Ga naar inhoud

computer te traag, en loopt vast op het internet

elboujoufi

Door elboujoufi
in Archief Hardware algemeen

 Delen

Aanbevolen berichten

elboujoufi Bijdrager

elboujoufi

Geplaatst:
Geplaatst:

hallo

ik heb een windows xp computer, direct al bij het opstarten moet ik ongeveer 5 minuten wachten, voordat ik kan beginnen, en bij het surfen op het internet gaat het ook al niet beter, ik heb de laatste dagen overbodige bestanden en software verwijderd om het iets sneller te maken, maar het heeft niets opgeleverd

heb ook via microsoft essentials of er een virus in ziet, kon niets vinden, ben dus een beetje radeloos geworden, en hoop dat jullie mij kunnen helpen

m.b

Link naar reactie
Delen op andere sites
stegisoft Grootmeester

stegisoft

Geplaatst:
Geplaatst:

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Link naar reactie
Delen op andere sites
elboujoufi Bijdrager

elboujoufi

Geplaatst:
  • Auteur
Geplaatst:

Hallo Stegisoft

Bedankt voor he supernel reageren\

Hier is het script

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:59:33, on 15-4-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\mohamed\Mijn documenten\HijackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De eerste stap naar succes op het Internet begint hier : Weblinker.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=www.packardbell.nl/center

O15 - Trusted Zone: ImageShack® - Tstart

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166823665452

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182413505062

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--

End of file - 7633 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit logje is bijna probleemloos : enkel onderstaand lijntje mag je fixen met HijackThis :

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
elboujoufi Bijdrager

elboujoufi

Geplaatst:
  • Auteur
Geplaatst:

Hoi Kape

Hier het bestandje, maar vooraf wil je vertellen dat ik wanneer ik de pc heb gekocht Norton Antivirus vooraf geinstalleerd is, maar wanneer ik deze niet nodig had, deze niet kon verwijderen, wellicht dat hier iets mee te mazken had

!! Alvast Bedankt !!

ComboFix 12-04-15.02 - mohamed 15-04-2012 21:05:56.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.259 [GMT 2:00]

Gestart vanuit: c:\documents and settings\mohamed\Mijn documenten\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\mohamed\Application Data\RegistrySmart

c:\documents and settings\mohamed\Application Data\RegistrySmart\Errors.stg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 11 - 05_04_46 PM_953.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 11 - 05_04_48 PM_578.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 12 - 03_38_49 AM_859.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 12 - 08_12_43 AM_109.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 12 - 11_53_30 AM_640.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 13 - 05_44_56 PM_781.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 13 - 08_32_28 AM_218.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 14 - 10_54_21 AM_781.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 15 - 07_41_12 PM_002.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 15 - 12_31_36 PM_625.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 16 - 01_06_20 PM_093.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 16 - 06_25_10 PM_609.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 16 - 07_35_55 PM_453.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 16 - 08_32_31 AM_484.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 17 - 03_24_52 AM_812.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 17 - 03_30_04 AM_359.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 17 - 07_43_53 PM_281.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 17 - 08_54_03 AM_687.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 18 - 03_28_30 AM_234.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 18 - 06_32_51 PM_000.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 19 - 09_02_17 AM_593.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 20 - 03_30_00 AM_578.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 20 - 11_25_59 AM_859.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 21 - 08_19_54 PM_437.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 21 - 11_06_24 AM_312.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 22 - 07_34_57 PM_546.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 22 - 10_48_43 AM_046.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 23 - 03_29_04 AM_250.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 23 - 06_10_49 PM_296.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 23 - 08_59_05 AM_359.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Sep 03 - 12_33_28 PM_671.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Sep 03 - 12_33_41 PM_937.log

c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-11_17-12-53.reg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-13_08-50-42.reg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-16_20-05-12.reg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-17_03-37-22.reg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-17_03-37-38.reg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-20_03-32-12.reg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-20_11-39-59.reg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-20_11-40-21.reg

