Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Ben
Hallo rudi,
Goed opgelet hoor (tu)
Net wat je zegt: straks krijgen we allemaal doe het zelfers >
<
Gr.Ben
Hier weer de logjes.
ComboFix 12-04-27.01 - Sam 29-04-2012 14:55:30.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.1874
Gestart vanuit: c:\users\Sam\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Sam\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sam\AppData\Roaming\Complitly
c:\users\Sam\AppData\Roaming\Complitly\64\Complitly64.dll
c:\users\Sam\AppData\Roaming\Complitly\64\KeepMeUpdated.exe
c:\users\Sam\AppData\Roaming\Complitly\Complitly.dll
c:\users\Sam\AppData\Roaming\Complitly\KeepMeUpdated.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-28 to 2012-04-29 ))))))))))))))))))))))))))))))
.
.
2012-04-29 13:02 . 2012-04-29 13:03 ——– d—–w- c:\users\Sam\AppData\Local\temp
2012-04-29 13:02 . 2012-04-29 13:02 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-04-29 13:02 . 2012-04-29 13:02 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-27 18:51 . 2012-04-27 18:52 ——– d—–w- C:\TDSSStarter
2012-04-27 14:13 . 2012-04-27 14:13 ——– d—–w- c:\program files\Mozilla Maintenance Service
2012-04-27 14:13 . 2012-04-27 14:13 157352 —-a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 14:13 . 2012-04-27 14:13 129976 —-a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-27 14:01 . 2012-04-27 14:01 ——– d—–w- c:\program files\Common Files\Java
2012-04-27 14:00 . 2012-04-27 14:00 476960 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-04-27 09:19 . 2012-04-13 07:36 6734704 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6896CF6C-BB78-4066-BDD3-AF9D445BF380}\mpengine.dll
2012-04-26 18:15 . 2012-04-26 18:15 ——– d—–w- c:\users\Sam\AppData\Roaming\PeerNetworking
2012-04-25 19:04 . 2012-04-25 19:04 ——– d—–w- c:\users\Sam\AppData\Local\Rockstar Games
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\windows\system32\xlive
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\program files\Microsoft Games for Windows - LIVE
2012-04-24 14:40 . 2012-04-24 14:40 ——– d—–w- c:\programdata\McAfee
2012-04-24 14:40 . 2012-04-24 15:18 418464 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 14:06 . 2004-01-06 07:43 188416 —-a-w- c:\program files\eax.dll
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\text
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\ReadMe
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\movies
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\AutoRunSource
2012-04-18 14:06 . 2008-06-14 13:22 122368 —-a-w- c:\program files\cleo.asi
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\data
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\anim
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\CLEO
2012-04-18 14:03 . 2012-04-18 14:05 ——– d—–w- c:\program files\models
2012-04-18 14:01 . 2012-04-18 14:01 ——– d—–w- c:\program files\audio
2012-04-15 19:34 . 2012-04-15 19:34 ——– d—–w- c:\program files\Alcohol Soft
2012-04-15 19:30 . 2012-04-15 19:30 477240 —-a-w- c:\windows\system32\drivers\sptd.sys
2012-04-12 13:37 . 2012-02-28 01:58 141112 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 13:37 . 2012-02-28 01:03 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2012-04-12 11:40 . 2012-03-01 11:01 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 19:49 . 2012-04-09 19:49 ——– d—–w- c:\programdata\Premium
2012-04-09 19:49 . 2012-04-09 19:50 ——– d—–w- c:\program files\Optimizer Pro
2012-04-09 19:48 . 2012-04-09 19:49 ——– d—–w- c:\programdata\InstallMate
2012-04-09 17:18 . 1998-10-29 14:45 306688 —-a-w- c:\windows\IsUninst.exe
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-04-04 18:50 . 2012-04-04 18:50 ——– d—–w- c:\program files\QuickTime
2012-04-04 18:45 . 2012-04-04 18:45 ——– d—–w- c:\program files\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 14:00 . 2012-01-27 00:04 472864 —-a-w- c:\windows\system32\deployJava1.dll
