scherm loopt vast, computer blokkeert

kape · 6 november 2013

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
Firefox::
FF - ProfilePath - c:\documents and settings\Johan\Application Data\Mozilla\Firefox\Profiles\wnjmdj5p.default\
FF - user.js: extentions.webcake.installId - 
FF - user.js: extentions.webcake.defaultEnableAppsList  -

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

vancoillie johan · 6 november 2013

ComboFix 13-11-04.01 - Johan 06/11/2013 17:34:16.12.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3583.2712 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Johan\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Johan\Bureaublad\CFScript.txt

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\XSxS

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-10-06 to 2013-11-06 ))))))))))))))))))))))))))))))

.

2013-11-05 17:04 . 2013-10-18 00:11 24064 ----a-w- c:\windows\zoek-delete.exe

2013-11-05 16:46 . 2013-11-05 16:59 -------- d-----w- C:\zoek_backup

2013-10-31 18:04 . 2013-10-31 18:04 -------- d-----w- c:\documents and settings\Johan\Application Data\Zeon

2013-10-31 13:57 . 2013-10-31 13:57 -------- d-----w- C:\rsit

2013-10-29 17:23 . 2013-10-29 17:23 -------- d-----w- c:\program files\Microsoft Silverlight

2013-10-17 16:37 . 2013-10-17 16:37 0 --sh--r- c:\windows\FFSSET.BIN

2013-10-17 16:37 . 2013-10-17 16:37 -------- d-----w- c:\program files\Reallusion

2013-10-17 16:36 . 2013-10-17 16:36 -------- d-----w- c:\documents and settings\Johan\Application Data\Reallusion

2013-10-17 16:25 . 2013-10-17 16:42 -------- d-----w- C:\Afbeelding

2013-10-17 15:31 . 2013-10-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\zeon

2013-10-17 15:30 . 2013-10-17 15:30 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2013-10-12 10:38 . 2013-10-12 10:38 -------- d-----r- c:\documents and settings\Johan\Application Data\Brother

2013-10-12 09:34 . 2013-10-12 09:34 -------- d-----w- c:\documents and settings\Johan\Application Data\FLEXnet

2013-10-12 09:29 . 2010-05-20 05:33 103792 ----a-w- c:\windows\system32\BRRBI100.EXE

2013-10-12 09:29 . 2010-03-15 16:20 50176 ----a-w- c:\windows\system32\BRPRTINK.DLL

2013-10-12 09:29 . 2012-06-05 06:59 25299 ----a-w- c:\windows\system32\BRLM03A.DLL

2013-10-12 09:29 . 2004-08-09 06:42 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL

2013-10-12 09:29 . 2013-10-12 09:30 -------- d-----w- c:\program files\Brother

2013-10-12 09:29 . 2012-09-10 14:31 245760 ------w- c:\windows\system32\NSSearch.dll

2013-10-12 09:29 . 2012-07-09 15:19 5120 ------w- c:\windows\system32\BrDctF2S.dll

2013-10-12 09:29 . 2010-03-15 17:45 73728 ------w- c:\windows\system32\BrDctF2.dll

2013-10-12 09:29 . 2007-12-13 20:16 5120 ------w- c:\windows\system32\BrDctF2L.dll

2013-10-12 09:29 . 2010-02-05 02:42 180224 ----a-w- c:\windows\system32\BROSNMP.DLL

2013-10-12 09:27 . 2013-10-13 07:08 -------- d-----w- c:\documents and settings\Johan\Application Data\Nuance

2013-10-12 09:26 . 2013-10-17 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft

2013-10-12 09:26 . 2013-11-01 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2013-10-12 09:26 . 2013-10-17 15:31 -------- d-----w- c:\program files\Nuance

2013-10-12 09:26 . 2013-10-12 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2013-10-10 18:36 . 2013-11-06 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\TorchCrashHandler

2013-10-10 18:35 . 2013-10-10 18:36 -------- d-----w- c:\documents and settings\Johan\Local Settings\Application Data\Torch

2013-10-10 06:14 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys

2013-10-10 06:14 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys

2013-10-10 06:14 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys

2013-10-10 06:12 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys

2013-10-10 06:12 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys

2013-10-10 06:12 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys

2013-10-10 06:12 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-09 18:53 . 2012-04-16 15:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-09 18:53 . 2011-05-17 14:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-23 18:25 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-09-23 18:25 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-09-23 18:25 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-09-23 18:25 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll

2013-09-23 18:07 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec

2013-08-29 07:01 . 2006-03-02 12:00 1878784 ----a-w- c:\windows\system32\win32k.sys

2013-08-09 01:56 . 2006-03-02 12:00 391168 ----a-w- c:\windows\system32\themeui.dll

2013-08-09 00:55 . 2006-03-02 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-08-09 00:55 . 2006-03-02 12:00 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-08-09 00:55 . 2006-03-02 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys

2008-01-25 16:35 . 2008-01-25 16:35 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe

