Ga naar inhoud

foutmeldingen 7000 (2x) 7001(1x) 7024 (1x) en 5727 (1x)

jovadesa

Door jovadesa
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

Dit was heel spannend.

Hier is het logje:

ComboFix 12-03-04.02 - Jose 05-03-2012 17:11:50.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1271.899 [GMT 1:00]

Gestart vanuit: F:\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Jose\WINDOWS

c:\windows\$NtUninstallKB10938$

c:\windows\$NtUninstallKB10938$\1014830791\@

c:\windows\$NtUninstallKB10938$\1014830791\cfg.ini

c:\windows\$NtUninstallKB10938$\1014830791\Desktop.ini

c:\windows\$NtUninstallKB10938$\1014830791\L\inidfaom

c:\windows\$NtUninstallKB10938$\1014830791\twl.dll

c:\windows\$NtUninstallKB10938$\1014830791\U\00000001.@

c:\windows\$NtUninstallKB10938$\1014830791\U\00000002.@

c:\windows\$NtUninstallKB10938$\1014830791\U\00000004.@

c:\windows\$NtUninstallKB10938$\1014830791\U\80000000.@

c:\windows\$NtUninstallKB10938$\1014830791\U\80000004.@

c:\windows\$NtUninstallKB10938$\1014830791\U\80000032.@

c:\windows\$NtUninstallKB10938$\1014830791\version

c:\windows\$NtUninstallKB10938$\4141883729

c:\windows\bwUnin-6.1.4.68-8876480L.exe

c:\windows\bwUnin-8.1.1.50-8876480SL.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\fa74c3bc18af0ec9.fb

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-05 to 2012-03-05 ))))))))))))))))))))))))))))))

.

.

2012-03-05 15:27 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8412B9EE-08EC-4823-ABAA-EC33E22B730C}\mpengine.dll

2012-03-03 09:24 . 2012-03-03 09:24 -------- d-----w- c:\documents and settings\Administrator

2012-03-01 11:02 . 2012-03-01 11:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-03-01 10:25 . 2012-03-01 10:25 388096 ----a-r- c:\documents and settings\Jose\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-01 10:14 . 2012-03-01 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-01 10:14 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 10:08 . 2012-03-01 10:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-01 10:08 . 2012-03-01 10:08 -------- dc----w- C:\57255c7cc5b1e0d07f575308bdab666e

2012-02-26 15:55 . 2012-03-03 09:50 -------- d--h--r- c:\documents and settings\Jose\Onlangs geopend

2012-02-26 15:23 . 2012-03-05 15:44 -------- d-----w- c:\windows\system32\NtmsData

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\windows\system32\XPSViewer

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\MSBuild

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\Reference Assemblies

2012-02-26 12:05 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2012-02-26 12:05 . 2012-02-26 12:05 -------- dc----w- C:\4da5d0dd4954463fea399027b2ba

2012-02-26 11:40 . 2012-02-26 11:40 -------- d-----w- c:\documents and settings\Jose\Local Settings\Application Data\Wajam

2012-02-26 11:37 . 2012-02-26 11:37 -------- d-----w- c:\documents and settings\Jose\Application Data\BabylonToolbar

2012-02-26 10:55 . 2012-02-26 10:55 -------- d-----w- c:\documents and settings\Jose\Application Data\Topckit

2012-02-26 10:45 . 2012-02-26 10:46 -------- d-----w- c:\documents and settings\Jose\Local Settings\Application Data\Conduit

2012-02-26 10:45 . 2012-02-29 11:11 -------- d-----w- c:\documents and settings\Jose\Local Settings\Application Data\Soft-Search

2012-02-26 10:45 . 2012-02-26 10:45 -------- d-----w- c:\program files\Conduit

2012-02-26 10:45 . 2012-02-29 15:57 -------- d-----w- c:\program files\Soft-Search

2012-02-25 17:37 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-24 19:52 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-24 19:48 . 2012-02-24 19:49 -------- d-----w- c:\program files\Microsoft Security Client

