een vast lopende trage pc

henk253 · 23 januari 2010

Inhoud van report eerst rest komt nog.

22:38:05:656 3896 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25

22:38:05:656 3896 ================================================================================

22:38:05:656 3896 SystemInfo:

22:38:05:656 3896 OS Version: 5.1.2600 ServicePack: 3.0

22:38:05:656 3896 Product type: Workstation

22:38:05:656 3896 ComputerName: CC752905-B

22:38:05:656 3896 UserName: henk

22:38:05:656 3896 Windows directory: C:\WINDOWS

22:38:05:656 3896 Processor architecture: Intel x86

22:38:05:656 3896 Number of processors: 1

22:38:05:656 3896 Page size: 0x1000

22:38:05:656 3896 Boot type: Normal boot

22:38:05:656 3896 ================================================================================

22:38:05:656 3896 UnloadDriverW: NtUnloadDriver error 2

22:38:05:656 3896 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

22:38:05:656 3896 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

22:38:05:796 3896 UtilityInit: KLMD drop and load success

22:38:05:796 3896 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)

22:38:05:796 3896 UtilityInit: KLMD open success

22:38:05:796 3896 UtilityInit: Initialize success

22:38:05:796 3896

22:38:05:796 3896 Scanning Services ...

22:38:05:796 3896 CreateRegParser: Registry parser init started

22:38:05:796 3896 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127

22:38:05:796 3896 CreateRegParser: DisableWow64Redirection error

22:38:05:796 3896 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

22:38:05:796 3896 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043

22:38:05:796 3896 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

22:38:05:796 3896 wfopen_ex: Trying to KLMD file open

22:38:05:796 3896 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system

22:38:05:796 3896 wfopen_ex: File opened ok (Flags 2)

22:38:05:796 3896 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 3B49C8

22:38:05:796 3896 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

22:38:05:796 3896 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043

22:38:05:796 3896 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

22:38:05:796 3896 wfopen_ex: Trying to KLMD file open

22:38:05:796 3896 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software

22:38:05:796 3896 wfopen_ex: File opened ok (Flags 2)

22:38:05:796 3896 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3B4A70

22:38:05:796 3896 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127

22:38:05:796 3896 CreateRegParser: EnableWow64Redirection error

22:38:05:796 3896 CreateRegParser: RegParser init completed

22:38:06:375 3896 GetAdvancedServicesInfo: Raw services enum returned 416 services

22:38:06:390 3896 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

22:38:06:390 3896 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

22:38:06:390 3896

22:38:06:390 3896 Scanning Kernel memory ...

22:38:06:390 3896 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

22:38:06:390 3896 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A44B2D0

22:38:06:390 3896 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects

22:38:06:390 3896

22:38:06:390 3896 DetectCureTDL3: DEVICE_OBJECT: 8A198570

22:38:06:390 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A198570

22:38:06:390 3896 KLMD_ReadMem: Trying to ReadMemory 0x8A198570[0x38]

22:38:06:390 3896 DetectCureTDL3: DRIVER_OBJECT: 8A44B2D0

22:38:06:390 3896 KLMD_ReadMem: Trying to ReadMemory 0x8A44B2D0[0xA8]

22:38:06:390 3896 KLMD_ReadMem: Trying to ReadMemory 0xE18C0040[0x18]

22:38:06:390 3896 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

22:38:06:390 3896 DetectCureTDL3: IrpHandler (0) addr: F764DBB0

22:38:06:390 3896 DetectCureTDL3: IrpHandler (1) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (2) addr: F764DBB0

22:38:06:390 3896 DetectCureTDL3: IrpHandler (3) addr: F7647D1F

22:38:06:390 3896 DetectCureTDL3: IrpHandler (4) addr: F7647D1F

22:38:06:390 3896 DetectCureTDL3: IrpHandler (5) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (6) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (7) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (8) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (9) addr: F76482E2