c:\documents and settings\mohamed\Application Data\RegistrySmart\Results.stg

c:\documents and settings\mohamed\WINDOWS

c:\program files\A.ico

c:\program files\a.zip

c:\program files\B.ico

c:\program files\b.zip

c:\program files\c.zip

c:\program files\Conference

c:\program files\Conference\Conference.exe

c:\program files\Internet Explorer\SET114.tmp

c:\program files\Internet Explorer\SET115.tmp

c:\program files\Internet Explorer\SET117.tmp

c:\program files\Internet Explorer\SETA5.tmp

c:\program files\Internet Explorer\SETA6.tmp

c:\program files\Internet Explorer\SETA8.tmp

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\IsUn0413.exe

c:\windows\SwSys1.bmp

c:\windows\SwSys2.bmp

c:\windows\system32\bqgrrkol.ini

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\ghkmp.bak1

c:\windows\system32\ghkmp.bak2

c:\windows\system32\ghkmp.ini

c:\windows\system32\ghkmp.ini2

c:\windows\system32\ghkmp.tmp

c:\windows\system32\help.chm

c:\windows\system32\hrskikbv.ini

c:\windows\system32\icclwnit.ini

c:\windows\system32\iddnityw.ini

c:\windows\system32\iohsvmne.ini

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\qskrrspf.ini

c:\windows\system32\rnaph.dll

c:\windows\system32\SET121.tmp

c:\windows\system32\SET122.tmp

c:\windows\system32\SET124.tmp

c:\windows\system32\SET125.tmp

c:\windows\system32\SET126.tmp

c:\windows\system32\SET127.tmp

c:\windows\system32\SET128.tmp

c:\windows\system32\SET12A.tmp

c:\windows\system32\SET12C.tmp

c:\windows\system32\SET12D.tmp

c:\windows\system32\SET12E.tmp

c:\windows\system32\SET131.tmp

c:\windows\system32\SET132.tmp

c:\windows\system32\SET135.tmp

c:\windows\system32\SET136.tmp

c:\windows\system32\SET138.tmp

c:\windows\system32\SET13B.tmp

c:\windows\system32\SET13C.tmp

c:\windows\system32\SET13D.tmp

c:\windows\system32\SET13E.tmp

c:\windows\system32\SET13F.tmp

c:\windows\system32\SET140.tmp

c:\windows\system32\SET144.tmp

c:\windows\system32\SET145.tmp

c:\windows\system32\SET146.tmp

c:\windows\system32\SET147.tmp

c:\windows\system32\SET148.tmp

c:\windows\system32\SET149.tmp

c:\windows\system32\SET14A.tmp

c:\windows\system32\SET14B.tmp

c:\windows\system32\SET14C.tmp

c:\windows\system32\SET14D.tmp

c:\windows\system32\SET14E.tmp

c:\windows\system32\SET150.tmp

c:\windows\system32\SET151.tmp

c:\windows\system32\SET152.tmp

c:\windows\system32\SET153.tmp

c:\windows\system32\SET3E.tmp

c:\windows\system32\SETB2.tmp

c:\windows\system32\SETB3.tmp

c:\windows\system32\SETB5.tmp

c:\windows\system32\SETB6.tmp

c:\windows\system32\SETB7.tmp

c:\windows\system32\SETB8.tmp

c:\windows\system32\SETB9.tmp

c:\windows\system32\SETBB.tmp

c:\windows\system32\SETBD.tmp

c:\windows\system32\SETBE.tmp

c:\windows\system32\SETBF.tmp

c:\windows\system32\SETC2.tmp

c:\windows\system32\SETC3.tmp

c:\windows\system32\SETC6.tmp

c:\windows\system32\SETC7.tmp

c:\windows\system32\SETC9.tmp

c:\windows\system32\SETCC.tmp

c:\windows\system32\SETCD.tmp

c:\windows\system32\SETCE.tmp

c:\windows\system32\SETCF.tmp

c:\windows\system32\SETD0.tmp

c:\windows\system32\SETD1.tmp

c:\windows\system32\SETD5.tmp

c:\windows\system32\SETD6.tmp

c:\windows\system32\SETD7.tmp

c:\windows\system32\SETD8.tmp

c:\windows\system32\SETD9.tmp

c:\windows\system32\SETDA.tmp

c:\windows\system32\SETDB.tmp

c:\windows\system32\SETDC.tmp

c:\windows\system32\SETDD.tmp

c:\windows\system32\SETDE.tmp

c:\windows\system32\SETDF.tmp

c:\windows\system32\SETE1.tmp

c:\windows\system32\SETE2.tmp

c:\windows\system32\SETE3.tmp

c:\windows\system32\SETE4.tmp

c:\windows\system32\ufujwpkf.ini

c:\windows\system32\x.exe

c:\windows\ZZZ8F.tmp

c:\windows\ZZZ90.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-15 to 2012-04-15 ))))))))))))))))))))))))))))))

.

.

