:18:26 497280]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\WINDOWS\system32\drivers\npf_devolo.sys [13/07/2009 17:57:04 35840]

R2 VideoAcceleratorService;VideoAcceleratorService;J:\PROGRA~1\DAP\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> J:\PROGRA~1\DAP\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/03/2011 11:07:54 238592]

R2 WDFME;WD File Management Engine;C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/03/2011 11:18:06 1060864]

R2 WDSC;WD File Management Shadow Engine;C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/03/2011 11:16:56 484352]

R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [12/09/2009 18:49:48 36608]

R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\drivers\pcouffin.sys [11/07/2009 23:37:27 47360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16:28 130384]

S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\drivers\a38usb.sys [24/03/2006 19:14:46 33536]

S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys --> C:\WINDOWS\system32\drivers\dgderdrv.sys [?]

S3 epmntdrv;epmntdrv;C:\WINDOWS\system32\epmntdrv.sys [9/08/2011 23:31:58 13192]

S3 EuGdiDrv;EuGdiDrv;C:\WINDOWS\system32\EuGdiDrv.sys [9/08/2011 23:31:58 8456]

S3 ivusb;Initio Driver for USB Default Controller;C:\WINDOWS\system32\DRIVERS\ivusb.sys --> C:\WINDOWS\system32\DRIVERS\ivusb.sys [?]

S3 MusCAudio;MusCAudio;C:\WINDOWS\system32\drivers\MusCAudio.sys [24/08/2009 23:36:56 23096]

S3 pwdrvio;pwdrvio;C:\WINDOWS\system32\pwdrvio.sys [27/04/2010 21:58:01 16472]

S3 pwdspio;pwdspio;C:\WINDOWS\system32\pwdspio.sys [27/04/2010 21:58:00 11104]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\drivers\wdcsam.sys [3/12/2011 10:56:48 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16:28 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Inhoud van de 'Gedeelde Taken' map

2011-12-27 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-18 00:09:49 . 2011-12-18 00:09:28]

2011-12-27 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-18 00:09:49 . 2011-12-18 00:09:28]

2011-12-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50:20 . 2009-10-22 10:50:20]

------- Bijkomende Scan -------

uLocal Page = %SystemRoot%\blank.htm

mLocal Page = %SystemRoot%\blank.htm

mStart Page = hxxp://www.msn.com

IE: Download met MiPony - file://J:\download programmas\MiPony\Browser\IEContext.htm

IE: E&xporteren naar Microsoft Excel - D:\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to Mp3 Converter - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Save YouTube Video as MP3

IE: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

LSP: J:\PROGRA~1\DAP\SPEEDB~1\sblsp.dll

Trusted Zone: fulldls.com\www

Trusted Zone: wiisos.com\.www

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\d7e42thd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18832

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/allcdcovers/{45287E1E-18D2-47CF-5833-1F36E656B999}?q=

FF - prefs.js: network.proxy.type - 4

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, );user_pref(extensions.BabylonToolbar_i.babTrack,

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt -

FF - user.js: extensions.BabylonToolbar_i.instlRef - na

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

HKLM-Run-NPSStartup - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-RRF.exe - C:\windows\unin0413.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\000001_.tmp

Folder::

C:\FOUND.002

C:\Program Files\Conduit

C:\FOUND.001

C:\FOUND.000

Firefox::

FF - ProfilePath - C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\d7e42thd.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.