2008-01-25 16:35 . 2008-01-25 16:34 2048 ----a-w- c:\program files\FLV PlayerRCATSetup.exe

2008-01-25 16:34 . 2008-01-25 16:34 133120 ----a-w- c:\program files\FLV PlayerRCSetup.exe

2013-07-07 17:36 . 2013-07-07 17:36 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Johan\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Johan\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Johan\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Johan\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 1211176]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]

"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2013-10-25 55360]

"gStart"="c:\program files\Garmin\gStart.exe" [2008-08-13 1891416]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"nwiz"="nwiz.exe" [2008-05-16 1630208]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]

"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-10 1828136]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]

"ExtraFilmManager"="c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" [2010-06-15 159744]

"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]

"D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]

"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]

"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]

"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Johan\Menu Start\Programma's\Opstarten\

Dropbox.lnk - c:\documents and settings\Johan\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

Spoon Sandbox Manager 3.24.lnk - c:\documents and settings\Johan\Local Settings\Application Data\Spoon\3.24.0.6\Spoon-Sandbox-Native.exe Startup [2012-1-24 232696]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

ScanPanel.lnk - c:\program files\ScanPanel\ScnPanel.exe [2008-1-26 1732608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"e:\\MY DOWNLOAD FILES\\3gp_player_setup films.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Documents and Settings\\Johan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Documents and Settings\\Johan\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=

"c:\\Program Files\\Brother\\Brmfl10g\\FAXRX.exe"=

"c:\\Program Files\\Raptr\\raptr.exe"=

"c:\\Program Files\\Raptr\\raptr_im.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1404000.028\symds.sys [14/06/2013 15:42 367704]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1404000.028\symefa.sys [14/06/2013 15:42 934488]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [6/11/2013 6:48 1096280]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1404000.028\ccsetx86.sys [14/06/2013 15:42 134744]

R1 NEOFLTR_650_15551;Juniper Networks TDI Filter Driver (NEOFLTR_650_15551);c:\windows\system32\drivers\NEOFLTR_650_15551.SYS [24/04/2011 18:47 85360]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1404000.028\ironx86.sys [14/06/2013 15:42 175264]

R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [29/11/2010 20:13 147456]

R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [6/11/2012 16:52 8704]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\20.4.0.40\ccsvchst.exe [14/06/2013 15:42 144368]

R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [26/03/2013 18:01 196624]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/02/2011 22:23 35088]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [8/03/2010 23:40 144672]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/03/2013 5:07 93072]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/10/2013 10:30 266240]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2013 9:01 108120]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131105.002\IDSXpx86.sys [6/11/2013 6:48 380824]

S2 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [6/11/2012 16:52 101376]

S2 gupdate1c9c0d8ca7cb36e;Google Update Service (gupdate1c9c0d8ca7cb36e);c:\program files\Google\Update\GoogleUpdate.exe [19/04/2009 11:22 133104]

S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\Johan\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [7/10/2013 16:46 1213280]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 18:14 33536]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29/11/2010 16:45 1684736]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-19 06:32 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 18:53]

.

2011-02-14 c:\windows\Tasks\expressripShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-02-11 18:49]

.

2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 10:22]

.

2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 10:22]

.

2013-11-02 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

2013-11-06 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

2013-11-06 c:\windows\Tasks\User_Feed_Synchronization-{16A16E66-BF52-4F59-84D6-2E4BB9DFFC77}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

------- Bijkomende Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Openen in PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

TCP: DhcpNameServer = 195.130.131.5 195.130.130.133

FF - ProfilePath - c:\documents and settings\Johan\Application Data\Mozilla\Firefox\Profiles\wnjmdj5p.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - ExtSQL: !HIDDEN! 2009-08-10 17:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-11-06 17:40

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2932)

c:\progra~1\Raptr\ltc_help32-77563.dll

c:\documents and settings\Johan\Application Data\Dropbox\bin\DropboxExt.19.dll

c:\windows\system32\wpdshext.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\Audiodev.dll

c:\windows\system32\WMVCore.DLL

c:\windows\system32\WMASF.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

.

Voltooingstijd: 2013-11-06 17:41:23

ComboFix-quarantined-files.txt 2013-11-06 16:41

ComboFix2.txt 2013-11-06 14:18

.

Pre-Run: 6.796.525.568 bytes beschikbaar

Post-Run: 6.785.421.312 bytes beschikbaar

.

- - End Of File - - 20A5532A800F43C38132C009AD7FB8C5

3051207086651214E435112E51817DC5

kape · 6 november 2013

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
Firefox::
FF - ProfilePath - c:\documents and settings\Johan\Application Data\Mozilla\Firefox\Profiles\wnjmdj5p.default\
FF - user.js: extentions.webcake.defaultEnableAppsList -

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

vancoillie johan · 6 november 2013

ComboFix 13-11-04.01 - Johan 06/11/2013 18:49:58.14.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3583.2658 [GMT 1:00]