2012-02-24 16:15 . 2012-02-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-02-05 15:36 . 2012-02-24 18:13 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-24 18:07 . 2012-01-24 18:04 16976 ----a-w- c:\windows\system32\drivers\10E14.SYS

2012-01-12 17:20 . 2004-09-14 08:38 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:42 . 2004-09-14 08:38 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2004-09-14 08:38 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2004-09-14 08:38 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2004-09-14 08:38 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^dlbcserv.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\dlbcserv.lnk

backup=c:\windows\pss\dlbcserv.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^SpeedTouch 121g Wireless USB Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\SpeedTouch 121g Wireless USB Monitor.lnk

backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]

c:\windows\system32\WLTRAY [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 09:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-09-01 17:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-07-19 10:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-07-19 10:10 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-07-19 10:09 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

2004-07-02 14:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-09-09 23:19 393216 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-18 09:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-27 17:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-06-24 06:36 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R1 10e14;xf9poa4vaz.exe;c:\windows\system32\drivers\10E14.SYS [24-1-2012 19:04 16976]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1-3-2012 11:14 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1-3-2012 11:14 20464]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]

S1 11e8f;79bjm5me7g.exe;\??\c:\windows\system32\drivers\11e8f.sys --> c:\windows\system32\drivers\11e8f.sys [?]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [13-2-2010 16:39 357568]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [8-10-2008 9:57 3328]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 17:55]

.

2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2012-03-05 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2012-03-05 c:\windows\Tasks\User_Feed_Synchronization-{56A91E46-6A24-4EEB-AD2C-ED8EA2FA3525}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080

uInternet Settings,ProxyOverride = localhost

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-Broadcom Wireless Manager UI - c:\windows\system32\WLTRAY.exe

AddRemove-BDE - c:\program files\Borland\BDE\DeIsL6.isu

AddRemove-FileHippo.com - c:\program files\FileHippo.com\uninstall.exe

AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\16.0.912.75\Installer\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-05 17:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(768)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(2268)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Windows Media Player\WMPNetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2012-03-05 17:25:03 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-05 16:24

ComboFix2.txt 2009-04-02 18:12

.

Pre-Run: 21.648.928.768 bytes beschikbaar

Post-Run: 21.615.898.624 bytes beschikbaar

.

- - End Of File - - 2433E543C43408E1B4B7A2A90A52C8B0

groetjes jovadesa

Link naar reactie
Delen op andere sites
  • Reacties 89
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

genoemde C;\Document and settings/ josé geopend, maar geen local settings enz. gevonden, noch wajam of Topckit.

Niet bekend of we deze mappen nodig hebben, volgens ons niet

de mappen local settings en application data zijn niet te vinden.

Wel heb ik een map gevonden met nummer 57255c7cc5b1e0d07f575308b... met daarin 25 mappen genummerd, maar allemaal leeg.

In de logboeken zijn nog wel foute gebeurtenissen vermeld.

in toepassingen : 3x fout 5000

in systeem 7026, 7022,7000 7000 7009 7000 7001 7024 5727 5727

en 2x waarschuwing 20169

groetjes jovadesa

Link naar reactie
Delen op andere sites
Kurtt Grootmeester

Kurtt

Geplaatst:
Geplaatst:
genoemde C;\Document and settings/ josé geopend, maar geen local settings enz. gevonden, noch wajam of Topckit.

Niet bekend of we deze mappen nodig hebben, volgens ons niet

de mappen local settings en application data zijn niet te vinden.

Om die mappen te kunnen "zien" moet je hetvolgende doen:

Open de Windows verkenner (Via Deze computer of Windows-toets + E)

Ga naar Extra > Map opties > tabblad Weergave

Scroll in het venster naar Verborgen bestanden en mappen

Selecteer de optie Verborgen bestanden en mappen weergeven

Klik op Toepassen > OK

Zie je nu die mappen in c:\documents and settings\Jose\ ............. ?

Link naar reactie
Delen op andere sites
jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

Beide mappen gevonden en verwijderd.