22:38:06:390 3896 DetectCureTDL3: IrpHandler (10) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (11) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (12) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (13) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (14) addr: F76483BB

22:38:06:390 3896 DetectCureTDL3: IrpHandler (15) addr: F764BF28

22:38:06:390 3896 DetectCureTDL3: IrpHandler (16) addr: F76482E2

22:38:06:390 3896 DetectCureTDL3: IrpHandler (17) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (18) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (19) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (20) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (21) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (22) addr: F7649C82

22:38:06:390 3896 DetectCureTDL3: IrpHandler (23) addr: F764E99E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (24) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (25) addr: 804FA87E

22:38:06:390 3896 DetectCureTDL3: IrpHandler (26) addr: 804FA87E

22:38:06:390 3896 TDL3_FileDetect: Processing driver: Disk

22:38:06:390 3896 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

22:38:06:390 3896 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

22:38:06:421 3896 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

22:38:06:421 3896

22:38:06:421 3896 DetectCureTDL3: DEVICE_OBJECT: 8A185030

22:38:06:421 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A185030

22:38:06:421 3896 DetectCureTDL3: DEVICE_OBJECT: 89EF4020

22:38:06:421 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89EF4020

22:38:06:421 3896 DetectCureTDL3: DEVICE_OBJECT: 8A077EA0

22:38:06:421 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A077EA0

22:38:06:421 3896 KLMD_ReadMem: Trying to ReadMemory 0x8A077EA0[0x38]

22:38:06:421 3896 DetectCureTDL3: DRIVER_OBJECT: 89EAB170

22:38:06:421 3896 KLMD_ReadMem: Trying to ReadMemory 0x89EAB170[0xA8]

22:38:06:421 3896 KLMD_ReadMem: Trying to ReadMemory 0xE1012200[0x1E]

22:38:06:421 3896 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

22:38:06:421 3896 DetectCureTDL3: IrpHandler (0) addr: F775C218

22:38:06:421 3896 DetectCureTDL3: IrpHandler (1) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (2) addr: F775C218

22:38:06:421 3896 DetectCureTDL3: IrpHandler (3) addr: F775C23C

22:38:06:421 3896 DetectCureTDL3: IrpHandler (4) addr: F775C23C

22:38:06:421 3896 DetectCureTDL3: IrpHandler (5) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (6) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (7) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (8) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (9) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (10) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (11) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (12) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (13) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (14) addr: F775C180

22:38:06:421 3896 DetectCureTDL3: IrpHandler (15) addr: F76188B4

22:38:06:421 3896 DetectCureTDL3: IrpHandler (16) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (17) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (18) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (19) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (20) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (21) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (22) addr: F775B5F0

22:38:06:421 3896 DetectCureTDL3: IrpHandler (23) addr: F7759A6E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (24) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (25) addr: 804FA87E

22:38:06:421 3896 DetectCureTDL3: IrpHandler (26) addr: 804FA87E

22:38:06:421 3896 KLMD_ReadMem: Trying to ReadMemory 0xF7758F26[0x400]

22:38:06:421 3896 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

22:38:06:421 3896 TDL3_FileDetect: Processing driver: USBSTOR

22:38:06:421 3896 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:38:06:421 3896 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:38:06:437 3896 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

22:38:06:437 3896

22:38:06:437 3896 DetectCureTDL3: DEVICE_OBJECT: 8A409528

22:38:06:437 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A409528

22:38:06:437 3896 KLMD_ReadMem: Trying to ReadMemory 0x8A409528[0x38]

22:38:06:437 3896 DetectCureTDL3: DRIVER_OBJECT: 8A44B2D0

22:38:06:437 3896 KLMD_ReadMem: Trying to ReadMemory 0x8A44B2D0[0xA8]

22:38:06:437 3896 KLMD_ReadMem: Trying to ReadMemory 0xE18C0040[0x18]

