Mijn pc is hartstikke sloom.

clou · 16 november 2011

Kan iemand me nog verder helpen?

Asus · 16 november 2011

Kan iemand me nog verder helpen?

Als ik me niet vergis waren we hier gebleven :

Verwijder volgende vetgedrukte bestanden en mappen :
c:\windows\system32\sho152E.tmp

c:\windows\system32\shoA59.tmp

c:\windows\system32\sho4C8A.tmp

c:\windows\system32\shoA2A.tmp

c:\windows\system32\sho61F1.tmp

c:\windows\system32\sho63BA.tmp

c:\windows\system32\sho7405.tmp

c:\windows\system32\sho17AE.tmp

C:\found.000

Zet dan de opdracht sfc /scannow in het vak “uitvoeren” en laat dit runnen. Hou de Windows-CD bij de hand, want mogelijk wordt daar naar gevraagd.

Indien dit is uitgevoerd, mag je daarna een nieuw log met Combofix maken en in een volgend bericht hangen.

clou · 16 november 2011

Dat laaste heb ik al gedaan . Die scan hij sloot af zonder enig melding en volgens mij beteknd dat gewoon dat alles goed werkt.Ikga morgen ochtend die bestanden verwijderen. Wat zou er dannog moeten gebeuren ?

Asus · 17 november 2011

Wat zou er dannog moeten gebeuren ?

Zie post 19, die hierboven ook geciteerd werd :

Indien dit is uitgevoerd, mag je daarna een nieuw log met Combofix maken en in een volgend bericht hangen.

Asus · 22 november 2011

Dag clou,

hoe ver sta je met de productie van je nieuwe ComboFix-logje ?...

clou · 22 november 2011

Ik ben nog iets aan het uitvogelen met mijn hardeschijf want soms als ik me computer afsluit voor de volgende dag als ik hem dan opstart start hij niet op door mijn harde schijf omdat hij het nietkan lezen denk

Maar Ik zal vanmiddag mijn Logje erop zetten

Sorry voor deze misverstand

clou · 23 november 2011

ComboFix 11-11-23.01 - NieuweAccount 23-11-2011 19:10:50.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1013.556 [GMT 1:00]

Gestart vanuit: c:\documents and settings\NieuweAccount\Mijn documenten\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\srsvc.dll . . . is geïnfecteerd!!

.

c:\windows\system32\ntkrnlpa.exe . . . is geïnfecteerd!!

.

c:\windows\system32\ntoskrnl.exe . . . is geïnfecteerd!!

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-23 to 2011-11-23 ))))))))))))))))))))))))))))))

.

2011-11-22 12:10 . 2011-11-22 12:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0061-0409-0000-0000000FF1CE}

2011-11-22 12:08 . 2011-11-22 12:14 -------- d-----w- c:\documents and settings\NieuweAccount\Application Data\TP

2011-11-10 00:16 . 2011-11-18 00:57 -------- d-----w- c:\documents and settings\NieuweAccount\Local Settings\Application Data\Akamai

2011-11-03 20:57 . 2011-11-03 20:57 -------- d-----w- c:\documents and settings\NieuweAccount\Application Data\AVG10

2011-11-03 20:55 . 2011-11-07 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-11-03 20:52 . 2011-11-03 20:52 -------- d-----w- c:\windows\system32\wbem\snmp

2011-11-03 20:52 . 2011-11-03 20:52 -------- d-----w- c:\windows\system32\restore

2011-11-03 20:52 . 2011-11-03 20:52 -------- d-----w- c:\windows\srchasst

2011-11-03 20:52 . 2011-11-03 20:52 -------- d-----w- c:\windows\system32\xircom

2011-11-03 20:52 . 2011-11-03 20:52 -------- d-----w- c:\program files\microsoft frontpage

2011-10-30 11:46 . 2011-10-30 11:46 388096 ----a-r- c:\documents and settings\NieuweAccount\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-30 11:46 . 2011-10-30 11:46 -------- d-----w- c:\program files\Trend Micro

