zeer trage opstart pc

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\ctredr15.sys

c:\windows\system32\drivers\ctredrv.sys

c:\windows\system32\Adobe\Shockwave 11\nssstub.exe

c:\windows\Tasks\NSSstub.job

Driver::

ctredrv.sys

ctredr15.sys

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-

[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{7C5C0F58-E061-457D-9033-77307F5ED00C}"=-

[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[jean&nancy]

ComboFix 10-04-14.04 - Jean Soenen 15/04/2010 19:15:52.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1014.416 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Nancy Demets\Mijn documenten\Mijn ontvangen bestanden\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Jean Soenen\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::

"c:\windows\system32\Adobe\Shockwave 11\nssstub.exe"

"c:\windows\system32\drivers\ctredr15.sys"

"c:\windows\system32\drivers\ctredrv.sys"

"c:\windows\Tasks\NSSstub.job"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Jean Soenen\Onlangs geopend\Thumbs.db

c:\windows\system32\Adobe\Shockwave 11\nssstub.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CTREDR15.SYS

-------\Legacy_CTREDRV.SYS

-------\Service_ctredr15.sys

-------\Service_ctredrv.sys

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-15 to 2010-04-15 ))))))))))))))))))))))))))))))

.

2010-04-07 14:07 . 2010-04-07 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-15 13:22 . 2010-02-09 17:10 -------- d-----w- c:\program files\SwiftKit

2010-04-15 13:13 . 2009-11-02 14:19 75 ----a-w- c:\documents and settings\Kevin Soenen\jagex_runescape_preferences2.dat

2010-04-15 11:26 . 2008-07-04 07:18 69 ----a-w- c:\documents and settings\Kevin Soenen\jagex_runescape_preferences.dat

2010-04-15 11:05 . 2006-11-14 16:06 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-14 08:54 . 2009-11-01 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-04-11 18:41 . 2006-07-29 19:44 -------- d-----w- c:\program files\Java

2010-04-11 18:38 . 2010-04-11 18:38 79488 ----a-w- c:\documents and settings\Kevin Soenen\Application Data\Sun\Java\jre1.6.0_19\gtapi.dll

2010-04-11 18:21 . 2007-08-03 20:27 -------- d-----w- c:\program files\SwiftSwitch

2010-04-10 19:48 . 2010-03-07 09:22 439816 ----a-w- c:\documents and settings\Kevin Soenen\Application Data\Real\Update\setup3.10\setup.exe

2010-04-10 12:34 . 2006-07-29 19:44 -------- d-----w- c:\program files\Google

2010-04-10 11:12 . 2008-12-18 13:32 -------- d-----w- c:\program files\BitLord

2010-04-10 09:11 . 2010-02-02 09:11 0 ----a-w- c:\documents and settings\Jean Soenen\Local Settings\Application Data\prvlcl.dat

2010-04-10 06:23 . 2008-06-11 16:39 106824 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-04-10 06:23 . 2006-07-29 12:27 8224 -c--a-w- c:\documents and settings\Nancy Demets\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-09 14:32 . 2008-05-30 14:36 -------- d-----w- c:\documents and settings\Kevin Soenen\Application Data\Azureus

2010-04-08 06:39 . 2010-04-08 06:39 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-04-07 13:52 . 2007-02-05 19:04 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-07 13:50 . 2010-04-07 13:50 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

2010-04-07 12:06 . 2010-04-07 12:06 439816 ----a-w- c:\documents and settings\Yaro Soenen\Application Data\Real\Update\setup3.10\setup.exe

2010-04-03 07:25 . 2010-04-03 07:25 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-04-03 07:25 . 2010-04-03 07:25 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-04-03 07:25 . 2010-04-03 07:25 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-04-03 07:25 . 2010-04-03 07:25 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-03-28 17:51 . 2004-09-08 11:27 95562 ----a-w- c:\windows\system32\perfc013.dat

2010-03-28 17:51 . 2004-09-08 11:27 519492 ----a-w- c:\windows\system32\perfh013.dat

2010-03-25 09:27 . 2010-03-25 09:27 439816 ----a-w- c:\documents and settings\Jean Soenen\Application Data\Real\Update\setup3.10\setup.exe

2010-03-24 16:36 . 2010-03-24 16:36 0 ----a-w- c:\documents and settings\Kevin Soenen\jagex__preferences3.dat

2010-03-21 10:15 . 2010-03-21 10:15 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-03-21 10:10 . 2010-03-21 10:10 -------- d-----w- c:\program files\Common Files\L&H

2010-03-21 10:10 . 2007-05-06 16:04 -------- d-----w- c:\program files\Windows Messaging

2010-03-16 16:56 . 2010-03-16 16:56 -------- d-----w- c:\documents and settings\Jean Soenen\Application Data\Malwarebytes

2010-03-14 12:37 . 2008-03-28 15:57 -------- d-----w- c:\program files\Azureus

2010-03-14 12:36 . 2010-03-14 12:36 -------- d-----w- c:\program files\Vuze_Remote

