geertje1983

26 april 2011

Open een kladblokbestand.
Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\geertje\AppData\Local\{3ED83FF4-E4DC-44F7-B38E-FC56DF7C9AD6}

c:\users\geertje\AppData\Local\{332469B8-CE34-49E4-BBE3-9FBBFFE51F11}

c:\users\geertje\AppData\Local\{0904F79F-A67B-4DDA-8C2A-AB05EB5F4A51}

c:\users\geertje\AppData\Local\{0FDB8381-B1CB-49F7-AF01-DB8594F690F2}

c:\users\geertje\AppData\Local\{BC2B9717-7286-46E0-9381-05173635FCDB}

c:\users\geertje\AppData\Local\{35E25983-60D1-446D-843B-A4ACFA849A96}

c:\users\geertje\AppData\Local\{E5DCA1AF-4836-4CD1-804A-68E5EA0CB06B}

c:\users\geertje\AppData\Local\{35421345-D70F-4501-9A97-828EBAE710BB}

c:\users\geertje\AppData\Local\{3663E81A-E563-498B-A961-4318C99C7796}

c:\users\geertje\AppData\Local\{B2EECEB8-DAA0-4027-B45E-13939DAB6D24}

c:\users\geertje\AppData\Local\{8CDF2C7F-9B2D-4A5F-BFE9-37E924F76132}

c:\users\geertje\AppData\Local\{EFB2C5E3-1AF2-4DD2-921A-3107BC1B1C06}

c:\users\geertje\AppData\Local\{BACC3B7D-6D64-4CBD-8772-DE44522B4550}

c:\users\geertje\AppData\Local\{85026AE4-BE84-4774-8E74-773388DAFBB1}

c:\users\geertje\AppData\Local\{E37394C7-A1DD-439A-9284-DB786A5853C2}

c:\users\geertje\AppData\Local\{9A81434D-25B2-479C-A441-31E49EA21737}

c:\users\geertje\AppData\Local\{76790B06-B4C4-4287-8F5B-1F714F16A7D4}

c:\users\geertje\AppData\Local\{4FC66EDD-513D-4A79-BFE8-CA22ADD42CF2}

c:\users\geertje\AppData\Local\{064FB34E-87E4-43F9-9E4F-8E51ACC8DE1E}

c:\users\geertje\AppData\Local\{F6407CC1-BC60-438F-90F4-E3F8A5329402}

c:\users\geertje\AppData\Local\{980E8CAC-EB5B-4C13-A47D-25AEBD7D3CE4}

c:\users\geertje\AppData\Local\{0FD0BA6A-35C2-4B07-AEC1-DBA2EF82838C}

c:\users\geertje\AppData\Local\{233E8C5A-16FB-4A4B-B6EE-042881E63F6C}

c:\users\geertje\AppData\Local\{1E479293-B171-4440-B33E-6E0E656231F0}

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

okee dit gedeelte had ik even gemist, dus deze stap alsnog gedaan en hier dus het logbestandje:

---------- Post toegevoegd om 01:15 ---------- Vorige post was om 01:00 ----------

ComboFix 11-04-26.02 - geertje 27-04-2011 1:01.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.2039 [GMT 2:00]

Gestart vanuit: c:\users\geertje\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-26 to 2011-04-26 ))))))))))))))))))))))))))))))

.

2011-04-26 23:07 . 2011-04-26 23:07 -------- d-----w- c:\users\geertje\AppData\Local\temp

2011-04-26 23:07 . 2011-04-26 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-26 16:27 . 2011-04-26 16:28 -------- d-----w- c:\users\geertje\AppData\Local\{412DACDA-1BE3-4BA1-9E48-C6C7491EF800}

2011-04-25 20:52 . 2011-04-25 20:52 -------- d-----w- c:\users\geertje\AppData\Local\{4E60E316-DA45-40CC-81A4-7DA21589CBA1}

2011-04-25 08:51 . 2011-04-25 08:51 -------- d-----w- c:\users\geertje\AppData\Local\{301CA1F8-A5DE-4F6C-A06A-E498ABCE9F57}