2011-10-30 11:31 . 2011-10-30 11:31 -------- d-----w- c:\documents and settings\NieuweAccount\Application Data\SystemRequirementsLab

2011-10-29 20:47 . 2011-10-29 20:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2011-10-26 09:13 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-10-26 09:13 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-10-25 22:09 . 2011-10-25 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-10-25 21:52 . 2001-09-06 17:27 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-10-25 21:52 . 2008-04-14 18:32 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-10-25 21:52 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-03 04:06 . 2011-05-04 11:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 01:37 . 2011-05-23 21:21 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-09-30 17:15 . 2011-05-04 09:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-05-21 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2008-05-21 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-05-21 . 380397621E94B32C744E7B2CC1330390 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-05-21 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-05-21 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2008-05-21 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-05-21 . A5BC817BB84DCB9E71719FF868144124 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

.

[-] 2008-05-21 . 69EAA7501F53A40E8C04C69F2391224F . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

.

[-] 2008-05-21 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

.

[-] 2008-05-21 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

.

[-] 2008-05-21 12:00 . 49DEEDAED168FD4723934755BF55CCFE . 822784 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

.

[-] 2008-05-21 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

.

[-] 2008-05-21 . 70357A0F411DF464F9FF434F2DDCB68F . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll

.

[-] 2008-05-21 . B77BC5CD88EB96D4352AF5202EC4AEC2 . 109056 . . [5.1.2600.5512] . . c:\windows\system32\services.exe

.

[-] 2008-05-21 . DB454135DE1A09FE7FEDA7B554B5CCA2 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

.

[-] 2008-05-21 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

.

[-] 2008-05-21 . EFD9660AF9177D90018AC9A9AA42310F . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-05-21 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-05-21 . 1EAA8CD46BFB33307ACAF10EFF80E8BD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

.

[-] 2008-05-21 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

.

[-] 2008-05-21 . 58211BB9D2F5C761BFB504C2BBBA8D99 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

.

[-] 2008-05-21 . 09BCB7171F8172C2BA0189FE1F9C25CB . 1030656 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll

.

[-] 2008-05-21 . 9234F9A97016954CC67C01DA9C4F39C2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

.

[-] 2008-05-21 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

.

[-] 2008-05-21 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-05-21 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-05-21 . 61E70054981A2F9E64CEA7CA9479C0AA . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

.

[-] 2008-05-21 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

.

[-] 2008-05-21 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

.

[-] 2008-05-21 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

.

[-] 2008-05-21 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

.

[-] 2008-05-21 . 2BC9FB448F0C2394FF53C83A7BB04731 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

.

[-] 2008-05-21 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

.

[-] 2008-05-21 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

.

[-] 2008-05-21 . 63049530081DA7EB7B2D1280B1F0BDEB . 818688 . . [7.00.6000.20900] . . c:\windows\system32\wininet.dll

.

[-] 2008-05-21 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

.

[-] 2008-05-21 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

.

[-] 2008-05-21 . 0667A612D847BD87667F3CB1FC4C0D6C . 979456 . . [6.00.2900.5512] . . c:\windows\explorer.exe

.

[-] 2008-05-21 . 84FEBA228C626DA702A065C6B86FCB41 . 230912 . . [5.1.2600.5512] . . c:\windows\regedit.exe

.

[-] 2008-05-21 . B2EE0E38A8025D6D7A7F3EEC8CA2829E . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll

.

[-] 2008-05-21 . 0996802B726C0CFE94A44CDBD661983A . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll

.

[-] 2008-04-14 . 2D54DB081CDACF8C0B738B9F25B25DCD . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

.

[-] 2008-05-21 . E98A8C802CDB31FCF4121D9DFBEA3677 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

[-] 2008-05-21 . CFB406497D9CF95DFFE17594899FD367 . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll

.

[-] 2008-05-21 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

.

[-] 2008-05-21 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

.

[-] 2008-05-21 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

[-] 2008-05-21 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

.

[-] 2008-05-21 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

.