2012-04-15 18:55 . 2012-04-15 18:55 -------- d--h--r- c:\documents and settings\mohamed\Onlangs geopend

2012-04-15 18:25 . 2012-04-15 18:25 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20C0BEA7-5929-4FB6-BD7E-88FB1D40E3F9}\MpKsl7d8264f5.sys

2012-04-15 16:56 . 2012-04-15 16:56 -------- d-----w- c:\program files\CCleaner

2012-04-15 14:10 . 2012-04-15 14:10 -------- d-----w- c:\program files\Common Files\Windows Live

2012-04-15 14:08 . 2012-04-15 14:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-04-15 14:06 . 2012-04-15 14:06 -------- d-----w- c:\windows\system32\winrm

2012-04-15 14:05 . 2012-04-15 14:07 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-04-15 14:00 . 2012-04-15 14:00 -------- d-----w- c:\documents and settings\mohamed\Application Data\Windows Desktop Search

2012-04-15 13:57 . 2012-04-15 14:33 -------- d-----w- c:\program files\Windows Desktop Search

2012-04-15 13:49 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2012-04-15 13:49 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2012-04-15 13:49 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2012-04-15 12:53 . 2012-04-15 17:23 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20C0BEA7-5929-4FB6-BD7E-88FB1D40E3F9}\offreg.dll

2012-04-14 20:38 . 2012-04-14 20:40 -------- d-----w- C:\b84c4b9c3e0aaba50c

2012-04-14 20:25 . 2012-04-14 20:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-04-14 19:35 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys

2012-04-14 19:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-14 19:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-04-14 19:29 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2012-04-14 19:28 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2012-04-14 19:22 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2012-04-14 19:22 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2012-04-14 19:21 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2012-04-14 19:21 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2012-04-14 19:20 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2012-04-14 18:24 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20C0BEA7-5929-4FB6-BD7E-88FB1D40E3F9}\mpengine.dll

2012-04-14 18:23 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-04-14 18:17 . 2012-04-14 18:18 -------- d-----w- c:\program files\Microsoft Security Client

2012-04-14 18:01 . 2012-04-14 18:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2012-04-14 17:41 . 2012-04-14 17:41 -------- d-----w- c:\windows\l2schemas

2012-04-14 17:41 . 2012-04-14 17:41 -------- d-----w- c:\windows\system32\nl

2012-04-14 17:07 . 2012-04-14 17:07 -------- d-sh--w- c:\documents and settings\mohamed\IECompatCache

2012-04-14 17:06 . 2012-04-14 17:06 -------- d-sh--w- c:\documents and settings\mohamed\PrivacIE

2012-04-14 17:05 . 2012-04-14 17:05 -------- d-sh--w- c:\documents and settings\mohamed\IETldCache

2012-04-14 16:58 . 2012-04-14 17:00 -------- dc-h--w- c:\windows\ie8

2012-04-14 16:55 . 2012-04-14 16:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-14 16:52 . 2012-03-01 11:00 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2012-04-14 16:52 . 2012-03-01 11:00 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2012-04-14 16:52 . 2012-03-01 11:00 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2012-04-14 13:32 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys

2012-04-14 13:31 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2012-04-14 13:31 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2012-04-14 13:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2012-04-14 13:31 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2012-04-14 13:31 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2012-04-14 13:30 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2012-04-14 13:30 . 2009-06-10 07:22 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll

2012-04-14 13:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2012-04-14 13:28 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2012-04-14 13:28 . 2011-10-26 10:50 2197120 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2012-04-14 13:28 . 2009-03-06 14:23 285696 ------w- c:\windows\system32\dllcache\pdh.dll

2012-04-14 13:28 . 2009-02-09 11:27 111104 ------w- c:\windows\system32\dllcache\services.exe

2012-04-14 13:28 . 2009-02-09 10:56 684544 ------w- c:\windows\system32\dllcache\advapi32.dll

2012-04-14 13:28 . 2009-02-09 10:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2012-04-14 13:28 . 2009-02-09 10:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2012-04-14 13:28 . 2011-10-26 10:50 2153472 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2012-04-14 13:28 . 2010-12-20 17:25 735232 ------w- c:\windows\system32\dllcache\lsasrv.dll

2012-04-14 13:28 . 2010-12-09 15:15 739328 ------w- c:\windows\system32\dllcache\ntdll.dll