Weet niet of ik deze optimizer ooit heb geïnstalleerd, maar zou best kunnen.

Nu dus verwijderd.

Wajam is evenmin bekend, maar ook nu verwijderd.

bij logboek systeem in het vorige bericht vervallen nu nr 7026 en 7022; rest blijft als foutmelding bestaan.

bij logboek toepassingen is fout 5000 verdwenen.

groetjes jovadesa

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Kijk ook eens bij configuratiescherm - programma's of daar iets te vinden is van wajam of Topckit en verwijder het zo nodig.

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\57255c7cc5b1e0d07f575308bdab666e

C:\4da5d0dd4954463fea399027b2ba

c:\documents and settings\Jose\Application Data\BabylonToolbar

c:\documents and settings\Jose\Local Settings\Application Data\Conduit

c:\program files\Conduit

File::

c:\windows\system32\drivers\10E14.SYS

C:\Documents and Settings\Jose\xf9poa4vaz.exe

C:\Documents and Settings\All Users\xf9poa4vaz.exe

c:\windows\system32\drivers\11e8f.sys

C:\Documents and Settings\Jose\79bjm5me7g.exe

C:\Documents and Settings\All Users\79bjm5me7g.exe

C:\ProgramData\79bjm5me7g.exe

Drivers::

10E14

11e8f

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites
jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

actie uitgevoerd.

hierbij het nieuwe Logbestand

ComboFix 12-03-04.02 - Jose 07-03-2012 15:20:01.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1271.811 [GMT 1:00]

Gestart vanuit: F:\ComboFix.exe

gebruikte Opdracht switches :: F:\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\documents and settings\All Users\79bjm5me7g.exe"

"c:\documents and settings\All Users\xf9poa4vaz.exe"

"c:\documents and settings\Jose\79bjm5me7g.exe"

"c:\documents and settings\Jose\xf9poa4vaz.exe"

"c:\programdata\79bjm5me7g.exe"

"c:\windows\system32\drivers\10E14.SYS"

"c:\windows\system32\drivers\11e8f.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\4da5d0dd4954463fea399027b2ba

c:\4da5d0dd4954463fea399027b2ba\amd64\filterpipelineprintproc.dll

c:\4da5d0dd4954463fea399027b2ba\amd64\msxpsdrv.cat

c:\4da5d0dd4954463fea399027b2ba\amd64\msxpsdrv.inf

c:\4da5d0dd4954463fea399027b2ba\amd64\msxpsinc.gpd

c:\4da5d0dd4954463fea399027b2ba\amd64\msxpsinc.ppd

c:\4da5d0dd4954463fea399027b2ba\amd64\mxdwdrv.dll

c:\4da5d0dd4954463fea399027b2ba\amd64\xpssvcs.dll

c:\4da5d0dd4954463fea399027b2ba\i386\filterpipelineprintproc.dll

c:\4da5d0dd4954463fea399027b2ba\i386\msxpsdrv.cat

c:\4da5d0dd4954463fea399027b2ba\i386\msxpsdrv.inf

c:\4da5d0dd4954463fea399027b2ba\i386\msxpsinc.gpd

c:\4da5d0dd4954463fea399027b2ba\i386\msxpsinc.ppd

c:\4da5d0dd4954463fea399027b2ba\i386\mxdwdrv.dll

c:\4da5d0dd4954463fea399027b2ba\i386\xpssvcs.dll

c:\documents and settings\Jose\Application Data\BabylonToolbar

c:\documents and settings\Jose\Local Settings\Application Data\Conduit

c:\documents and settings\Jose\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_836989_832792_NL.xml

c:\documents and settings\Jose\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml

c:\documents and settings\Jose\Local Settings\Application Data\Conduit\CT2442941\Soft-SearchAutoUpdaterHelper.exe

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\program files\Conduit\Community Alerts\Alert0.dll

c:\windows\system32\drivers\10E14.SYS

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_10e14

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-07 to 2012-03-07 ))))))))))))))))))))))))))))))

.