[-] 2008-05-21 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

.

[-] 2008-05-21 . 6F18B42068D29B1F6F283DC37057836D . 347648 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

.

[-] 2008-05-21 . 434A70FA278EB3C42140E3755C2FA4F8 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

.

[-] 2008-05-21 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-05-21 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2008-05-21 12:00 . 2407EADA5E2E146AB51E925F151DDAA5 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

.

[-] 2008-05-21 12:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

[-] 2008-05-21 . 5EF7B4CF3922E30D515C02C5A7D935BC . 2188288 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe

.

[-] 2008-05-21 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

.

[-] 2008-05-21 . 3A9974C925F4500BFF226F61DE1C4AF8 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

.

[-] 2008-05-21 . 7D2ABE7AA2D6CBC1CB0A1EB8B2619FCF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

.

[-] 2008-05-21 12:00 . 6508ED3152C29B28B5E9183160DD2686 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

.

[-] 2008-05-21 . E62337E275E82AA3F0ABFFED7E6E01E2 . 41472 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

.

[-] 2008-05-21 . 85844EC167674A67F547E13747E3E0E3 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

.

[-] 2008-05-21 . 85E1BA304CA96CF5A58217C04A30F548 . 2309632 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe

.

[-] 2008-05-21 . 5AE996186D2DC694FEF88F14A3FC9242 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

.

[-] 2008-05-21 . 5203C84A11E39CBB1408F5E2767B04ED . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

.

[-] 2008-05-21 . 3D5CC4BFF926A0ABD4F5A117825629A3 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-11-03_20.53.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-20 11:22 . 2011-11-20 11:22 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat

+ 2011-11-20 11:21 . 2011-11-20 11:21 16384 c:\windows\Temp\Perflib_Perfdata_544.dat

+ 2011-11-20 11:21 . 2011-11-20 11:21 16384 c:\windows\Temp\Perflib_Perfdata_234.dat

+ 2008-05-21 12:00 . 2011-11-22 23:54 94200 c:\windows\system32\perfc013.dat

+ 2008-05-21 12:00 . 2011-11-22 23:54 73856 c:\windows\system32\perfc009.dat

+ 2011-05-23 21:31 . 2008-04-13 21:15 26368 c:\windows\system32\drivers\USBSTOR.SYS

- 2011-05-23 21:31 . 2008-04-13 20:15 26368 c:\windows\system32\drivers\USBSTOR.SYS

- 2008-05-21 12:00 . 2008-05-21 12:00 32128 c:\windows\system32\drivers\usbccgp.sys

+ 2008-05-21 12:00 . 2008-04-13 21:15 32128 c:\windows\system32\drivers\usbccgp.sys

- 2008-05-21 12:00 . 2008-05-21 12:00 36352 c:\windows\system32\drivers\disk.sys

+ 2008-05-21 12:00 . 2008-05-07 12:12 36352 c:\windows\system32\drivers\disk.sys

+ 2011-05-04 06:54 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll

+ 2011-05-04 06:54 . 2008-05-21 12:00 25800 c:\windows\system32\dllcache\wuauserv.dll

+ 2011-05-04 06:54 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 90112 c:\windows\system32\dllcache\wshext.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 54784 c:\windows\system32\dllcache\w32tm.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 66048 c:\windows\system32\dllcache\shimeng.dll

+ 2011-05-04 06:52 . 2008-05-21 12:00 92672 c:\windows\system32\dllcache\policman.dll

+ 2008-05-21 12:00 . 2008-08-26 09:12 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 68096 c:\windows\system32\dllcache\ntdsapi.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 18944 c:\windows\system32\dllcache\msisip.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 95744 c:\windows\system32\dllcache\msiexec.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 48128 c:\windows\system32\dllcache\mshtmler.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 45568 c:\windows\system32\dllcache\mshta.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 74240 c:\windows\system32\dllcache\mscms.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 40960 c:\windows\system32\dllcache\licmgr10.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2008-05-21 12:00 . 2007-08-13 16:39 92672 c:\windows\system32\dllcache\inseng.dll