2010-03-14 12:28 . 2010-03-14 12:20 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-03-13 11:27 . 2010-03-13 11:27 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-03-13 11:27 . 2010-03-13 11:27 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-03-13 11:27 . 2010-03-13 11:27 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

2010-03-13 11:26 . 2009-11-01 08:58 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-13 11:26 . 2010-03-13 11:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-13 11:26 . 2009-11-01 08:58 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-13 11:25 . 2009-11-01 08:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-10 18:00 . 2010-03-14 12:20 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-03-09 02:28 . 2008-12-15 11:15 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-07 18:45 . 2006-07-29 13:16 -------- d-----w- c:\documents and settings\Kevin Soenen\Application Data\Apple Computer

2010-02-28 18:49 . 2010-02-28 18:49 -------- d-----w- c:\documents and settings\Kevin Soenen\Application Data\Uniblue

2010-02-28 18:49 . 2010-02-28 18:49 -------- d-----w- c:\program files\Uniblue

2010-02-25 06:20 . 2004-08-04 08:00 916480 ------w- c:\windows\system32\wininet.dll

2010-02-20 13:15 . 2010-02-20 13:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2010-02-20 11:15 . 2006-07-29 12:53 -------- d-----w- c:\documents and settings\Jean Soenen\Application Data\Apple Computer

2010-02-15 18:15 . 2010-02-15 18:15 -------- d-----w- c:\program files\MoparScape

2010-02-12 10:03 . 2010-02-26 18:19 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-10 17:13 . 2010-03-14 12:20 165376 ----a-w- c:\windows\system32\unrar.dll

2010-02-07 13:51 . 2010-02-07 13:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-02-06 16:44 . 2009-12-05 10:48 79488 ----a-w- c:\documents and settings\Kevin Soenen\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-06 16:27 . 2009-12-05 10:24 79488 ----a-w- c:\documents and settings\Jean Soenen\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-27 16:13 . 2010-01-27 16:13 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

2010-01-24 12:02 . 2010-01-24 10:33 69 ----a-w- c:\documents and settings\Nancy Demets\jagex_runescape_preferences2.dat

2010-01-24 12:02 . 2010-01-24 10:32 39 ----a-w- c:\documents and settings\Nancy Demets\jagex_runescape_preferences.dat

2006-09-15 20:24 . 2006-09-15 20:24 22 -csha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-02-23 12:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-16 251264]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-08 61952]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]

"ExtraFilmHemmaAgent"="c:\program files\ExtraFilm PhotoAssistant\Agent.exe" [2007-11-05 323584]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]

"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]

"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-10-17 2323680]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-28 198160]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Nancy Demets\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597]

HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-8-12 44176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-13 11:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\StubInstaller.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7356:TCP"= 7356:TCP:BitComet 7356 TCP

"7356:UDP"= 7356:UDP:BitComet 7356 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/11/2009 10:58 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/11/2009 10:58 242696]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13/03/2010 13:26 308064]

S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?]

S2 gupdate1c9f7cef0a66972;Google Updateservice (gupdate1c9f7cef0a66972);c:\program files\Google\Update\GoogleUpdate.exe [28/06/2009 11:00 133104]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 20:14 33536]

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [18/04/2008 3:55 17280]

.

Inhoud van de 'Gedeelde Taken' map

2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 09:00]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 09:00]

2010-04-02 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-15 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{0E0011BA-CF2E-4EAF-B21A-35E141914D19}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{13D994C3-94FC-4254-91E6-3743FA3863EC}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{FD8A58AE-A5A4-4D91-AC24-97D25283B2CB}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

.

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)

WebBrowser-{F592709F-FF4A-4862-B659-4AFABDA56312} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-04-15 19:38

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{28E9A2DF-E65E-D85A-85759F1A85229B2E}\{8098DB1F-177D-3A31-208A24FCBB357FA9}\{15CEB269-F259-C879-5DE6F8EB9C542703}*]

"CE4J2XQRGMR1PZTVDBUFMHVOGA1"=hex:01,00,01,00,00,00,00,00,cc,fe,5c,3b,ff,b3,38,

11,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,06,48,3c,

f0,8d,54,88,a2,e2,b5,bd,3b,d5,a9,f2,3f,03,50,1e,eb,c2,8a,1f,b4,70,92,15,d5,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{512F71DC-3CBC-2B47-1A3BBA2110007DA7}\{3581E3EE-9609-7F22-508FFD480F192236}\{AD70F944-B806-2E49-AC620EB899FA98F6}*]

"ICNI5VY1JTL2UXKQCRTPNVJUTD1"=hex:01,00,01,00,00,00,00,00,f5,7a,de,ba,99,33,75,

a0,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(876)

c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(1828)

c:\windows\system32\msls31.dll

c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL

c:\program files\IncrediMail\bin\B4ImApp.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\WgaTray.exe

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE

c:\program files\IncrediMail\bin\IMApp.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2010-04-15 19:50:47 - machine werd herstart

ComboFix-quarantined-files.txt 2010-04-15 17:50

ComboFix2.txt 2010-04-14 11:08

ComboFix3.txt 2009-08-02 07:16

Pre-Run: 18.747.719.680 bytes beschikbaar

Post-Run: 18.830.778.368 bytes beschikbaar

- - End Of File - - 7D4DF6534B6E69C4D5E88FA7626C5823

[kape]

Hoe staat het nu met het opstarten ?