.

2012-03-06 18:12 . 2012-03-06 18:12 -------- d--h--r- c:\documents and settings\Jose\Onlangs geopend

2012-03-06 16:40 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49C7C0D2-3398-443B-B5FC-878E4608D14F}\mpengine.dll

2012-03-03 09:24 . 2012-03-03 09:24 -------- d-----w- c:\documents and settings\Administrator

2012-03-01 11:02 . 2012-03-01 11:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-03-01 10:25 . 2012-03-01 10:25 388096 ----a-r- c:\documents and settings\Jose\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-01 10:14 . 2012-03-01 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-01 10:14 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 10:08 . 2012-03-01 10:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-26 15:23 . 2012-03-05 15:44 -------- d-----w- c:\windows\system32\NtmsData

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\windows\system32\XPSViewer

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\MSBuild

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\Reference Assemblies

2012-02-26 12:05 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2012-02-26 10:45 . 2012-02-29 11:11 -------- d-----w- c:\documents and settings\Jose\Local Settings\Application Data\Soft-Search

2012-02-26 10:45 . 2012-02-29 15:57 -------- d-----w- c:\program files\Soft-Search

2012-02-25 17:37 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-24 19:52 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-24 19:48 . 2012-02-24 19:49 -------- d-----w- c:\program files\Microsoft Security Client

2012-02-24 16:15 . 2012-02-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 18:13 . 2012-02-05 15:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-01-12 17:20 . 2004-09-14 08:38 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:42 . 2004-09-14 08:38 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2004-09-14 08:38 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2004-09-14 08:38 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2004-09-14 08:38 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-05_16.21.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-07 14:29 . 2012-03-07 14:29 16384 c:\windows\temp\Perflib_Perfdata_c4.dat

- 2012-03-05 16:20 . 2012-03-05 16:20 16384 c:\windows\temp\Perflib_Perfdata_c4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^dlbcserv.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\dlbcserv.lnk

backup=c:\windows\pss\dlbcserv.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^SpeedTouch 121g Wireless USB Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\SpeedTouch 121g Wireless USB Monitor.lnk

backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]

c:\windows\system32\WLTRAY [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 09:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-09-01 17:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-07-19 10:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-07-19 10:10 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-07-19 10:09 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

2004-07-02 14:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-09-09 23:19 393216 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-18 09:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-27 17:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-06-24 06:36 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1-3-2012 11:14 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1-3-2012 11:14 20464]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]

S1 11e8f;79bjm5me7g.exe;\??\c:\windows\system32\drivers\11e8f.sys --> c:\windows\system32\drivers\11e8f.sys [?]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [13-2-2010 16:39 357568]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [8-10-2008 9:57 3328]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 17:55]

.

2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2012-03-07 c:\windows\Tasks\User_Feed_Synchronization-{56A91E46-6A24-4EEB-AD2C-ED8EA2FA3525}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080

uInternet Settings,ProxyOverride = localhost

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-07 15:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(768)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(2640)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Windows Media Player\WMPNetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2012-03-07 15:33:38 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-07 14:33

ComboFix2.txt 2012-03-05 16:25

ComboFix3.txt 2009-04-02 18:12

.

Pre-Run: 21.805.174.784 bytes beschikbaar

Post-Run: 21.736.476.672 bytes beschikbaar

.

- - End Of File - - 0DFB13F3691DF2B82BB02F94F8023ABE

Groetjes jovadesa

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Er is al heel wat opgeruimd maar deze is door de mazen van het net geglipt.

Start de pc op in veilige modus (met netwerk)

Open het bestand CFScript.txt

Vervang de inhoud door onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\11e8f.sys

C:\Documents and Settings\Jose\79bjm5me7g.exe

C:\Documents and Settings\All Users\79bjm5me7g.exe

C:\ProgramData\79bjm5me7g.exe

Drivers::

11e8f

Bewaar het bestand en sluit het kladblok af.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op in normale modus als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
jovadesa Bijdrager

jovadesa

Geplaatst:
  • Auteur
Geplaatst:

hierbij het nieuwe logbestand

ComboFix 12-03-04.02 - Administrator 07-03-2012 17:00:46.4.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1271.1000 [GMT 1:00]

Gestart vanuit: F:\ComboFix.exe

gebruikte Opdracht switches :: F:\CFScript2.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-07 to 2012-03-07 ))))))))))))))))))))))))))))))

.