2012-04-14 13:28 . 2009-02-09 10:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2012-04-14 13:28 . 2011-10-26 10:50 2031616 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2012-04-14 13:26 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2012-04-14 13:25 . 2010-07-16 11:58 221184 ------w- c:\windows\system32\dllcache\wordpad.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 16:54 . 2007-06-23 20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-01 11:00 . 2004-08-23 17:17 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:00 . 1979-12-31 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:00 . 1979-12-31 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 1979-12-31 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 1979-12-31 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:57 . 1979-12-31 23:00 1860224 ----a-w- c:\windows\system32\win32k.sys

2002-09-24 20:01 . 2002-09-24 20:01 245760 -c--a-w- c:\program files\opera\program\plugins\dapop.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-31 185632]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KODAK Picture Transfer Software.lnk]

backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KODAK Software Updater.lnk]

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Manolito

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2007-01-09 20:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2001-07-25 09:00 188472 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]

2001-07-25 09:00 188472 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-08-31 20:11 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]

2007-08-31 20:11 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]

2002-06-07 11:34 299008 -c--a-w- c:\program files\Virtual CD v4 SDK\System\vcsplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 MpKsl7d8264f5;MpKsl7d8264f5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20C0BEA7-5929-4FB6-BD7E-88FB1D40E3F9}\MpKsl7d8264f5.sys [15-4-2012 20:25 29904]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [22-12-2006 22:24 6942]

R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [22-12-2006 22:28 49232]

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [22-12-2006 22:28 139264]

R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [20-9-2002 19:42 296179]

R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [1-1-1980 1:00 231983]

S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [22-12-2006 22:24 28672]

S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]

S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [29-11-2001 17:09 1432836]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1-1-1980 1:00 14336]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSL7D8264F5

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Inhoud van de 'Gedeelde Taken' map

.

2008-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

.

2012-04-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]

.

2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{5140E06D-E1AE-4DDC-9B17-F78C9F6F9A84}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.mebec.weblinker.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: {{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - c:\apps\IECustom\script.htm

Trusted Zone: imageshack.us\toolbar

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

SafeBoot-svcWRSSSDK

MSConfigStartUp-icq - (no file)

MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe

MSConfigStartUp-zBrowser Launcher - c:\logitech\iTouch\iTouch.exe

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-15 21:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-725345543-1292428093-682003330-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44DDD7DB-C851-F5D8-43BBD1CB976AABCC}\{47326943-CE6C-E3D1-74FCCAE0772B4FAB}\{FA8F0E33-B888-6EFF-6240990870DDF055}*]

"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,

9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHôwæ*]

"DisplayName"="\09"

"DeviceDesc"="\09"

"ProviderName"=""

"MFG"="?"

"ReinstallString"="2002, 6.13.10.6166"

"DeviceInstanceIds"=multi:"\00"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(612)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2012-04-15 21:34:38

ComboFix-quarantined-files.txt 2012-04-15 19:34

.

Pre-Run: 98.123.640.832 bytes beschikbaar

Post-Run: 98.668.584.960 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

C:\="Microsoft Windows"

.

- - End Of File - - 4B39301CDD0C68B1C28565AA5084C0D2

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Combofix heeft een flinke berg rotzooi van je PC gehaald. Dit mag je nog uitvoeren :

Eerst Norton aanpakken via de Removal Tool.

Open daarna een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\Norton Internet Security

C:\b84c4b9c3e0aaba50c

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
elboujoufi Bijdrager

elboujoufi

Geplaatst:
  • Auteur
Geplaatst:

Hallo Kape

Bedankt voor je hulp, mijn computer is ietsje sneller nu, maar nog niet helemaal

hieronder heb ik het script geplaatst

ComboFix 12-04-15.02 - mohamed 16-04-2012 13:04:32.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.244 [GMT 2:00]

Gestart vanuit: c:\documents and settings\mohamed\Mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\mohamed\Bureaublad\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\b84c4b9c3e0aaba50c

c:\b84c4b9c3e0aaba50c\amd64\filterpipelineprintproc.dll

c:\b84c4b9c3e0aaba50c\amd64\msxpsdrv.cat

c:\b84c4b9c3e0aaba50c\amd64\msxpsdrv.inf

c:\b84c4b9c3e0aaba50c\amd64\msxpsinc.gpd

c:\b84c4b9c3e0aaba50c\amd64\msxpsinc.ppd

c:\b84c4b9c3e0aaba50c\amd64\mxdwdrv.dll

c:\b84c4b9c3e0aaba50c\amd64\xpssvcs.dll

c:\b84c4b9c3e0aaba50c\i386\filterpipelineprintproc.dll

c:\b84c4b9c3e0aaba50c\i386\msxpsdrv.cat

c:\b84c4b9c3e0aaba50c\i386\msxpsdrv.inf

c:\b84c4b9c3e0aaba50c\i386\msxpsinc.gpd

c:\b84c4b9c3e0aaba50c\i386\msxpsinc.ppd

c:\b84c4b9c3e0aaba50c\i386\mxdwdrv.dll

c:\b84c4b9c3e0aaba50c\i386\xpssvcs.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-16 to 2012-04-16 ))))))))))))))))))))))))))))))

.