2012-04-24 15:18 . 2012-01-02 12:30 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-26 22:22 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 —-a-w- c:\windows\system32\GPhotos.scr
2012-03-19 16:12 . 2012-03-19 16:12 43520 —-a-w- c:\windows\system32\CmdLineExt03.dll
2012-02-23 08:18 . 2009-10-03 10:11 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 12:12 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 12:12 160768 —-a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 12:12 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 12:12 683008 —-a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 12:12 1068544 —-a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 12:12 2044416 —-a-w- c:\windows\system32\win32k.sys
2012-04-27 14:13 . 2012-01-26 23:40 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe”
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“NDSTray.exe”=“NDSTray.exe”
“Toshiba TEMPO”=“c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe”
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE”
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe”
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe”
“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe”
“Camera Assistant Software”=“c:\program files\Camera Assistant Software for Toshiba\traybar.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.youtube.nl/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Read with DeskBot
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sk7a1w3y.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111358
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.hardId - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 15:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????6~^????P?V?x?V???V???V??
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:d2,59,b8,ae,28,36,d0,a5,22,40,7c,a1,55,a3,ea,3d,c1,3e,43,1a,08,
b7,a6,8d,56,62,ea,7b,33,02,71,c9,27,55,ec,c7,fc,9f,b7,77,4e,c1,e6,4a,09,c7,\
“rkeysecu”=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2012-04-29 15:07:23
ComboFix-quarantined-files.txt 2012-04-29 13:07
ComboFix2.txt 2012-04-27 23:05
ComboFix3.txt 2012-04-27 18:49
ComboFix4.txt 2012-04-27 18:35
ComboFix5.txt 2012-04-29 12:53
.
Pre-Run: 92.264.529.920 bytes beschikbaar
Post-Run: 91.915.108.352 bytes beschikbaar
.
- - End Of File - - 0730E05FEEFDE6903A5B46E9833F356D
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:10:52, on 29-4-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: NDSTray.exe
O4 - HKLM\..\Run: C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: “C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” /start
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: “C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User ‘Default user’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 9712 bytes
Gr Ed.
Hallo eduard,
Wil je dit deel nog eens uitvoeren, maar doe het nu in “veilige modus” :
Open een kladblokbestand.
Kopieer en plak daarin de onderstaande vetgedrukte tekst.
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sk7a1w3y.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111358
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.hardId - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef – sst
Sla dit bestand op je bureaublad op als CFScript.
Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende bericht en vertel erbij hoe het met je pc gaat.
Gr.Ben
Hier logje in veilige modus maar ik zie dat nog staan.
ComboFix 12-04-27.01 - Sam 29-04-2012 19:15:49.8.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.2467
Gestart vanuit: c:\users\Sam\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Sam\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-28 to 2012-04-29 ))))))))))))))))))))))))))))))
.
.