22:38:06:437 3896 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

22:38:06:437 3896 DetectCureTDL3: IrpHandler (0) addr: F764DBB0

22:38:06:437 3896 DetectCureTDL3: IrpHandler (1) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (2) addr: F764DBB0

22:38:06:437 3896 DetectCureTDL3: IrpHandler (3) addr: F7647D1F

22:38:06:437 3896 DetectCureTDL3: IrpHandler (4) addr: F7647D1F

22:38:06:437 3896 DetectCureTDL3: IrpHandler (5) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (6) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (7) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (8) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (9) addr: F76482E2

22:38:06:437 3896 DetectCureTDL3: IrpHandler (10) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (11) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (12) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (13) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (14) addr: F76483BB

22:38:06:437 3896 DetectCureTDL3: IrpHandler (15) addr: F764BF28

22:38:06:437 3896 DetectCureTDL3: IrpHandler (16) addr: F76482E2

22:38:06:437 3896 DetectCureTDL3: IrpHandler (17) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (18) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (19) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (20) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (21) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (22) addr: F7649C82

22:38:06:437 3896 DetectCureTDL3: IrpHandler (23) addr: F764E99E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (24) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (25) addr: 804FA87E

22:38:06:437 3896 DetectCureTDL3: IrpHandler (26) addr: 804FA87E

22:38:06:437 3896 TDL3_FileDetect: Processing driver: Disk

22:38:06:437 3896 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

22:38:06:437 3896 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

22:38:06:437 3896 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

22:38:06:437 3896

22:38:06:437 3896 DetectCureTDL3: DEVICE_OBJECT: 8A3BEAB8

22:38:06:437 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3BEAB8

22:38:06:437 3896 DetectCureTDL3: DEVICE_OBJECT: 8A479858

22:38:06:437 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A479858

22:38:06:437 3896 DetectCureTDL3: DEVICE_OBJECT: 8A417F18

22:38:06:437 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A417F18

22:38:06:437 3896 DetectCureTDL3: DEVICE_OBJECT: 8A449940

22:38:06:437 3896 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A449940

22:38:06:437 3896 KLMD_ReadMem: Trying to ReadMemory 0x8A449940[0x38]

22:38:06:453 3896 DetectCureTDL3: DRIVER_OBJECT: 8A47EE18

22:38:06:453 3896 KLMD_ReadMem: Trying to ReadMemory 0x8A47EE18[0xA8]

22:38:06:453 3896 KLMD_ReadMem: Trying to ReadMemory 0xE1012E70[0x1A]

22:38:06:453 3896 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

22:38:06:453 3896 DetectCureTDL3: IrpHandler (0) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (1) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (2) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (3) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (4) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (5) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (6) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (7) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (8) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (9) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (10) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (11) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (12) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (13) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (14) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (15) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (16) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (17) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (18) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (19) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (20) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (21) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (22) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (23) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (24) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (25) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: IrpHandler (26) addr: 8A1DBD00

22:38:06:453 3896 DetectCureTDL3: All IRP handlers pointed to one addr: 8A1DBD00

22:38:06:453 3896 KLMD_ReadMem: Trying to ReadMemory 0x8A1DBD00[0x400]

22:38:06:453 3896 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0

22:38:06:453 3896 KLMD_ReadMem: Trying to ReadMemory 0xF747F864[0x400]

22:38:06:453 3896 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

22:38:06:453 3896 TDL3_FileDetect: Processing driver: atapi

22:38:06:453 3896 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

22:38:06:453 3896 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

22:38:06:500 3896 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean

22:38:06:500 3896

22:38:06:500 3896 Completed

22:38:06:500 3896

22:38:06:500 3896 Results:

22:38:06:500 3896 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

22:38:06:500 3896 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

22:38:06:500 3896 File objects infected / cured / cured on reboot: 0 / 0 / 0

22:38:06:500 3896

22:38:06:500 3896 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

22:38:06:500 3896 UtilityDeinit: KLMD(ARK) unloaded successfully

ComboFix 10-01-23.02 - henk 23-01-2010 23:06:49.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.1050 [GMT 1:00]

Gestart vanuit: c:\documents and settings\henk\Bureaublad\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Aanwezig AV is actief

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-23 to 2010-01-23 ))))))))))))))))))))))))))))))

.

