Ga naar inhoud

Verzoek om hulp


 Delen

Aanbevolen berichten

Gelieve bijgevoegde HJT-log te analyseren en een oplossingstraject voor te stellen.

Ik heb volgende problemen:

- Help en Systeemherstel werken niet meer

- Aanpassen wisselbestand lukt niet meer

- Installatie van Updates KB 2656353 en KB 2656370 lukken niet

- PC is erg traag en sluit moeilijk af.

Bij voorbaat dank.

=========================

11:04 28-9-2012Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:04:37, on 28-9-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Lou.DYNA.002\Mijn documenten\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = KPN Vandaag

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1243813379115

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342370385058

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 5606 bytes

Link naar reactie
Delen op andere sites


  • Reacties 39
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Bij dezen mijn Combofix-log. Het heeft nog al wat moeite (en tijd!) gekost, omdat de scan telkens bleef vasthangen bij het vinden van een lege map of bestand. Na verwijderen hiervan diende ik telkens opnieuw te beginnen, maar uiteindelijk is het dan wel gelukt.

Ben erg benieuwd naar de uitslag van uw analyse. De Help en Systeemherstel functie lijkt weer te werken. Alvast bedankt hiervoor.

mvg Lou

===============

ComboFix 12-09-27.03 - Lou 29-09-2012 18:12:37.11.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.767.440 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Lou.DYNA.002\Mijn documenten\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

-- Voorgaande Run --

.

c:\windows\explorer.exe . . . is geïnfecteerd!!

.

-- Voorgaande Run --

.

c:\windows\explorer.exe . . . is geïnfecteerd!!

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-28 to 2012-09-29 ))))))))))))))))))))))))))))))

.

.

2012-09-29 10:35 . 2012-09-29 10:35 -------- d-----w- C:\FOUND.000

2012-09-28 07:36 . 2012-09-28 07:36 -------- d-----w- c:\program files\ACW

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-28 15:17 . 2004-02-06 16:09 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2003-09-27 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2003-09-27 20:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:43 . 2010-09-07 01:49 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-07-26 01:21 . 2010-09-07 01:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-07-06 13:58 . 2003-09-27 20:06 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2001-10-30 12:41 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:23 . 2001-10-30 12:31 1866240 ----a-w- c:\windows\system32\win32k.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2007-06-13 . 1D6245AFBD3FAABC16A885116BE1874D . 1036800 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.

[-] 2008-04-14 . 9C96B9490F2818E80D6ED38C2147D79A . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 9C96B9490F2818E80D6ED38C2147D79A . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2004-08-04 . 7DE46C9C40ABB58C8FDFE0212A3BF2B4 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\windows\Programma's\Opstarten\

Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-11-8 111104]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-11-8 51712]

Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-11-8 111104]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoThumbnailCache"= 1 (0x1)

"link"= 00000000

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-07 07:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]

2008-11-06 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFDE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-06-15 15:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2012-01-23 03:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\OSA.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Spamihilator\\spamihilator.exe"=

"c:\\Program Files\\Spamihilator\\cdcc.exe"=

"c:\\Program Files\\Spamihilator\\dccproc.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 3:48 31952]

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [18-5-2009 9:48 149376]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-9-2010 3:48 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7-9-2010 3:49 301920]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23-1-2012 5:43 92592]

R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [17-11-2011 18:42 762112]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

R3 AVMWAN;AVM NDIS WAN CAPI-stuurprogramma;c:\windows\system32\drivers\avmwan.sys [4-12-2001 13:34 37568]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [26-7-2010 16:15 21888]

R3 EL910;3Com 3CSOHO100B-TX PCI;c:\windows\system32\drivers\EL910N51.sys [29-5-2002 23:54 38400]

R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;c:\windows\system32\drivers\fpcibase.sys [4-12-2001 13:34 444416]

S1 6616204d;6616204d; [x]

S2 as260n;as260n; [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13-8-2012 3:24 5167736]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [4-12-2004 2:52 144896]

S3 METROP;Canon scaner FB310;c:\windows\system32\DRIVERS\as260n.sys --> c:\windows\system32\DRIVERS\as260n.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-25 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.kpnvandaag.nl/#Overzicht

mStart Page = about:blank

mWindow Title = Microsoft Internet Explorer

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

AddRemove-ROUTE 66 Streets versie 98 - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-09-29 18:26

Windows 5.1.2600 Service Pack 3 FAT NTAPI

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2012-09-29 18:30:09

ComboFix-quarantined-files.txt 2012-09-29 16:30

ComboFix2.txt 2009-06-11 18:43

ComboFix3.txt 2009-06-09 18:56

ComboFix4.txt 2009-06-09 16:46

.

Pre-Run: 1.253.441.536 bytes beschikbaar

Post-Run: 1.685.323.776 bytes beschikbaar

.

- - End Of File - - E73A67FD6FF08FCF8495C635317AD4C3

aangepast door Genhout
Link naar reactie
Delen op andere sites


  • 2 weken later...

Jotti-scan gedaan, en slechts een van de scanners (Avira AntiVir) vond malware (zie onder)

Hoe verder nu?