2012-04-29 17:21 . 2012-04-29 17:21 ——– d—–w- c:\users\Sam\AppData\Local\temp
2012-04-29 17:21 . 2012-04-29 17:21 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-04-29 17:21 . 2012-04-29 17:21 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-27 18:51 . 2012-04-27 18:52 ——– d—–w- C:\TDSSStarter
2012-04-27 14:13 . 2012-04-27 14:13 ——– d—–w- c:\program files\Mozilla Maintenance Service
2012-04-27 14:13 . 2012-04-27 14:13 157352 —-a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 14:13 . 2012-04-27 14:13 129976 —-a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-27 14:01 . 2012-04-27 14:01 ——– d—–w- c:\program files\Common Files\Java
2012-04-27 14:00 . 2012-04-27 14:00 476960 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-04-27 09:19 . 2012-04-13 07:36 6734704 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6896CF6C-BB78-4066-BDD3-AF9D445BF380}\mpengine.dll
2012-04-26 18:15 . 2012-04-26 18:15 ——– d—–w- c:\users\Sam\AppData\Roaming\PeerNetworking
2012-04-25 19:04 . 2012-04-25 19:04 ——– d—–w- c:\users\Sam\AppData\Local\Rockstar Games
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\windows\system32\xlive
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\program files\Microsoft Games for Windows - LIVE
2012-04-24 14:40 . 2012-04-24 14:40 ——– d—–w- c:\programdata\McAfee
2012-04-24 14:40 . 2012-04-24 15:18 418464 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 14:06 . 2004-01-06 07:43 188416 —-a-w- c:\program files\eax.dll
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\text
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\ReadMe
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\movies
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\AutoRunSource
2012-04-18 14:06 . 2008-06-14 13:22 122368 —-a-w- c:\program files\cleo.asi
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\data
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\anim
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\CLEO
2012-04-18 14:03 . 2012-04-18 14:05 ——– d—–w- c:\program files\models
2012-04-18 14:01 . 2012-04-18 14:01 ——– d—–w- c:\program files\audio
2012-04-15 19:34 . 2012-04-15 19:34 ——– d—–w- c:\program files\Alcohol Soft
2012-04-15 19:30 . 2012-04-15 19:30 477240 —-a-w- c:\windows\system32\drivers\sptd.sys
2012-04-12 13:37 . 2012-02-28 01:58 141112 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 13:37 . 2012-02-28 01:03 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2012-04-12 11:40 . 2012-03-01 11:01 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 19:49 . 2012-04-09 19:49 ——– d—–w- c:\programdata\Premium
2012-04-09 19:49 . 2012-04-09 19:50 ——– d—–w- c:\program files\Optimizer Pro
2012-04-09 19:48 . 2012-04-09 19:49 ——– d—–w- c:\programdata\InstallMate
2012-04-09 17:18 . 1998-10-29 14:45 306688 —-a-w- c:\windows\IsUninst.exe
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-04-04 18:50 . 2012-04-04 18:50 ——– d—–w- c:\program files\QuickTime
2012-04-04 18:45 . 2012-04-04 18:45 ——– d—–w- c:\program files\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 14:00 . 2012-01-27 00:04 472864 —-a-w- c:\windows\system32\deployJava1.dll
2012-04-24 15:18 . 2012-01-02 12:30 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-26 22:22 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 —-a-w- c:\windows\system32\GPhotos.scr
2012-03-19 16:12 . 2012-03-19 16:12 43520 —-a-w- c:\windows\system32\CmdLineExt03.dll
2012-02-23 08:18 . 2009-10-03 10:11 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 12:12 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 12:12 160768 —-a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 12:12 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 12:12 683008 —-a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 12:12 1068544 —-a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 12:12 2044416 —-a-w- c:\windows\system32\win32k.sys
2012-04-27 14:13 . 2012-01-26 23:40 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe”
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“NDSTray.exe”=“NDSTray.exe”
“Toshiba TEMPO”=“c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe”
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE”
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe”
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe”
“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe”
“Camera Assistant Software”=“c:\program files\Camera Assistant Software for Toshiba\traybar.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - ECACHE
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.youtube.nl/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Read with DeskBot
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sk7a1w3y.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111358
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.hardId - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 19:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????6~^????P?V?x?V???V???V??
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:d2,59,b8,ae,28,36,d0,a5,22,40,7c,a1,55,a3,ea,3d,c1,3e,43,1a,08,
b7,a6,8d,56,62,ea,7b,33,02,71,c9,27,55,ec,c7,fc,9f,b7,77,4e,c1,e6,4a,09,c7,\
“rkeysecu”=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2012-04-29 19:26:13
ComboFix-quarantined-files.txt 2012-04-29 17:26
ComboFix2.txt 2012-04-29 13:07
ComboFix3.txt 2012-04-27 23:05
ComboFix4.txt 2012-04-27 18:49
ComboFix5.txt 2012-04-29 17:13
.