2011-04-24 12:08 . 2011-04-24 12:09 -------- d-----w- c:\users\geertje\AppData\Local\{88D39B5A-E349-43C1-B5C9-65AB7D9E4B73}

2011-04-23 21:58 . 2011-04-23 21:58 -------- d-----w- c:\windows\Sun

2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\users\geertje\AppData\Roaming\Malwarebytes

2011-04-22 22:01 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\programdata\Malwarebytes

2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-22 22:01 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-22 12:10 . 2011-04-22 13:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-04-22 12:10 . 2011-04-22 12:10 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-04-22 11:56 . 2011-04-22 11:56 388096 ----a-r- c:\users\geertje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-04-22 11:56 . 2011-04-22 11:56 -------- d-----w- c:\program files\Trend Micro

2011-04-22 10:32 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC904EE1-B0AF-4D12-9B0B-3342D57F9B64}\mpengine.dll

2011-04-20 16:37 . 2011-04-20 16:37 -------- d-----w- c:\users\geertje\AppData\Local\ElevatedDiagnostics

2011-04-20 16:36 . 2011-04-20 16:36 -------- d-----w- c:\program files\Microsoft ATS

2011-04-20 10:52 . 2011-04-20 10:52 -------- d-----w- c:\users\geertje\AppData\Roaming\Unity

2011-04-19 19:21 . 2011-04-24 12:07 -------- d-----w- c:\users\geertje\AppData\Local\Unity

2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-04-12 22:51 . 2011-04-12 22:51 -------- d-----w- c:\program files\Common Files\xing shared

2011-04-12 22:51 . 2011-04-13 12:23 -------- d-----w- c:\program files\Real

2011-04-12 11:03 . 2011-04-12 11:03 -------- d-----w- c:\users\geertje\AppData\Roaming\ScanToPDF_4

2011-04-12 10:29 . 2011-04-12 10:29 -------- d-----w- c:\program files\O Imaging Corporation

2011-04-09 21:25 . 2011-04-10 20:04 -------- d-----w- c:\program files\Fiddler2

2011-04-05 19:22 . 2011-04-05 19:22 -------- d-----w- c:\users\geertje\AppData\Roaming\Printer's Apprentice

2011-04-05 19:22 . 2011-04-05 19:22 -------- d-----w- c:\programdata\Printer's Apprentice

2011-04-05 19:21 . 2011-04-05 19:21 -------- d-----w- c:\users\geertje\AppData\Local\Caphyon

2011-04-05 18:35 . 2011-04-05 18:36 -------- d-----w- c:\program files\Windows Live

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-12 22:51 . 2009-01-14 22:28 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-04-12 22:51 . 2009-01-14 22:28 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-04-05 18:37 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-19 10:49 . 2010-11-20 23:19 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-02-22 14:13 . 2011-03-23 09:29 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-22 13:33 . 2011-03-23 09:29 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-02-22 13:33 . 2011-03-23 09:29 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-02-02 16:11 . 2009-12-23 12:48 222080 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2009-08-28 11:57 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]

2009-04-27 16:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]

2009-07-06 13:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 136176]

R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/06 14:52];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-08-28 11:57 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-04-26 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-11-10 09:47]

.

2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 10:41]

.

2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 10:41]

.

2011-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

.

2011-04-26 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.facebook.com/home.php?ref=hp

IE: E&xporteren naar Microsoft Excel

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-27 01:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2011-04-27 01:08:27

ComboFix-quarantined-files.txt 2011-04-26 23:08

ComboFix2.txt 2011-04-26 22:46

ComboFix3.txt 2011-04-23 21:46

.

Pre-Run: 145.565.863.936 bytes beschikbaar

Post-Run: 145.532.203.008 bytes beschikbaar

.

- - End Of File - - 87C1364B7032CF02C981A66D01C039EA

26 april 2011

in feite is er nog niets verbeterd. eigenlijk zelfs eerder verslechterd.

voordat ik wow ga spelen, wil ik eerst curse opstarten om mijn addons te updaten, maar het duurt nu onwijs lang voordat curse opgestart is.

dus wat nu?