[h=3]Jotti's malware scan[/h][TABLE=class: top left]

[TR]

[TD=width: 100]Bestandsnaam: [/TD]

[TD=width: *]explorer.exe [/TD]

[/TR]

[TR]

[TD]Status: [/TD]

[TD]Scan voltooid. 1 uit 19 scanners vonden malware.

[/TD]

[/TR]

[TR]

[TD]Scan genomen op: [/TD]

[TD]do 11 okt 2012 19:31:06 (CET) Permalink[/TD]

[/TR]

[TR]

[TD][/TD]

[TD][/TD]

[TD][/TD]

[TD][/TD]

[/TR]

[/TABLE]


[h=3]Extra informatie[/h][TABLE=class: scannertable]

[TR]

[TD=width: 100]Bestandsgrootte: [/TD]

[TD]1037312 bytes [/TD]

[/TR]

[TR]

[TD=width: 100]Bestandstype: [/TD]

[TD]PE32 executable for MS Windows (GUI) Intel 80386 32-bit [/TD]

[/TR]

[TR]

[TD]MD5: [/TD]

[TD]7eabb7e4bc1505bfc92a4580e59dce41 [/TD]

[/TR]

[TR]

[TD]SHA1: [/TD]

[TD]453ac15ba4ad0156b7cc91c0d6d54d7f2921200d[/TD]

[/TR]

[/TABLE]

Scanners

[TABLE=class: scannertable]

[TR]

[TD=width: 85]arcavir.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[TD=width: 85]fsecure.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]avast.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[TD=width: 85]gdata.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]avg.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[TD=width: 85]ikarus.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]avira.gif [/TD]

[TD=class: vcentre]2012-10-11 TR/Patched.Gen

[/TD]

[TD=width: 85]kaspersky.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]bitdefender.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[TD=width: 85]panda.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]clamav.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[TD=width: 85]quickheal.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]cpsecure.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[TD=width: 85]sophos.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]drweb.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[TD=width: 85]vba32.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]nod32.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[TD=width: 85]virusbuster.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[TR]

[TD=width: 85]fprot.gif [/TD]

[TD=class: vcentre]2012-10-11 Niets gevonden

[/TD]

[/TR]

[/TABLE]

Link naar reactie
Delen op andere sites


Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

FCOPY::

c:\windows\ServicePackFiles\i386\explorer.exe|c:\windows\explorer.exe

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Hallo kape,

bij dezen de inhoud van de Combofix.txt. Er hebben zich geen bijzondere problemen voorgedaan tijdens deze scan.

ComboFix 12-09-27.03 - Lou 12-10-2012 14:21:50.12.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.767.354 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Lou.DYNA.002\Mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Lou.DYNA.002\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\SET1A.tmp

c:\windows\system32\SET1E.tmp

.

c:\windows\explorer.exe . . . is geïnfecteerd!!

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-12 to 2012-10-12 ))))))))))))))))))))))))))))))

.

.

2012-10-12 09:49 . 2012-10-12 09:49 -------- d-----w- c:\windows\LastGood

2012-10-09 09:09 . 2012-10-09 09:09 -------- d-----w- c:\windows\system32\wbem\Repository

2012-10-01 15:16 . 2012-10-01 15:16 -------- d-----w- C:\Recycled(2)

2012-09-28 07:36 . 2012-09-28 07:36 -------- d-----w- c:\program files\ACW

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-28 15:17 . 2004-02-06 16:09 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2003-09-27 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2003-09-27 20:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:43 . 2010-09-07 01:49 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-08-23 06:27 . 2001-10-30 12:30 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2001-09-06 17:53 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-26 01:21 . 2010-09-07 01:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\LastGood\explorer.exe

[-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2007-06-13 . 1D6245AFBD3FAABC16A885116BE1874D . 1036800 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.

[-] 2008-04-14 . 9C96B9490F2818E80D6ED38C2147D79A . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 9C96B9490F2818E80D6ED38C2147D79A . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2004-08-04 . 7DE46C9C40ABB58C8FDFE0212A3BF2B4 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\windows\Programma's\Opstarten\

Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-11-8 111104]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-11-8 51712]

Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-11-8 111104]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoThumbnailCache"= 1 (0x1)

"link"= 00000000

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-07 07:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]

2008-11-06 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFDE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-06-15 15:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2012-01-23 03:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\OSA.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Spamihilator\\spamihilator.exe"=

"c:\\Program Files\\Spamihilator\\cdcc.exe"=

"c:\\Program Files\\Spamihilator\\dccproc.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 3:48 31952]

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [18-5-2009 9:48 149376]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-9-2010 3:48 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7-9-2010 3:49 301920]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23-1-2012 5:43 92592]

R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [17-11-2011 18:42 762112]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

R3 AVMWAN;AVM NDIS WAN CAPI-stuurprogramma;c:\windows\system32\drivers\avmwan.sys [4-12-2001 13:34 37568]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [26-7-2010 16:15 21888]

R3 EL910;3Com 3CSOHO100B-TX PCI;c:\windows\system32\drivers\EL910N51.sys [29-5-2002 23:54 38400]