+ 2008-05-21 12:00 . 2007-05-11 03:54 36352 c:\windows\system32\dllcache\imgutil.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 55296 c:\windows\system32\dllcache\iesetup.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2011-05-04 06:54 . 2008-05-21 12:00 69120 c:\windows\system32\dllcache\iedw.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2011-05-04 06:54 . 2008-05-21 12:00 60416 c:\windows\system32\dllcache\hmmapi.dll

+ 2008-05-21 12:00 . 2008-05-07 12:12 36352 c:\windows\system32\dllcache\disk.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 17408 c:\windows\system32\dllcache\corpol.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 62976 c:\windows\system32\dllcache\cdrom.sys

+ 2008-05-21 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 68096 c:\windows\system32\dllcache\adsmsext.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 71680 c:\windows\system32\dllcache\admparse.dll

+ 2011-10-26 03:29 . 2011-11-04 21:55 26100 c:\windows\system32\config\systemprofile\Local Settings\Application Data\prvlcl.dat

+ 2011-11-22 12:14 . 2011-11-22 12:14 89952 c:\windows\Installer\{90140000-006D-0413-0000-0000000FF1CE}\cvhicon.exe

- 2011-06-04 11:14 . 2011-06-04 11:14 89952 c:\windows\Installer\{90140000-006D-0413-0000-0000000FF1CE}\cvhicon.exe

+ 2011-05-04 12:01 . 2011-11-21 23:13 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

- 2011-05-04 12:01 . 2011-11-02 21:56 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

- 2011-05-04 12:01 . 2011-11-02 21:56 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2011-05-04 12:01 . 2011-11-21 23:13 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2011-05-04 12:01 . 2011-11-21 23:13 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll

- 2011-05-04 12:01 . 2011-11-02 21:56 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll

- 2011-05-04 12:01 . 2011-11-02 21:56 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll

+ 2011-05-04 12:01 . 2011-11-21 23:13 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 2560 c:\windows\system32\dllcache\msimsg.dll

+ 2008-05-21 12:00 . 2011-11-22 23:54 518196 c:\windows\system32\perfh013.dat

+ 2008-05-21 12:00 . 2011-11-22 23:54 449976 c:\windows\system32\perfh009.dat

+ 2008-04-22 19:10 . 2008-05-21 12:00 483328 c:\windows\system32\dllcache\wzcsvc.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 383488 c:\windows\system32\dllcache\wzcdlg.dll

+ 2011-05-04 06:54 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll

+ 2011-05-04 06:54 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll

+ 2011-05-04 06:54 . 2008-05-21 12:00 194520 c:\windows\system32\dllcache\wuaueng1.dll

+ 2011-05-04 06:54 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 155648 c:\windows\system32\dllcache\wscript.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 134144 c:\windows\system32\dllcache\wkssvc.dll

+ 2008-05-21 12:00 . 2008-08-26 09:12 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 176128 c:\windows\system32\dllcache\w32time.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 430080 c:\windows\system32\dllcache\vbscript.dll

+ 2008-05-21 12:00 . 2008-02-27 18:02 144128 c:\windows\system32\dllcache\usbport.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 225856 c:\windows\system32\dllcache\tcpip6.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 985088 c:\windows\system32\dllcache\setupapi.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 172032 c:\windows\system32\dllcache\scrrun.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 180224 c:\windows\system32\dllcache\scrobj.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 203136 c:\windows\system32\dllcache\rmcast.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 174848 c:\windows\system32\dllcache\rdbss.sys

+ 2011-05-04 08:51 . 2008-03-21 13:35 146048 c:\windows\system32\dllcache\portcls.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 215552 c:\windows\system32\dllcache\osk.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 407040 c:\windows\system32\dllcache\netlogon.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 105344 c:\windows\system32\dllcache\mup.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 701440 c:\windows\system32\dllcache\msxml2.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 247296 c:\windows\system32\dllcache\mswsock.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 132608 c:\windows\system32\dllcache\msv1_0.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 671232 c:\windows\system32\dllcache\mstime.dll

