CF log

[Jion]

Kan iemand deze log checken aub?

thx

ComboFix 13-04-15.01 - Atikpa 16/04/2013 8:37.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.32.1036.18.894.345 [GMT 2:00]

Lancé depuis: c:\users\Atikpa\Contacts\Desktop\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Atikpa\Favorites\Google_Earth_CZXV.exe

c:\users\Atikpa\Favorites\install_flash_player.exe

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2013-03-16 au 2013-04-16 ))))))))))))))))))))))))))))))))))))

.

.

2013-04-16 05:53 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91D21992-28C1-4FA3-93EB-CBCDD250968C}\mpengine.dll

2013-04-16 05:36 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-04-16 05:36 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-04-16 05:36 . 2013-03-06 22:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-04-16 05:36 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-04-16 05:36 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-04-16 05:36 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-04-16 05:36 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-04-16 05:36 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-04-16 05:36 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe

2013-04-16 05:35 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr

2013-04-16 05:32 . 2013-04-16 05:32 -------- d-----w- c:\program files\AVAST Software

2013-04-16 05:30 . 2013-04-16 05:32 -------- d-----w- c:\programdata\AVAST Software

2013-04-16 05:17 . 2013-04-16 05:08 24064 ----a-w- c:\windows\zoek-delete.exe

2013-04-16 04:30 . 2013-04-16 06:33 -------- d-----w- c:\users\Public

2013-04-16 04:30 . 2013-04-16 04:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-04-16 04:30 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 16:09 . 2012-04-25 15:29 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 16:09 . 2011-05-24 16:54 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-11 23:10 . 2009-10-05 11:13 237088 ------w- c:\windows\system32\MpSigStub.exe

2008-08-10 16:05 . 2008-08-10 16:06 774144 ----a-w- c:\program files\RngInterstitial.dll

2008-05-12 06:12 . 2008-05-12 06:11 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe

2008-05-12 06:10 . 2008-05-12 06:09 4500672 ----a-w- c:\program files\FLV PlayerRCATSetup.exe

2008-05-12 06:02 . 2008-05-12 06:01 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]

.

c:\users\Atikpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKLM\~\startupfolder\C:^Users^Atikpa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Enregistrement du produit.lnk]

path=c:\users\Atikpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk

backup=c:\windows\pss\Logitech . Enregistrement du produit.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Atikpa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\users\Atikpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Atikpa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de détection de support de Cyber-shot Viewer.lnk]

path=c:\users\Atikpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de détection de support de Cyber-shot Viewer.lnk

backup=c:\windows\pss\Outil de détection de support de Cyber-shot Viewer.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2008-07-10 07:47 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 12:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-07-30 19:03 133104 ----atw- c:\users\Atikpa\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-05-16 10:58 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-05-16 10:58 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-05-16 10:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]

2011-11-11 13:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-01-13 09:40 7766016 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-01-13 09:40 81920 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

2007-01-13 09:40 90191 ----a-w- c:\windows\System32\nvsvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2008-01-12 17:41 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-02-15 20:50 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-09 14:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2007-08-10 16:05 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usbxp.sys [x]

.

.

--- Autres Services/Pilotes en mémoire ---

.

*NewlyCreated* - ASWSNX

*NewlyCreated* - ASWVMM

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

rsmsvcs REG_MULTI_SZ ntmssvc

ipripsvc REG_MULTI_SZ iprip

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-16 06:01 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contenu du dossier 'Tâches planifiées'

.

2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 16:09]

.

2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:00]

.

2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:00]

.

2013-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1730681426-1045181757-2780225796-1000Core.job

- c:\users\Atikpa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-30 19:03]

.

2013-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1730681426-1045181757-2780225796-1000UA.job

- c:\users\Atikpa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-30 19:03]

.

2013-04-16 c:\windows\Tasks\User_Feed_Synchronization-{6E81395A-D773-4020-A076-B6C4D47F219C}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHELINS SUPPRIMES - - - -

.

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe

MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe

MSConfigStartUp-LVCOMSX - c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe

MSConfigStartUp-lxczbmgr - c:\program files\Lexmark 1200 Series\lxczbmgr.exe

MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe

MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-softonic - c:\program files\Softonic\softonic\1.4.22.0\softonicsrv.exe

MSConfigStartUp-UVS10 Preload - c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-04-16 08:47

Windows 6.0.6000 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\S-1-5-21-1730681426-1045181757-2780225796-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):bb,e0,f5,f5,77,d2,0e,b5,9b,21,78,30,41,e3,89,52,93,73,b4,bd,d7,

0c,44,a4,c7,36,be,a6,04,6d,28,84,ce,49,0d,4b,97,a9,65,e9,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1730681426-1045181757-2780225796-1000_Classes\CLSID\{aa105e70-9d45-4bef-b12f-819c2198cad7}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000f9

"Therad"=dword:0000001f

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,fd,74,f2,78,0d,b1,8b,36,da,40,3c,ac,a8,2c,12,aa,62,d5,ed,df,15,c7,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Heure de fin: 2013-04-16 08:50:39

ComboFix-quarantined-files.txt 2013-04-16 06:50

.

Avant-CF: 2.033.524.736 octets libres

Après-CF: 1.873.457.152 octets libres

.

- - End Of File - - 33D26DEF80DB6125133E8BFE433DAFFD

[kweezie wabbit]

Dit logje ziet er goed uit.

Wat is het probleem met deze pc?

[Jion]

Malware verwijderd met Mbam en Zoek.

HDD blijft vol en traag dus 3th opninion met CF.

Zal dus eens moeten verder kijken of er ook geen problemen zijn met de HDD zelf.

Thx voor de controle!

[Jion]

ff Feedback.

Combofix blijkt toch niet zo onfeilbaar te zijn.

Achteraf heb ik nog 2 rootkits gevonden die de oorzaak waren dat de HDD volledig vol bleef.