R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;c:\windows\system32\drivers\fpcibase.sys [4-12-2001 13:34 444416]

S1 6616204d;6616204d; [x]

S2 as260n;as260n; [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13-8-2012 3:24 5167736]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [4-12-2004 2:52 144896]

S3 METROP;Canon scaner FB310;c:\windows\system32\DRIVERS\as260n.sys --> c:\windows\system32\DRIVERS\as260n.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-09 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.kpnvandaag.nl/#Overzicht

mStart Page = about:blank

mWindow Title = Microsoft Internet Explorer

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-12 14:38

Windows 5.1.2600 Service Pack 3 FAT NTAPI

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2012-10-12 14:41:22

ComboFix-quarantined-files.txt 2012-10-12 12:41

ComboFix2.txt 2012-09-29 16:30

ComboFix3.txt 2009-06-11 18:43

ComboFix4.txt 2009-06-09 18:56

ComboFix5.txt 2012-10-01 14:40

.

Pre-Run: 4.115.562.496 bytes beschikbaar

Post-Run: 4.264.755.200 bytes beschikbaar

.

- - End Of File - - 443DA9C1E7E32D2F9AD020C0CDCA165F

Link naar reactie
Delen op andere sites

Hallo kape,

Bij dezen de log file. Er hebben zich geen bijzondere problemen voorgedaan tijdens de scan.

ComboFix 12-09-27.03 - Lou 12-10-2012 14:21:50.12.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.767.354 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Lou.DYNA.002\Mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Lou.DYNA.002\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\SET1A.tmp

c:\windows\system32\SET1E.tmp

.

c:\windows\explorer.exe . . . is geïnfecteerd!!

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-12 to 2012-10-12 ))))))))))))))))))))))))))))))

.

.

2012-10-12 09:49 . 2012-10-12 09:49 -------- d-----w- c:\windows\LastGood

2012-10-09 09:09 . 2012-10-09 09:09 -------- d-----w- c:\windows\system32\wbem\Repository

2012-10-01 15:16 . 2012-10-01 15:16 -------- d-----w- C:\Recycled(2)

2012-09-28 07:36 . 2012-09-28 07:36 -------- d-----w- c:\program files\ACW

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-28 15:17 . 2004-02-06 16:09 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2003-09-27 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2003-09-27 20:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:43 . 2010-09-07 01:49 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-08-23 06:27 . 2001-10-30 12:30 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2001-09-06 17:53 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-26 01:21 . 2010-09-07 01:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\LastGood\explorer.exe

[-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2007-06-13 . 1D6245AFBD3FAABC16A885116BE1874D . 1036800 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.

[-] 2008-04-14 . 9C96B9490F2818E80D6ED38C2147D79A . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 9C96B9490F2818E80D6ED38C2147D79A . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2004-08-04 . 7DE46C9C40ABB58C8FDFE0212A3BF2B4 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\windows\Programma's\Opstarten\

Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-11-8 111104]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-11-8 51712]

Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-11-8 111104]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoThumbnailCache"= 1 (0x1)

"link"= 00000000

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-07 07:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]

2008-11-06 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFDE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-06-15 15:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2012-01-23 03:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\OSA.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Spamihilator\\spamihilator.exe"=

"c:\\Program Files\\Spamihilator\\cdcc.exe"=

"c:\\Program Files\\Spamihilator\\dccproc.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 3:48 31952]

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [18-5-2009 9:48 149376]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-9-2010 3:48 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7-9-2010 3:49 301920]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23-1-2012 5:43 92592]

R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [17-11-2011 18:42 762112]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]

R3 AVMWAN;AVM NDIS WAN CAPI-stuurprogramma;c:\windows\system32\drivers\avmwan.sys [4-12-2001 13:34 37568]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [26-7-2010 16:15 21888]

R3 EL910;3Com 3CSOHO100B-TX PCI;c:\windows\system32\drivers\EL910N51.sys [29-5-2002 23:54 38400]

R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;c:\windows\system32\drivers\fpcibase.sys [4-12-2001 13:34 444416]

S1 6616204d;6616204d; [x]

S2 as260n;as260n; [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13-8-2012 3:24 5167736]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [4-12-2004 2:52 144896]

S3 METROP;Canon scaner FB310;c:\windows\system32\DRIVERS\as260n.sys --> c:\windows\system32\DRIVERS\as260n.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-09 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.kpnvandaag.nl/#Overzicht

mStart Page = about:blank

mWindow Title = Microsoft Internet Explorer

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-12 14:38

Windows 5.1.2600 Service Pack 3 FAT NTAPI

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2012-10-12 14:41:22

ComboFix-quarantined-files.txt 2012-10-12 12:41

ComboFix2.txt 2012-09-29 16:30

ComboFix3.txt 2009-06-11 18:43

ComboFix4.txt 2009-06-09 18:56

ComboFix5.txt 2012-10-01 14:40

.

Pre-Run: 4.115.562.496 bytes beschikbaar

Post-Run: 4.264.755.200 bytes beschikbaar

.

- - End Of File - - 443DA9C1E7E32D2F9AD020C0CDCA165F

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen


×
×
  • Nieuwe aanmaken...