Pre-Run: 94.923.554.816 bytes beschikbaar
Post-Run: 94.844.690.432 bytes beschikbaar
.
- - End Of File - - CA14A6F0667198EF49E9E8185065F30A
Gr Ed.
alle problemen zijn nu weg.
hier weer combolog.
ComboFix 12-04-27.01 - Sam 29-04-2012 20:40:55.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.1842
Gestart vanuit: c:\users\Sam\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-28 to 2012-04-29 ))))))))))))))))))))))))))))))
.
.
2012-04-29 18:49 . 2012-04-29 18:50 ——– d—–w- c:\users\Sam\AppData\Local\temp
2012-04-29 18:49 . 2012-04-29 18:49 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-27 18:51 . 2012-04-27 18:52 ——– d—–w- C:\TDSSStarter
2012-04-27 14:01 . 2012-04-27 14:01 ——– d—–w- c:\program files\Common Files\Java
2012-04-27 14:00 . 2012-04-27 14:00 476960 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-04-27 09:19 . 2012-04-13 07:36 6734704 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6896CF6C-BB78-4066-BDD3-AF9D445BF380}\mpengine.dll
2012-04-26 18:15 . 2012-04-26 18:15 ——– d—–w- c:\users\Sam\AppData\Roaming\PeerNetworking
2012-04-25 19:04 . 2012-04-25 19:04 ——– d—–w- c:\users\Sam\AppData\Local\Rockstar Games
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\windows\system32\xlive
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\program files\Microsoft Games for Windows - LIVE
2012-04-24 14:40 . 2012-04-24 15:18 418464 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 14:06 . 2004-01-06 07:43 188416 —-a-w- c:\program files\eax.dll
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\ReadMe
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\movies
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\AutoRunSource
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\data
2012-04-18 14:01 . 2012-04-18 14:01 ——– d—–w- c:\program files\audio
2012-04-15 19:34 . 2012-04-15 19:34 ——– d—–w- c:\program files\Alcohol Soft
2012-04-15 19:30 . 2012-04-15 19:30 477240 —-a-w- c:\windows\system32\drivers\sptd.sys
2012-04-12 13:37 . 2012-02-28 01:58 141112 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 13:37 . 2012-02-28 01:03 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2012-04-12 11:40 . 2012-03-01 11:01 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 19:49 . 2012-04-09 19:49 ——– d—–w- c:\programdata\Premium
2012-04-09 19:49 . 2012-04-09 19:50 ——– d—–w- c:\program files\Optimizer Pro
2012-04-09 19:48 . 2012-04-09 19:49 ——– d—–w- c:\programdata\InstallMate
2012-04-09 17:18 . 1998-10-29 14:45 306688 —-a-w- c:\windows\IsUninst.exe
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-04-04 18:50 . 2012-04-04 18:50 ——– d—–w- c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 14:00 . 2012-01-27 00:04 472864 —-a-w- c:\windows\system32\deployJava1.dll
2012-04-24 15:18 . 2012-01-02 12:30 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-26 22:22 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 —-a-w- c:\windows\system32\GPhotos.scr
2012-03-19 16:12 . 2012-03-19 16:12 43520 —-a-w- c:\windows\system32\CmdLineExt03.dll
2012-02-23 08:18 . 2009-10-03 10:11 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 12:12 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 12:12 160768 —-a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 12:12 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 12:12 683008 —-a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 12:12 1068544 —-a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 12:12 2044416 —-a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_14.30.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2012-04-29 18:01 84306 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-04-29 18:01 79430 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-10 14:11 . 2012-04-29 18:01 20876 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3680711391-1704969418-1022348306-1000_UserData.bin