+ 2008-05-21 12:00 . 2008-08-26 09:12 193024 c:\windows\system32\dllcache\msrating.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 156160 c:\windows\system32\dllcache\msls31.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 332800 c:\windows\system32\dllcache\msihnd.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2011-05-04 06:54 . 2008-05-21 12:00 331776 c:\windows\system32\dllcache\msadce.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 455552 c:\windows\system32\dllcache\mrxsmb.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 733184 c:\windows\system32\dllcache\lsasrv.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 343552 c:\windows\system32\dllcache\localspl.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 512000 c:\windows\system32\dllcache\jscript.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 331776 c:\windows\system32\dllcache\ipnathlp.dll

+ 2011-05-04 06:54 . 2008-05-21 12:00 691712 c:\windows\system32\dllcache\inetcomm.dll

+ 2011-05-04 06:54 . 2008-05-21 12:00 635848 c:\windows\system32\dllcache\iexplore.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 193024 c:\windows\system32\dllcache\iepeers.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 388608 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 201216 c:\windows\system32\dllcache\gptext.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 132608 c:\windows\system32\dllcache\extmgr.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 253952 c:\windows\system32\dllcache\es.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 113664 c:\windows\system32\dllcache\dsuiext.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 147968 c:\windows\system32\dllcache\dnsapi.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 126976 c:\windows\system32\dllcache\dhcpcsvc.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 135168 c:\windows\system32\dllcache\cscript.exe

+ 2008-05-21 12:00 . 2008-05-21 12:00 102400 c:\windows\system32\dllcache\cscdll.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 272640 c:\windows\system32\dllcache\bthport.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 138496 c:\windows\system32\dllcache\afd.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 124928 c:\windows\system32\dllcache\advpack.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 176128 c:\windows\system32\dllcache\adsldp.dll

- 2011-08-10 01:58 . 2011-08-10 01:58 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe

+ 2011-11-13 20:58 . 2011-11-13 20:58 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe

- 2011-05-04 12:01 . 2011-11-02 21:56 144896 c:\windows\.jagex_cache_32\runescape\jaclib.dll

+ 2011-05-04 12:01 . 2011-11-21 23:13 144896 c:\windows\.jagex_cache_32\runescape\jaclib.dll

+ 2011-05-04 06:54 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 1847040 c:\windows\system32\dllcache\win32k.sys

+ 2008-05-21 12:00 . 2008-05-21 12:00 1292288 c:\windows\system32\dllcache\quartz.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 1104896 c:\windows\system32\dllcache\msxml3.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 4445184 c:\windows\system32\dllcache\msi.dll

+ 2008-05-21 12:00 . 2008-08-26 09:12 3594752 c:\windows\system32\dllcache\mshtml.dll

+ 2008-05-21 12:00 . 2008-05-21 12:00 1689088 c:\windows\system32\dllcache\d3d9.dll

+ 2011-11-13 20:58 . 2011-11-13 20:58 1527808 c:\windows\Installer\22da1e2.msi

- 2011-05-04 12:01 . 2011-11-02 21:56 1269760 c:\windows\.jagex_cache_32\runescape\sw3d.dll

+ 2011-05-04 12:01 . 2011-11-21 23:13 1269760 c:\windows\.jagex_cache_32\runescape\sw3d.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1281536]

"Akamai NetSession Interface"="c:\documents and settings\NieuweAccount\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]

"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2011-05-04 949376]

"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-09-13 425984]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-21 15360]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"_nltide_3"="advpack.dll" [2008-05-21 124928]

"PackNoVs"="c:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304]

.

c:\windows\system32\config\systemprofile\Menu Start\Programma's\Opstarten\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

.