23 april 2011

ComboFix 11-04-23.01 - geertje 23-04-2011 23:34:06.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.2069 [GMT 2:00]

Gestart vanuit: c:\users\geertje\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\PCDr\5744\Downloads\162088e9-0b41-471a-947d-e6bfb7774266.dll

c:\programdata\PCDr\5744\Downloads\26671a7e-758b-4293-8191-e6b81368d7ac.dll

c:\programdata\PCDr\5744\Downloads\2da1393a-9d2c-436b-a660-c3dd133e9836.dll

c:\programdata\PCDr\5744\Downloads\3060b7ae-c612-4b71-be9a-0721727ba831.dll

c:\programdata\PCDr\5744\Downloads\38db339b-86cf-40c4-86da-57495513b374.dll

c:\programdata\PCDr\5744\Downloads\3abc4f65-3752-4824-83cd-674c30d9f41c.dll

c:\programdata\PCDr\5744\Downloads\4128ef4c-5308-415e-947b-b523a115be2d.dll

c:\programdata\PCDr\5744\Downloads\48edbc2f-6595-43d2-a911-c3713e9b499f.dll

c:\programdata\PCDr\5744\Downloads\4b07fd4d-6cb2-4166-8e08-7e3d0fb96a24.dll

c:\programdata\PCDr\5744\Downloads\5f66a5f6-96e8-487a-b1da-d49f4e9f0813.dll

c:\programdata\PCDr\5744\Downloads\61963b16-da7a-4faf-ba6b-14eb102d0df8.dll

c:\programdata\PCDr\5744\Downloads\654e4133-96c6-421b-9240-26a29538de3f.dll

c:\programdata\PCDr\5744\Downloads\69bf7709-6da5-40eb-b648-3731ebda143c.dll

c:\programdata\PCDr\5744\Downloads\69df3b5e-bee6-4786-8070-a683635a81cd.dll

c:\programdata\PCDr\5744\Downloads\70b66070-48fe-4fad-ac33-5f17042d5ee7.dll

c:\programdata\PCDr\5744\Downloads\7cfc7ddb-2ff0-41ad-a5d7-3e2c7c6da278.dll

c:\programdata\PCDr\5744\Downloads\890823c6-b297-4c5e-8839-80468e0508dc.dll

c:\programdata\PCDr\5744\Downloads\920b4bdb-56cb-44d8-b977-2de6535367f0.dll

c:\programdata\PCDr\5744\Downloads\94c1bf6e-ecf1-4c5d-ad15-1b8540879958.dll

c:\programdata\PCDr\5744\Downloads\a12cd2ff-9e6d-4d89-a010-63188cb6a861.dll

c:\programdata\PCDr\5744\Downloads\a2f393bb-92a1-4fda-a382-66896efa06dd.dll

c:\programdata\PCDr\5744\Downloads\b0ad9f03-890a-4558-bcd7-38c10ea44def.dll

c:\programdata\PCDr\5744\Downloads\c6bcc260-2097-4f4f-a0c3-098183f01ac5.dll

c:\programdata\PCDr\5744\Downloads\db49fe36-7c40-41f5-b9c1-5a7c3297c269.dll

c:\programdata\PCDr\5744\Downloads\db760e79-da96-4a2b-a687-8256c6e72fb6.dll

c:\programdata\PCDr\5744\Downloads\e3d50fea-9128-4ef0-9ea5-b4d74186612f.dll

c:\programdata\PCDr\5744\Downloads\f6b10855-5837-4857-9c20-c7b6a6dc2589.dll

c:\windows\Fonts\Eurosymb.TTF

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-23 to 2011-04-23 ))))))))))))))))))))))))))))))

.

2011-04-23 21:39 . 2011-04-23 21:39 -------- d-----w- c:\users\geertje\AppData\Local\temp

2011-04-23 11:07 . 2011-04-23 11:08 -------- d-----w- c:\users\geertje\AppData\Local\{3ED83FF4-E4DC-44F7-B38E-FC56DF7C9AD6}