2010-01-23 21:47 . 2010-01-23 21:47 -------- d--h--r- c:\documents and settings\henk\Onlangs geopend

2010-01-20 20:24 . 2010-01-20 20:24 52224 ----a-w- c:\documents and settings\henk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-07 20:58 . 2010-01-07 20:58 -------- d-----w- c:\program files\Alwil Software

2010-01-07 20:04 . 2010-01-07 20:04 -------- d-----w- c:\documents and settings\henk\Application Data\Agics

2010-01-04 22:54 . 2009-10-17 19:27 3101560 ----a-w- c:\documents and settings\henk\Application Data\Simply Super Software\Trojan Remover\pns1A8.exe

2010-01-04 22:49 . 2010-01-04 22:49 -------- d-----w- c:\program files\Little Shop of Treasures 2 Deluxe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-23 22:16 . 2008-01-10 13:30 -------- d-----w- c:\program files\SPAMfighter

2010-01-23 21:58 . 2007-01-07 13:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-23 21:58 . 2008-09-06 01:03 -------- d-----w- c:\program files\Spyware Doctor

2010-01-23 21:19 . 2004-01-28 22:14 -------- d-----w- c:\documents and settings\henk\Application Data\MailWasher

2010-01-23 13:52 . 2008-10-02 21:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore

2010-01-22 15:34 . 2008-12-27 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-21 21:06 . 2007-04-02 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-21 18:25 . 2004-01-28 18:36 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-21 13:39 . 2009-05-13 13:30 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-01-21 13:38 . 2009-08-15 12:11 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 20:23 . 2009-05-13 13:32 117760 -c--a-w- c:\documents and settings\henk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-20 18:04 . 2009-08-16 13:11 228 ----a-w- c:\windows\system32\edacded0.dat

2010-01-07 20:27 . 2009-02-01 21:58 5061520 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-07 20:23 . 2004-01-28 19:33 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-07 20:01 . 2009-12-19 10:57 -------- d-----w- c:\program files\Agics

2010-01-07 19:53 . 2009-08-18 18:00 -------- d-----w- c:\program files\Zylom Games

2010-01-07 19:52 . 2008-02-26 23:26 -------- d-----w- c:\program files\Setup Files

2010-01-07 19:39 . 2005-04-02 23:10 -------- d-----w- c:\program files\Google

2010-01-07 19:36 . 2009-10-30 21:16 -------- d-----w- c:\program files\CPUID

2010-01-07 19:27 . 2009-10-25 16:25 2560 -c--a-w- c:\windows\_MSRSTRT.EXE

2010-01-07 19:17 . 2009-07-20 14:53 13896 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-01-07 15:07 . 2008-12-27 18:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 15:07 . 2008-12-27 18:19 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 19:48 . 2006-09-17 11:33 -------- d-----w- c:\program files\Winamp

2010-01-04 22:02 . 2004-01-29 17:00 142 -c--a-w- c:\windows\popcinfo.dat

2009-12-22 10:30 . 2009-12-22 10:30 -------- d-----w- c:\program files\Trend Micro

2009-12-05 15:53 . 2008-08-12 14:56 -------- d-----w- c:\documents and settings\henk\Application Data\Vso

2009-12-05 14:23 . 2008-09-12 16:50 -------- d-----w- c:\program files\MSI

2009-12-05 13:16 . 2008-02-27 00:21 -------- d-----w- c:\program files\ATI Technologies

2009-12-05 13:15 . 2009-12-05 13:15 -------- d-----w- c:\program files\ATI

2009-12-03 14:44 . 2008-04-29 14:40 -------- d-----w- c:\program files\TomTom HOME 2