.

2012-04-16 09:10 . 2012-04-16 09:10 -------- d-----w- C:\BJPrinter

2012-04-16 09:07 . 2012-04-16 09:07 -------- d-----w- c:\documents and settings\mohamed\Application Data\ScanSoft

2012-04-16 09:07 . 2012-04-16 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanWizard

2012-04-16 09:07 . 2012-04-16 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanAppDataDir

2012-04-16 09:06 . 2012-04-16 09:07 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2012-04-16 09:04 . 2012-04-16 09:04 -------- d-----w- c:\program files\ArcSoft

2012-04-16 09:00 . 2012-04-16 09:09 -------- d-----w- c:\windows\LastGood

2012-04-16 08:59 . 2012-04-16 08:59 -------- d-----w- C:\CanonMP

2012-04-16 08:56 . 2012-04-16 09:04 -------- d-----w- c:\program files\Canon

2012-04-16 08:31 . 2012-04-16 09:45 -------- d--h--r- c:\documents and settings\mohamed\Onlangs geopend

2012-04-16 08:08 . 2012-04-16 08:08 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0D0A7D8-4A3D-4378-AB3D-B860CF488B41}\offreg.dll

2012-04-16 08:08 . 2012-04-16 08:08 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0D0A7D8-4A3D-4378-AB3D-B860CF488B41}\MpKsla59c4b33.sys

2012-04-16 07:58 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-16 07:53 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0D0A7D8-4A3D-4378-AB3D-B860CF488B41}\mpengine.dll

2012-04-15 16:56 . 2012-04-15 16:56 -------- d-----w- c:\program files\CCleaner

2012-04-15 14:10 . 2012-04-15 14:10 -------- d-----w- c:\program files\Common Files\Windows Live

2012-04-15 14:08 . 2012-04-15 14:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-04-15 14:06 . 2012-04-15 14:06 -------- d-----w- c:\windows\system32\winrm

2012-04-15 14:05 . 2012-04-15 14:07 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-04-15 14:00 . 2012-04-15 14:00 -------- d-----w- c:\documents and settings\mohamed\Application Data\Windows Desktop Search

2012-04-15 13:57 . 2012-04-15 14:33 -------- d-----w- c:\program files\Windows Desktop Search

2012-04-15 13:49 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2012-04-15 13:49 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2012-04-15 13:49 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2012-04-14 20:25 . 2012-04-14 20:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-04-14 19:35 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys

2012-04-14 19:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-14 19:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-04-14 19:29 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2012-04-14 19:28 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2012-04-14 19:22 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2012-04-14 19:22 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2012-04-14 19:21 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2012-04-14 19:21 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2012-04-14 19:20 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2012-04-14 18:23 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-04-14 18:17 . 2012-04-14 18:18 -------- d-----w- c:\program files\Microsoft Security Client

2012-04-14 18:01 . 2012-04-14 18:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2012-04-14 17:41 . 2012-04-14 17:41 -------- d-----w- c:\windows\l2schemas

2012-04-14 17:41 . 2012-04-14 17:41 -------- d-----w- c:\windows\system32\nl

2012-04-14 17:07 . 2012-04-14 17:07 -------- d-sh--w- c:\documents and settings\mohamed\IECompatCache

2012-04-14 17:06 . 2012-04-14 17:06 -------- d-sh--w- c:\documents and settings\mohamed\PrivacIE

2012-04-14 17:05 . 2012-04-14 17:05 -------- d-sh--w- c:\documents and settings\mohamed\IETldCache

2012-04-14 16:58 . 2012-04-14 17:00 -------- dc-h--w- c:\windows\ie8

2012-04-14 16:55 . 2012-04-14 16:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-14 16:52 . 2012-03-01 11:00 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2012-04-14 16:52 . 2012-03-01 11:00 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2012-04-14 16:52 . 2012-03-01 11:00 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2012-04-14 13:32 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys

2012-04-14 13:31 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2012-04-14 13:31 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2012-04-14 13:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2012-04-14 13:31 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2012-04-14 13:31 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2012-04-14 13:30 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2012-04-14 13:30 . 2009-06-10 07:22 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll

2012-04-14 13:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2012-04-14 13:28 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2012-04-14 13:28 . 2011-10-26 10:50 2197120 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2012-04-14 13:28 . 2009-03-06 14:23 285696 ------w- c:\windows\system32\dllcache\pdh.dll

2012-04-14 13:28 . 2009-02-09 11:27 111104 ------w- c:\windows\system32\dllcache\services.exe

2012-04-14 13:28 . 2009-02-09 10:56 684544 ------w- c:\windows\system32\dllcache\advapi32.dll

2012-04-14 13:28 . 2009-02-09 10:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2012-04-14 13:28 . 2009-02-09 10:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2012-04-14 13:28 . 2011-10-26 10:50 2153472 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2012-04-14 13:28 . 2010-12-20 17:25 735232 ------w- c:\windows\system32\dllcache\lsasrv.dll

2012-04-14 13:28 . 2010-12-09 15:15 739328 ------w- c:\windows\system32\dllcache\ntdll.dll

2012-04-14 13:28 . 2009-02-09 10:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2012-04-14 13:28 . 2011-10-26 10:50 2031616 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2012-04-14 13:26 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2012-04-14 13:25 . 2010-07-16 11:58 221184 ------w- c:\windows\system32\dllcache\wordpad.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 16:54 . 2007-06-23 20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-01 11:00 . 2004-08-23 17:17 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:00 . 1979-12-31 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:00 . 1979-12-31 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 1979-12-31 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 1979-12-31 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:57 . 1979-12-31 23:00 1860224 ----a-w- c:\windows\system32\win32k.sys

2002-09-24 20:01 . 2002-09-24 20:01 245760 -c--a-w- c:\program files\opera\program\plugins\dapop.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-15_19.25.42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-16 08:59 . 2003-08-05 19:44 86016 c:\windows\twain_32\MP110\SCRPRMV.DLL

+ 2012-04-16 08:59 . 2004-02-04 22:01 77824 c:\windows\twain_32\MP110\RSTCOL.DLL

+ 2012-04-16 08:59 . 2001-09-10 16:44 98304 c:\windows\twain_32\MP110\RMSLANTC.DLL

+ 2012-04-16 08:59 . 2001-09-10 16:44 36864 c:\windows\twain_32\MP110\NBS4MB.DLL

+ 2012-04-16 08:59 . 2003-08-21 19:55 24576 c:\windows\twain_32\MP110\JDA_CIMG.DLL

+ 2012-04-16 08:59 . 1998-06-17 01:14 45056 c:\windows\twain_32\MP110\CANOIT32.EXE

+ 2012-04-16 09:01 . 2004-07-12 12:54 81920 c:\windows\twain_32\CNQSG\SGSTRES.dll

+ 2012-04-16 09:01 . 1996-04-26 03:23 25600 c:\windows\twain_32\CNQSG\Iffpcx32.dll

+ 2012-04-16 09:01 . 1996-04-26 03:24 83968 c:\windows\twain_32\CNQSG\Iffjpg32.dll

+ 2012-04-16 09:01 . 1996-04-26 03:21 20992 c:\windows\twain_32\CNQSG\Hiffl32.dll

+ 2012-04-16 09:01 . 2001-03-02 23:34 49152 c:\windows\twain_32\CNQSG\ExtDDI.dll

+ 2012-04-16 09:01 . 1997-11-17 00:30 87552 c:\windows\twain_32\CNQSG\Cfpapi.dll

+ 2012-04-16 08:03 . 2012-04-16 08:04 16384 c:\windows\Temp\Perflib_Perfdata_3b0.dat

+ 2012-04-16 09:09 . 2004-09-07 15:22 94208 c:\windows\LastGood\system32\CNCL110.DLL

+ 2012-04-16 09:09 . 2004-10-26 05:15 49152 c:\windows\LastGood\system32\cncisco.dll

+ 2012-04-16 09:09 . 2004-10-26 05:03 90112 c:\windows\LastGood\system32\CNCI110.DLL

+ 2012-04-16 09:07 . 2012-04-16 09:07 53248 c:\windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\_17B2407FE16E_4666_99A0_2FFCA0A8D3BA.exe

+ 2012-04-16 08:59 . 2004-02-19 09:23 6973 c:\windows\twain_32\MP110\CNCS110.DAT

+ 2012-04-16 09:07 . 2012-04-16 09:07 4710 c:\windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\Op.exe

