Ga naar inhoud

Politie Virus krijg het niet weg


Aanbevolen berichten

Hier is de nieuwe file van CombiFix:

ComboFix 12-07-16.01 - Ron 17-07-2012 13:32:21.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.2070 [GMT 2:00]

Gestart vanuit: c:\users\Ron\Hijackthis\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Ron\Desktop\CFScript.txt

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\1ClickDownload

c:\program files\1ClickDownload\IMAX_Under_The_Sea_3D_(2010)_USB3DTV_Eng-Fra-Esp_1080p_MKV.torrent

c:\program files\1ClickDownload\mainpackfa.exe

c:\program files\1ClickDownload\mainpacklt.exe

c:\program files\1ClickDownload\Priest_3D_(Stereoscopic_Side-by-Side_MKV)_-_dman474_(PRM3).torrent

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\users\Ron\AppData\Local\Conduit

.

Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy1_!Windows!System32!userinit.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))

.

.

2012-07-17 11:43 . 2012-07-17 11:48 -------- d-----w- c:\users\Ron\AppData\Local\temp

2012-07-17 11:43 . 2012-07-17 11:43 -------- d-----w- c:\users\Nancy\AppData\Local\temp

2012-07-17 11:43 . 2012-07-17 11:43 -------- d-----w- c:\users\Mitchell\AppData\Local\temp

2012-07-17 11:43 . 2012-07-17 11:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-15 18:32 . 2012-07-15 18:32 -------- d-----w- c:\program files\Speccy

2012-07-15 10:14 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-15 09:23 . 2012-07-17 10:40 -------- d-----w- c:\users\Ron\Hijackthis

2012-07-11 12:53 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 12:53 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-10 12:20 . 2012-07-10 12:20 -------- d-----w- c:\users\Ron\AppData\Local\CRE

2012-07-04 14:50 . 2012-07-04 14:50 -------- d-----w- c:\users\Ron\AppData\Local\MPlayer

2012-07-04 14:43 . 2012-07-04 14:46 -------- d-----w- c:\programdata\PMS

2012-06-29 20:14 . 2012-07-13 18:03 -------- d-----w- c:\users\Ron\AppData\Local\813CD990-54BF-4D72-9D7C-DD61C095F77A.aplzod

2012-06-29 19:24 . 2012-05-25 15:09 29312 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

2012-06-29 18:01 . 2012-06-29 18:01 -------- d-----w- c:\program files\Common Files\Skype

2012-06-29 07:24 . 2012-06-29 07:24 -------- d-----w- c:\windows\nl

2012-06-29 07:17 . 2012-06-29 07:17 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-27 17:06 . 2012-06-27 17:06 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\3add568f1cd548702\DSETUP.dll

2012-06-27 17:06 . 2012-06-27 17:06 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\3add568f1cd548702\DXSETUP.exe

2012-06-27 17:06 . 2012-06-27 17:06 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\3add568f1cd548702\dsetup32.dll

2012-06-25 16:53 . 2012-06-25 16:53 -------- d-----w- C:\Download

2012-06-25 16:53 . 2012-06-25 16:53 -------- d-----w- C:\AllShare

2012-06-25 16:27 . 2012-06-25 16:27 -------- d-----w- c:\users\Ron\AppData\Local\Downloaded Installations

2012-06-20 11:57 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-20 11:57 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-20 11:57 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-20 11:56 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 18:35 . 2012-03-30 14:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 18:35 . 2011-06-16 14:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-13 13:40 . 2012-07-11 15:39 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 16:47 . 2012-07-11 12:53 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47 . 2012-07-11 12:53 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-02 22:19 . 2012-06-21 19:23 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 19:23 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 19:22 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 19:22 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 19:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 19:23 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 19:22 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-21 19:22 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-21 19:22 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:25 . 2012-07-11 15:26 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 00:04 . 2012-07-11 12:53 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03 . 2012-07-11 12:53 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-03-13 04:38 . 2012-04-19 10:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 185632]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 136600]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2007-02-13 94212]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-12-03 75048]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"AllShareAgent"="c:\users\Ron\Desktop\AllShare\AllShareAgent.exe" [2012-03-01 285072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3199624407-2966965130-2433954294-1000]

"EnableNotificationsRef"=dword:00000001

.

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 11:06]

.

2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:35]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\zs9gespq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-17 13:47

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(276)

c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Lavasoft\Ad-Aware\AAWService.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\McAfee\SiteAdvisor\McSACore.exe

c:\windows\system32\mfevtps.exe

c:\windows\system32\rundll32.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\conime.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\windows\ehome\ehmsas.exe

c:\windows\ehome\ehsched.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehRecvr.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\users\Ron\Desktop\AllShare\AllShareDMS\AllShareDMS.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\RacAgent.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-17 14:00:29 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-17 11:59

.

Pre-Run: 30.185.058.304 bytes beschikbaar

Post-Run: 29.956.079.616 bytes beschikbaar

.

- - End Of File - - C1D9F074B8228244BF6D2A221B0096E3

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.