.

2012-03-07 14:42 . 2012-03-07 14:42 -------- d--h--r- c:\documents and settings\Jose\Onlangs geopend

2012-03-07 14:34 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2C872DA-B31C-4B39-B88C-70C66B55C5D0}\mpengine.dll

2012-03-03 09:24 . 2012-03-03 09:24 -------- d-----w- c:\documents and settings\Administrator

2012-03-01 11:02 . 2012-03-01 11:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2012-03-01 10:25 . 2012-03-01 10:25 388096 ----a-r- c:\documents and settings\Jose\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-01 10:14 . 2012-03-01 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-01 10:14 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 10:08 . 2012-03-01 10:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-26 15:23 . 2012-03-05 15:44 -------- d-----w- c:\windows\system32\NtmsData

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\windows\system32\XPSViewer

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\MSBuild

2012-02-26 12:06 . 2012-02-26 12:06 -------- d-----w- c:\program files\Reference Assemblies

2012-02-26 12:05 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-02-26 12:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-02-26 12:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2012-02-26 10:45 . 2012-02-29 11:11 -------- d-----w- c:\documents and settings\Jose\Local Settings\Application Data\Soft-Search

2012-02-26 10:45 . 2012-02-29 15:57 -------- d-----w- c:\program files\Soft-Search

2012-02-25 17:37 . 2012-02-07 21:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-24 19:52 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-24 19:48 . 2012-02-24 19:49 -------- d-----w- c:\program files\Microsoft Security Client

2012-02-24 16:15 . 2012-02-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 18:13 . 2012-02-05 15:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-01-12 17:20 . 2004-09-14 08:38 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:42 . 2004-09-14 08:38 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2004-09-14 08:38 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2004-09-14 08:38 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2004-09-14 08:38 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^dlbcserv.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\dlbcserv.lnk

backup=c:\windows\pss\dlbcserv.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^SpeedTouch 121g Wireless USB Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\SpeedTouch 121g Wireless USB Monitor.lnk

backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]

c:\windows\system32\WLTRAY [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 09:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-09-01 17:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-07-19 10:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-07-19 10:10 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-07-19 10:09 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 14:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 14:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

2004-07-02 14:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-09-09 23:19 393216 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-18 09:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-27 17:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-06-24 06:36 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]

S1 11e8f;79bjm5me7g.exe;\??\c:\windows\system32\drivers\11e8f.sys --> c:\windows\system32\drivers\11e8f.sys [?]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1-3-2012 11:14 652360]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [13-2-2010 16:39 357568]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-11-2010 21:39 136176]

S3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [8-10-2008 9:57 3328]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1-3-2012 11:14 20464]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 17:55]

.

2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 20:38]

.

2012-03-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2012-03-07 c:\windows\Tasks\User_Feed_Synchronization-{56A91E46-6A24-4EEB-AD2C-ED8EA2FA3525}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.euro.dell.com

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-07 17:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(724)

c:\windows\System32\BCMLogon.dll

.

Voltooingstijd: 2012-03-07 17:07:58

ComboFix-quarantined-files.txt 2012-03-07 16:07

ComboFix2.txt 2012-03-07 14:33

ComboFix3.txt 2012-03-05 16:25

ComboFix4.txt 2009-04-02 18:12

.

Pre-Run: 23.063.306.240 bytes beschikbaar

Post-Run: 23.057.264.640 bytes beschikbaar

.

- - End Of File - - 9A0D805C146CD1EA499190192AA20D10

overigens blijven in het logboek systeem nog vele fouten staan.

groetjes jovadesa

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.