+ 2009-04-10 14:09 . 2012-04-29 17:59 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-10 14:09 . 2012-04-27 13:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-10 14:09 . 2012-04-29 17:59 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-10 14:09 . 2012-04-27 13:57 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-10 14:09 . 2012-04-27 13:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-10 14:09 . 2012-04-29 17:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2012-04-29 18:11 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2012-04-15 20:24 51200 c:\windows\inf\infpub.dat
+ 2012-04-29 17:58 . 2012-04-29 17:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-27 09:10 . 2012-04-27 09:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-27 09:10 . 2012-04-27 09:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-29 17:58 . 2012-04-29 17:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-10 15:40 . 2012-04-29 12:48 320488 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-01-21 06:47 . 2012-04-27 13:58 677188 c:\windows\System32\perfh013.dat
+ 2008-01-21 06:47 . 2012-04-29 18:04 677188 c:\windows\System32\perfh013.dat
- 2006-11-02 10:33 . 2012-04-27 13:58 595996 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2012-04-29 18:04 595996 c:\windows\System32\perfh009.dat
+ 2008-01-21 06:47 . 2012-04-29 18:04 130186 c:\windows\System32\perfc013.dat
- 2008-01-21 06:47 . 2012-04-27 13:58 130186 c:\windows\System32\perfc013.dat
+ 2006-11-02 10:33 . 2012-04-29 18:04 104070 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2012-04-27 13:58 104070 c:\windows\System32\perfc009.dat
- 2011-04-10 13:31 . 2012-04-26 20:59 387700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-10 13:31 . 2012-04-29 17:57 387700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2006-11-02 10:25 . 2012-04-29 18:11 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2012-04-15 20:24 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2012-04-15 20:24 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2012-04-29 18:11 143360 c:\windows\inf\infstor.dat
- 2010-07-17 12:42 . 2012-04-26 20:59 5900664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-07-17 12:42 . 2012-04-29 17:57 5900664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-10 13:31 . 2012-04-29 17:57 3422660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3680711391-1704969418-1022348306-1000-8192.dat
- 2011-04-10 13:31 . 2012-04-26 20:59 3422660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3680711391-1704969418-1022348306-1000-8192.dat
+ 2011-04-24 19:33 . 2012-04-29 17:57 2974380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3680711391-1704969418-1022348306-1000-12288.dat
- 2011-04-24 19:33 . 2012-04-26 20:59 2974380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3680711391-1704969418-1022348306-1000-12288.dat
+ 2011-04-10 13:31 . 2012-04-29 17:57 16418708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3680711391-1704969418-1022348306-1000-4096.dat
+ 2009-05-17 12:32 . 2012-04-29 18:18 310046230 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe”
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“NDSTray.exe”=“NDSTray.exe”
“Toshiba TEMPO”=“c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe”
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE”
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe”
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe”
“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
2008-04-29 08:33 417792 —-a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.youtube.nl/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Read with DeskBot
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 20:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????6~^????P?V?x?V???V???V??
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:d2,59,b8,ae,28,36,d0,a5,22,40,7c,a1,55,a3,ea,3d,c1,3e,43,1a,08,
b7,a6,8d,56,62,ea,7b,33,02,71,c9,27,55,ec,c7,fc,9f,b7,77,4e,c1,e6,4a,09,c7,\
“rkeysecu”=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2012-04-29 20:58:12
ComboFix-quarantined-files.txt 2012-04-29 18:58
ComboFix2.txt 2012-04-29 17:26
ComboFix3.txt 2012-04-29 13:07
ComboFix4.txt 2012-04-27 23:05
ComboFix5.txt 2012-04-29 18:39
.
Pre-Run: 92.205.887.488 bytes beschikbaar
Post-Run: 92.170.108.928 bytes beschikbaar
.
- - End Of File - - DB7A1FB4FA730B1D080DF6B9046220A5
Gr Ed.
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