2009-12-02 13:03 . 2009-08-23 20:23 -------- d-----w- c:\program files\McAfee

2009-11-21 16:03 . 2003-04-08 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-19 21:49 . 2009-11-19 21:49 8183744 -c----w- c:\documents and settings\henk\Application Data\Azureus\tmp\AZU4797435761292473964.tmp\Vuze_4.3.0.2_win32.exe

2009-11-10 20:45 . 2009-11-10 20:45 93360 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-06 22:16 . 2008-04-21 14:46 138056 -c--a-w- c:\documents and settings\henk\Application Data\PnkBstrK.sys

2009-11-06 22:16 . 2008-04-21 14:46 189248 -c--a-w- c:\windows\system32\PnkBstrB.exe

2009-11-04 14:21 . 2009-11-04 14:21 152576 -c--a-w- c:\documents and settings\henk\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-10-31 16:22 . 2009-10-31 16:22 152576 -c--a-w- c:\documents and settings\henk\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

2009-10-11 13:53 . 2008-10-18 13:09 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2006-09-23 12:39 . 2006-09-23 12:39 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-25 13:03 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 09:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-10-11 13:53 30192 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-09-24 01:24 282624 -c--a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]

2008-08-29 16:27 143360 -c--a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [4-1-2005 14:26 9344]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19-8-2009 16:28 207280]

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [15-12-2005 12:46 159616]

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [15-12-2005 12:46 5248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 10:33 9968]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [28-4-2009 10:33 74480]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [31-5-2008 15:22 141312]

R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [28-1-2004 23:36 22528]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23-8-2009 21:27 206112]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12-3-2009 9:44 184968]

R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [19-10-2004 22:07 20160]

R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [11-11-2009 20:22 252416]

R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [11-11-2009 20:22 398720]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18-10-2008 14:09 30192]

S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [5-12-2009 15:23 18432]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 10:33 7408]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19-8-2009 16:26 358600]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [13-7-2006 20:28 223128]

S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [4-1-2005 14:26 389504]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-7-2006 20:19 642560]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

2010-01-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 13:51]

2010-01-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-23 10:22]

2010-01-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-23 10:22]

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{633B164B-EBDB-456D-BE2C-EDA5271908B4}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = proxy:8080

uInternet Settings,ProxyOverride = <local>

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}

Trusted Zone: com.tw\asia.msi

Trusted Zone: ziggo.nl\thuishelp

FF - ProfilePath - c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\henk\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npirsviewer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmidas.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-23 23:18

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A419008]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28

\Driver\ACPI -> ACPI.sys @ 0xf7566cb8

\Driver\atapi -> 0x8a419008

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

NDIS: -> SendCompleteHandler -> 0x0

PacketIndicateHandler -> 0x0

SendHandler -> 0x0

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-854245398-484061587-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(716)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1868)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\windows\system32\HPZipm12.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\wscntfy.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Voltooingstijd: 2010-01-23 23:24:24 - machine werd herstart

ComboFix-quarantined-files.txt 2010-01-23 22:24

ComboFix2.txt 2010-01-23 13:35

Pre-Run: 80.038.928.384 bytes beschikbaar

Post-Run: 80.032.186.368 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=,1,2,3

- - End Of File - - 4E4731C601DBDCBD3CC31F2C8E31D2AF

23 januari 2010 aangepast door henk253

kape · 24 januari 2010

En hoe staat het nu met het vastlopen ?

henk253 · 24 januari 2010

Hallo Kape

Pc gaat al wat beter maar nog niet geheel.

Hoe zagen de laatste logjes er uit zat er nog wat.

Geef je even wat voorbeelden bij wat hij nu gaat vastlopen even.

Als ik een paar paint tekeningen verwijder naar de prullebak dan loopt het beeld vast voor +/- 2 min, Dan beweegt muis wel maar niks reageerd op de muis klikken.

doe ik crtl-alt-del dan zie je cpu op 100% en daarna is het weer beter.