+ 2012-04-16 08:59 . 2004-10-26 05:00 671744 c:\windows\twain_32\MP110\TPM.DLL

+ 2012-04-16 08:59 . 2004-09-07 00:36 794624 c:\windows\twain_32\MP110\SGUI.dll

+ 2012-04-16 08:59 . 2004-09-07 00:34 126976 c:\windows\twain_32\MP110\SCANINTF.DLL

+ 2012-04-16 08:59 . 2001-09-10 16:44 479232 c:\windows\twain_32\MP110\NBSCOR4M.DLL

+ 2012-04-16 08:59 . 1998-06-17 01:14 119808 c:\windows\twain_32\MP110\ITLIB32.DLL

+ 2012-04-16 08:59 . 2004-09-07 00:34 151552 c:\windows\twain_32\MP110\IOP.DLL

+ 2012-04-16 08:59 . 2004-09-09 06:14 966656 c:\windows\twain_32\MP110\CSUI_RES.DLL

+ 2012-04-16 09:01 . 2002-05-24 01:04 389180 c:\windows\twain_32\CNQSG\Ucs32P.dll

+ 2012-04-16 09:01 . 2003-04-28 12:32 151552 c:\windows\twain_32\CNQSG\PCAT.dll

+ 2012-04-16 09:01 . 2003-05-12 15:00 110592 c:\windows\twain_32\CNQSG\paftopdf.dll

+ 2012-04-16 09:01 . 2000-03-08 02:28 270336 c:\windows\twain_32\CNQSG\libtiff.dll

+ 2012-04-16 09:01 . 1995-07-17 00:13 118272 c:\windows\twain_32\CNQSG\Ifftif32.dll

+ 2012-04-16 09:01 . 1997-11-07 02:55 112128 c:\windows\twain_32\CNQSG\cfpJpeg.dll

+ 2012-04-16 09:01 . 1997-11-17 00:26 468992 c:\windows\twain_32\CNQSG\CEFPIX.DLL

+ 2012-04-16 09:09 . 2004-10-26 05:04 557056 c:\windows\LastGood\system32\CNCC110.DLL

+ 2012-04-16 08:59 . 2004-09-07 00:36 1622016 c:\windows\twain_32\MP110\CSUI.DLL

+ 2012-04-16 08:59 . 2004-08-24 12:20 1048800 c:\windows\twain_32\MP110\CNC110R.DAT

+ 2012-04-16 08:59 . 2004-08-25 06:26 1601424 c:\windows\twain_32\MP110\CNC110.DAT

+ 2012-04-16 09:01 . 2004-09-24 17:01 1257472 c:\windows\twain_32\CNQSG\SGST.exe

+ 2012-04-16 09:01 . 2004-03-04 12:01 1966080 c:\windows\twain_32\CNQSG\pafcv2.dll

+ 2012-04-16 09:01 . 2001-08-23 14:25 1706800 c:\windows\twain_32\CNQSG\gdiplus.dll

+ 2012-04-16 09:07 . 2012-04-16 09:07 2914304 c:\windows\Installer\394545.msi

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-31 185632]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"ScanGearStarter"="c:\windows\twain_32\CNQSG\SGST.exe" [2004-09-24 1257472]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KODAK Picture Transfer Software.lnk]

backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KODAK Software Updater.lnk]

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2001-07-25 09:00 188472 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]

2001-07-25 09:00 188472 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-08-31 20:11 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]

2007-08-31 20:11 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]

2002-06-07 11:34 299008 -c--a-w- c:\program files\Virtual CD v4 SDK\System\vcsplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 MpKsla59c4b33;MpKsla59c4b33;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0D0A7D8-4A3D-4378-AB3D-B860CF488B41}\MpKsla59c4b33.sys [16-4-2012 10:08 29904]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [22-12-2006 22:24 6942]

R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [22-12-2006 22:28 49232]

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [22-12-2006 22:28 139264]

R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [20-9-2002 19:42 296179]

R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [1-1-1980 1:00 231983]

S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [22-12-2006 22:24 28672]

S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]

S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [29-11-2001 17:09 1432836]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1-1-1980 1:00 14336]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSLA59C4B33

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Inhoud van de 'Gedeelde Taken' map

.

2008-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

.

2012-04-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]

.