[jean&nancy]

hoi kape,

het is al wat beter maar nog niet zoals vroeger; hij blijft ook nog hangen/vastzitten als wij hem een paar minuten (30 min) niet gebruiken ; daarnet kon ik ook niet op internet en heb ik het via incredimail moeten doen en de link via uw mail moeten volgen).

mvg

Nancy

[kape]

Download Findykill en laat dit programma runnen. Kies voor de optie 1 en plaats dan het logje in je volgende bericht.

[jean&nancy]

Hallo kape,

ik heb volgend logbericht van Findykill. Als ik het goed begrijp vindt hij geen virussen. Is dat correct? Ik heb office2007 van Piratebay gedownload omdat mijn zoon access nodig heeft voor in school. (dit programma werkt wel niet goed want hij vraagt voortdurend correcte sleutels) en Photoshop. De computer is beginnen traag te werken na deze download.

Ik hoop dat U vindt wat er met mijn pc scheelt. Want deze avond duurde het weer een half uur vooraleer al mijn iconen geïnstalleerd waren op mijn pc en ik internetverbinding kreeg.

vele groeten

Nancy

----------------- FindyKill V4.005 ------------------

* User : Nancy Demets - YOUR-FFACC82D80

* Emplacement : C:\Program Files\FindyKill

* Outils Mis a jours le 17/10/08 par Chiquitine29

* Recherche effectuée à 20:23:52 le vr 16/04/2010

* Windows XP - Internet Explorer 8.0.6001.18702

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Oxigen\bin\Oxigen.exe

C:\Program Files\Oxigen\bin\OxiTray.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\AVG\AVG9\avgui.exe

C:\Program Files\AVG\AVG9\avgcmgr.exe

C:\Program Files\IncrediMail\bin\ImNotfy.exe

C:\WINDOWS\system32\wuauclt.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Present ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\Nancy Demets\Application Data

»»»» Presence des fichiers dans C:\DOCUME~1\NANCYD~1\LOCALS~1\Temp

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe

igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe

igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe

High Definition Audio Property Page Shortcut REG_SZ CHDAudPropShortcut.exe

HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

eabconfg.cpl REG_SZ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe

RecGuard REG_SZ C:\Windows\SMINST\RecGuard.exe

DXM6Patch_981116 REG_SZ C:\WINDOWS\p_981116.exe /Q:A

Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

ExtraFilmHemmaAgent REG_SZ "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"

AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

OxigenClientAdmin REG_SZ "C:\Program Files\Oxigen\bin\Oxigen.exe"

OxigenTrayIcon REG_SZ "C:\Program Files\Oxigen\bin\OxiTray.exe"

NokiaMServer REG_SZ C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

Nokia FastStart REG_SZ "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

beid REG_SZ "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime

iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 Demande=3 Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - vast station

D: - vast station

+- presence des fichiers :

Présent ! - D:\info.exe

--------------- [ Registre / Moutpoint2 ] ----------------

-> Recherche négative.

------------------- ! Fin du rapport ! --------------------

[kape]

Dan mag je dit programma opnieuw laten scannen, maar nu met optie 2.

Is die (illegale) download al lang geleden ?

[jean&nancy]

Hallo kape,

die download van photoshop was van vorige week; ik dacht dat die legaal was; die andere van access was een drietal weken geleden.

ik laat nu de computer terug scannen met optie 2.

Mvg

Nancy

[jean&nancy]

hallo kape,

ik bekwam geen logbestand van die tweede scan met findykill. Er kwam enkel melding :"bedankt om het programma te gebruiken" . Hebben wij de scan correct gedaan ?

Incredimail werkt nog niet zo goed; ook blijft de computer soms nog blokkeren; het opstarten gaat wel al vlotter; dus dat is al een verbetering, waarvoor dank.

mvg

Nancy

[kape]

Download Dr.Web CureIt en sla het op je bureaublad op.

• Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
  Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
  
• De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
  
• Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
  
• Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
  
  • 
    
  • Adware: Verplaats
    
  • Dialers: Verplaats
    
  • Jokes: Rapportage
    
  • Riskware: Rapportage
    
  • Hacktools: Verplaats
    
  • Haal dan het vinkje weg bij 'Prompt bij actie'.
    

  [*]Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.

  Druk vervolgens op Toepassen gevolgd door OK.

  [*]Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.

  Druk daarna op het groene pijltje (start knop) om de scan te starten.

  [*]Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.

  [*]Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.

  Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.

  [*]Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

  [*]Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.