Bij het programma Mailwasher 2.0 als ik mail verwijder(veel van klusforum) dan loopt het beeld ook vast.

Dan crtl-alt-del maar dan geeft cpu 0 %.

Ook zag ik als op achter grond online bingo spelletje doe dus mee draaid en ik zit op het klusforum en ik wil een afbeelding uploaden naar het forum dan is hij zo traag met openen maar het versturen gaat dan wel weer goed.

Ik wou je tot nu toe bedanken voor je snelle handellingen klasse

kape · 25 januari 2010

Download RootkitRevealer.

Unzip het en dubbelklik op RootkitRevealer.exe.

Wacht een 10 - 15 seconden en klik dan op de scan-knop.

Tijdens de scan doe je niets op de computer. Wacht tot RootkitRevealer klaar is.

Wanneer het tooltje klaar is ga je naar 'File' en kies je voor 'Save'.

Het log van RootkitRevealer wordt nu opgeslagen.

Post de inhoud van dit logje.

25 januari 2010 aangepast door kape
Link gewijzigd

henk253 · 25 januari 2010

Content not found

wil niet kan hem niet vinden

ik heb via google wel iets gevonden mag die ook

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

25 januari 2010 aangepast door henk253

kape · 25 januari 2010

Content not found
wil niet kan hem niet vinden

Nieuw linkje toegevoegd. Zou nu moeten werken !

henk253 · 25 januari 2010

ik heb een scan gedaan heb hem op geslagen maar vind hem steeds nergens terug als ik hem in mijn dokumenten zet staat het daar als ik het op sla,

ga ik er naar toe staat het er niet.

je kan het ook niet selecteren en dan kopieren

heb wat via een omweg wat geprobeerd weet niet als je er wat aan hebt anders moet ik na je aan wijzing maar op nieuw scannen.

HKU\S-1-5-21-854245398-484061587-839522115-1004\Console 23-1-2010 23:24 0 bytes Security mismatch.

HKLM\SECURITY\Policy\Secrets\SAC* 28-1-2004 16:49 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 28-1-2004 16:49 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Classes\blue.Shortcut\ 4-1-2005 14:01 15 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Classes\blue.Shortcut\shell\open\command\ 4-1-2005 14:01 15 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Classes\blue.VCRInfo\ 4-1-2005 14:02 27 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Classes\blue.VCRInfo\shell\open\command\ 4-1-2005 14:02 15 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\SchedulingAgent\LastTaskRun 25-1-2010 14:14 16 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\PCTools\Spyware Doctor\AUXSVCSTAT 25-1-2010 14:18 44 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Swearware\backup\winsock2 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029 23-1-2010 14:06 0 bytes Security mismatch.

HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40 5-2-2006 11:37 0 bytes Hidden from Windows API.

C:\Documents and Settings\henk\Cookies\henk@pc-helpforum[1].txt 25-1-2010 15:14 733 bytes Hidden from Windows API.

C:\Documents and Settings\henk\Cookies\henk@pc-helpforum[2].txt 25-1-2010 14:14 830 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\henk\Cookies\henk@www.pc-helpforum[1].txt 25-1-2010 15:14 87 bytes Hidden from Windows API.

C:\Documents and Settings\henk\Cookies\henk@www.pc-helpforum[2].txt 25-1-2010 14:09 87 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\henk\Local Settings\Temporary Internet Files\Content.IE5\H70LDAS9\aff_frame[1].htm 25-1-2010 14:14 519 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\henk\Local Settings\Temporary Internet Files\Content.IE5\Y4O03EQL\aff_frame[1].htm 25-1-2010 15:37 519 bytes Hidden from Windows API.

C:\Program Files\Spyware Doctor\avdb\201001251340\vscanmsx.dat 25-1-2010 14:27 2.02 KB Hidden from Windows API.