2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{5140E06D-E1AE-4DDC-9B17-F78C9F6F9A84}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.mebec.weblinker.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: {{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - c:\apps\IECustom\script.htm

Trusted Zone: imageshack.us\toolbar

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-16 13:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-725345543-1292428093-682003330-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44DDD7DB-C851-F5D8-43BBD1CB976AABCC}\{47326943-CE6C-E3D1-74FCCAE0772B4FAB}\{FA8F0E33-B888-6EFF-6240990870DDF055}*]

"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,

9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHôwæ*]

"DisplayName"="\09"

"DeviceDesc"="\09"

"ProviderName"=""

"MFG"="?"

"ReinstallString"="2002, 6.13.10.6166"

"DeviceInstanceIds"=multi:"\00"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(588)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2012-04-16 13:16:24

ComboFix-quarantined-files.txt 2012-04-16 11:16

ComboFix2.txt 2012-04-15 19:34

.

Pre-Run: 98.817.708.032 bytes beschikbaar

Post-Run: 98.867.204.096 bytes beschikbaar

.

- - End Of File - - D95C9F959D825F83E79A3BA0E4FEC82B

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
    Opmerking:
    Als u deze melding ziet.
    C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK
    Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Link naar reactie
Delen op andere sites
elboujoufi Bijdrager

elboujoufi

Geplaatst:
  • Auteur
Geplaatst:

Hallo Kape

Scannen is gelukt, zie hieronder het script

Emsisoft Emergency Kit - Versie 1.0

Laatste Update: 16-4-2012 14:16:20

Scaninstellingen:

Scantype: Diepe Scan

Objecten: Geheugen, Sporen, Cookies, C:\

Scan archieven: Aan

Heuristieken: Uit

ADS Scan: Aan

Scan gestart: 16-4-2012 14:16:35

c:\program files\Ares Ontdekt: Trace.Directory.Ares!A2

c:\program files\Ares\tcpip_patcher.sys Ontdekt: Trace.File.Ares!A2

c:\program files\Ares\TcpIpPatcherDll.dll Ontdekt: Trace.File.Ares!A2

Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Ontdekt: Trace.Registry.Ares Galaxy P2P Plus!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol Ontdekt: Trace.Registry.Ares Galaxy P2P Plus!A2

Value: HKEY_CURRENT_USER\Software\RegistrySmart\RegistrySmart\RegistrySmart --> checkdbupdate Ontdekt: Trace.Registry.RegistrySmart!A2

Value: HKEY_CURRENT_USER\Software\RegistrySmart\RegistrySmart\RegistrySmart --> scanonstartup Ontdekt: Trace.Registry.RegistrySmart!A2

C:\APPS\HOMEPAGE\HOMEPGUI.EXE Ontdekt: Virus.Win32.Trojan!IK

C:\Documents and Settings\mohamed\Mijn documenten\keygen.rar/Keygen.exe Ontdekt: Trojan.SuspectCRC!IK

C:\gendel32.exe Ontdekt: Trojan.Win32.Gendel.AMN!A2

C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE Ontdekt: Riskware.NetTool.Win32.PsKill.AMN!A2

Gescand

Bestanden: 204209

Sporen: 445943

Cookies: 69

Processen: 40

Gevonden

Bestanden: 4

Sporen: 7

Cookies: 0

Processen: 0

Registersleutels: 0

Scan Geëindigd: 16-4-2012 17:07:06

Scantijd: 2:50:31

C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE Verwijderd Riskware.NetTool.Win32.PsKill.AMN!A2

C:\gendel32.exe Verwijderd Trojan.Win32.Gendel.AMN!A2

C:\Documents and Settings\mohamed\Mijn documenten\keygen.rar/Keygen.exe Verwijderd Trojan.SuspectCRC!IK

C:\APPS\HOMEPAGE\HOMEPGUI.EXE Verwijderd Virus.Win32.Trojan!IK

Value: HKEY_CURRENT_USER\Software\RegistrySmart\RegistrySmart\RegistrySmart --> checkdbupdate Verwijderd Trace.Registry.RegistrySmart!A2

Value: HKEY_CURRENT_USER\Software\RegistrySmart\RegistrySmart\RegistrySmart --> scanonstartup Verwijderd Trace.Registry.RegistrySmart!A2

Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Verwijderd Trace.Registry.Ares Galaxy P2P Plus!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol Verwijderd Trace.Registry.Ares Galaxy P2P Plus!A2

c:\program files\Ares\tcpip_patcher.sys Verwijderd Trace.File.Ares!A2

c:\program files\Ares\TcpIpPatcherDll.dll Verwijderd Trace.File.Ares!A2

c:\program files\Ares Verwijderd Trace.Directory.Ares!A2

Verwijderd

Bestanden: 4

Sporen: 7

Cookies: 0

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.