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

.

c:\documents and settings\NieuweAccount\Menu Start\Programma's\Opstarten\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"SetVisualStyle"= c:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0pgdfgsvc C 1\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^eBoostr Control Panel.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\eBoostr Control Panel.lnk

backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^NieuweAccount^Menu Start^Programma's^Opstarten^RocketDock.lnk]

path=c:\documents and settings\NieuweAccount\Menu Start\Programma's\Opstarten\RocketDock.lnk

backup=c:\windows\pss\RocketDock.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]

2011-09-10 04:28 2338656 ----a-w- c:\program files\AVG\AVG10\avgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IEPro\\MiniDM.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=

"c:\\Documents and Settings\\NieuweAccount\\Bureaublad\\wlm2009_nl_rel3.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

"c:\\Documents and Settings\\NieuweAccount\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57111:TCP"= 57111:TCP:*:Disabled:Pando Media Booster

"57111:UDP"= 57111:UDP:*:Disabled:Pando Media Booster

"56357:TCP"= 56357:TCP:*:Disabled:Pando Media Booster

"56357:UDP"= 56357:UDP:*:Disabled:Pando Media Booster

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 7:13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 15:03 32592]

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [8-8-2008 13:17 96376]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4-5-2011 7:56 717296]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 5:41 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4-4-2011 23:59 297168]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4-5-2011 10:36 15424]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [21-5-2008 13:00 14336]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28-2-2010 1:33 821664]

R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [8-8-2008 13:17 843384]

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9-9-2008 12:49 693512]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2-12-2009 21:23 483688]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [27-5-2011 18:05 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 6:53 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 6:53 27216]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 20:37 4640000]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2-12-2009 21:23 554344]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2-12-2009 21:23 211304]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2-12-2009 21:23 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2-12-2009 21:23 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2-12-2009 21:23 209768]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 4:33 269520]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9-9-2008 12:49 906504]

S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [4-5-2011 9:45 11696]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

2008-05-21 12:00 124928 ----a-w- c:\windows\system32\advpack.dll

.

Inhoud van de 'Gedeelde Taken' map

.

2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2146997605-1801674531-1002Core.job

- c:\documents and settings\NieuweAccount\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-06 14:37]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2146997605-1801674531-1002UA.job

- c:\documents and settings\NieuweAccount\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-06 14:37]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2146997605-1801674531-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-25 23:24]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2146997605-1801674531-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-25 23:24]

.

------- Bijkomende Scan -------

.

uStart Page = Google

uDefault_Search_URL = hxxp://www.google.nl

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: c:\windows\system32\imon.dll

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\documents and settings\NieuweAccount\Application Data\Mozilla\Firefox\Profiles\7zxrod0r.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-11-23 19:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(840)

c:\windows\system32\imon.dll

c:\program files\Eset\pr_imon.dll

.

- - - - - - - > 'explorer.exe'(4792)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

.

Voltooingstijd: 2011-11-23 19:30:19

ComboFix-quarantined-files.txt 2011-11-23 18:30

ComboFix2.txt 2011-11-03 21:05

.

Pre-Run: 47.476.789.248 bytes beschikbaar

Post-Run: 55.498.244.096 bytes beschikbaar

.

- - End Of File - - 28B175C33D23910B31483DF266A77AD4

kape · 24 november 2011

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

FCOPY::

c:\windows\ServicePackFiles\i386\srsvc.dll|c:\windows\System32\srsvc.dll

c:\windows\ServicePackFiles\i386\ntkrnlpa.exe|c:\windows\System32\ntkrnlpa.exe

c:\windows\ServicePackFiles\i386\ntoskrnl.exe|c:\windows\System32\ntoskrnl.exe

Registry::

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"=-

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

clou · 24 november 2011

ComboFix 11-11-24.01 - NieuweAccount 24-11-2011 23:17:37.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1013.674 [GMT 1:00]

Gestart vanuit: c:\documents and settings\NieuweAccount\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\NieuweAccount\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\srsvc.dll . . . is geïnfecteerd!!

.

c:\windows\system32\ntkrnlpa.exe . . . is geïnfecteerd!!

.

c:\windows\system32\ntoskrnl.exe . . . is geïnfecteerd!!

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-24 to 2011-11-24 ))))))))))))))))))))))))))))))