C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 14-10-2009 13:43 252.00 KB Visible in Windows API, but not in MFT or directory index.

C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 14-10-2009 13:43 111.00 KB Visible in Windows API, but not in MFT or directory index.

C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll 14-10-2009 13:43 8.00 KB Visible in Windows API, but not in MFT or directory index.

25 januari 2010 aangepast door henk253

kape · 25 januari 2010

Download GMER Rootkit detector

Bewaar het op een veilige plaats en pak het uit naar je bureaublad
Verbreek je internetverbinding en sluit ALLE programma's
Er is een kleine kans dat tijdens het runnen van deze applicatie de computer uitvalt, dus zorg dat je al je werk hebt opgeslagen
Dubbelklik gmer.exe en selecteer de “rootkit tab” > klik “scan”
Als je een waarschuwing krijgt over "rootkitactiviteiten" en als er wordt gevraagd om toestemming voor de scan geef OK
Klik rootkit tab en klik scan
als het scannen klaar is klik je copy
Open notepad en copy/paste de tekst
Herstel je internetverbinding en post de tekst in je volgende antwoord.

Plaats de uitslag van Gmer aub.

henk253 · 26 januari 2010

Hallo Kape,

Nu heb ik veel problemen als ik het programma GMER Rootkit detector download en daarna al Gmer.exe dan helemaal.ik geef je een overzicht wat de pc zoal deed en niet deed.

---------------------------------------------------------------------------------

l GMER Rootkit detector gedownload in een tijdelijke map deze met winrar unzip naar bureaublad, maar dat wou niet open.

internetafgesloten

Beeld stond weer vast, crtl-alt-del werkte ook niet

Pc brande geen roodlampje

Herstarten.

----------------------------

Gmer.exe gestart loopt vast, crtl-alt-del werkte ook niet

Gmer.exe- toepassingfout

De instructie op 0x0045c887 verwijst naar geheugen op 0x00000008

De lees en schrijfbewerking("read") op het geheugen is mislukt

OK uit schakelen/ anuleren fouten op sporen

Op anuleren geklikt verder gebeurde niks.

---------------------------------------------------------------------------------

Klik op gmer.zip

loopt pc weer vast en unzip wil ook weer niet.

Blauwscherm op eens

Er is een probleem gevonden, windows is afgesloten om schade te voorkomen.

Een voor de werking van het systeem onmisbaar proses of thread is onverwacht afgesloten of afgebroken.

***stop: 0x000000F4 (0x00000003,08a151490,0x8a151604,0x805fb066)

-------------------------------------------------------------------------------

Op gestart na op starten pc weer vast zandlopertje op taak balk draaid al 5 min rode lampje knipperd pc af en toe.

Pc weer opgestart

Muis staat in het midden gewoon weer vast

Stroom er af gezet en weer opgestart

Bestand systeem op C word gecontroleerd

CHKDSK is bezig controleren bestanden

CHKDSK is bezig controleren van indexen

Muis is weer oke

gmer.exe , gmer.zip verwijderd

AFT cleanerxp

AFT cleaner fire fox

en pc draaid weer normaal

kape · 26 januari 2010

Theoretisch is er (volgens ComboFix) nog steeds de aanduiding van een potentiële Rootkit-infectie op je PC ... al komt er geen duidelijke aanduiding te voorschijn. Dus ben niet helemaal overtuigd van de juistheid van deze melding. Is ook geen gemakkelijk geval

Laat je PC eens even gewoon verder functioneren in zijn huidige toestand ... en bekijk eens of er zich nog werkingsproblemen voordoen. Zo komen we misschien - in de praktijk - te weten of deze melding ook werkelijk invloed heeft op je PC ? Zo speel je een beetje "proefkonijn"

Mochten er zich opvallende zaken voordoen, laat het dan meteen weten aub ? Ook indien alles probleemloos verloopt, horen we dat uiteraard graag.

Inloggen

een vast lopende trage pc

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie